Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs

windows/deploy/TOC.md

@@ -5,12 +5,17 @@
 ### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
 ### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
 ### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
+#### [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md)
 ### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-#### [Prepare your environment](upgrade-analytics-prepare-your-environment.md)
-#### [Resolve application and driver issues](upgrade-analytics-resolve-issues.md)
-#### [Deploy Windows](upgrade-analytics-deploy-windows.md)
-#### [Review site discovery](upgrade-analytics-review-site-discovery.md)
+#### [Upgrade overview](upgrade-analytics-upgrade-overview.md)
+#### [Step 1: Identify apps](upgrade-analytics-identify-apps.md)
+#### [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md)
+#### [Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md)
+#### [Additional insights](upgrade-analytics-additional-insights.md)
 ### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
+## [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
+### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
 ## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
 ### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
 #### [Key features in MDT 2013 Update 2](key-features-in-mdt-2013.md)
@@ -50,8 +55,17 @@
 ## [Windows 10 upgrade paths](windows-10-upgrade-paths.md)
 ## [Windows 10 edition upgrade](windows-10-edition-upgrades.md)
 ## [Provisioning packages for Windows 10](provisioning-packages.md)
-### [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
-### [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
+### [How provisioning works in Windows 10](provisioning-how-it-works.md)
+### [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+### [Create a provisioning package](provisioning-create-package.md)
+### [Apply a provisioning package](provisioning-apply-package.md)
+### [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+### [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+### [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+### [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+### [NFC-based device provisioning](provisioning-nfc.md)
+### [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+### [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 ## [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
 ## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md)
 ## [Sideload apps in Windows 10](sideload-apps-in-windows-10.md)

windows/deploy/change-history-for-deploy-windows-10.md

@@ -11,6 +11,39 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## February 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [USMT Requirements](usmt-requirements.md) | Updated: Vista support removed and other minor changes | 
+| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated structure and content | 
+| [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) | Added as a separate page from get started | 
+| [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md) | Updated with links to new content and information about the target OS setting |
+| [Upgrade Analytics - Upgrade overview](upgrade-analytics-upgrade-overview.md) | New | 
+| [Upgrade Analytics - Step 1: Identify important apps](upgrade-analytics-identify-apps.md) | Updated topic title and content | 
+| [Upgrade Analytics - Step 2: Resolve app and driver issues](upgrade-analytics-resolve-issues.md) | New | 
+| [Upgrade Analytics - Step 3: Deploy Windows](upgrade-analytics-deploy-windows.md) | New | 
+| [Upgrade Analytics - Additional insights](upgrade-analytics-additional-insights.md) | New | 
+
+## January 2017
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) | New | 
+| [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) | New | 
+| [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) | New | 
+| [Apply a provisioning package](provisioning-apply-package.md) | New (previously published in other topics) | 
+| [Create a provisioning package for Windows 10](provisioning-create-package.md) | New (previously published in Hardware Dev Center on MSDN) | 
+| [Create a provisioning package with multivariant settings](provisioning-multivariant.md) | New (previously published in Hardware Dev Center on MSDN) | 
+| [How provisioning works in Windows 10](provisioning-how-it-works.md) | New (previously published in Hardware Dev Center on MSDN) | 
+| [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md) | New (previously published in Hardware Dev Center on MSDN) |
+| [NFC-based device provisioning](provisioning-nfc.md) | New (previously published in Hardware Dev Center on MSDN) | 
+| [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md) | New (previously published in Hardware Dev Center on MSDN) | 
+| [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md) | New (previously published in Hardware Dev Center on MSDN) |
+| [Windows ICD command-line interface (reference)](provisioning-command-line.md) | New (previously published in Hardware Dev Center on MSDN) |
+| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated exit code table with suggested fixes, and added link to the Upgrade Analytics blog | 
+| [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |
+| [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md) | Instructions for applying the provisioning package moved to [Apply a provisioning package](provisioning-apply-package.md) |
+
+
 ## October 2016
 | New or changed topic | Description |
 |----------------------|-------------|

windows/deploy/configure-a-pxe-server-to-load-windows-pe.md

@@ -163,6 +163,9 @@ ramdisksdidevice        boot
 ramdisksdipath          \boot\boot.sdi
 ```
 
+>[!TIP]
+>If you start the PXE boot process, but receive the error that "The boot configuration data for your PC is missing or contains errors" then verify that \\boot directory is installed under the correct TFTP server root directory.  In the example used here the name of this directory is TFTPRoot, but your TFTP server might be different. 
+
 ## PXE boot process summary
 
 The following summarizes the PXE client boot process.

windows/deploy/index.md

@@ -5,6 +5,7 @@ ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+localizationpriority: high
 author: greg-lindsay
 ---
 
@@ -17,6 +18,7 @@ Learn about deploying Windows 10 for IT professionals.
 |------|------------|
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
 |[Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) |With Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
+|[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
 |[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. |
@@ -24,8 +26,7 @@ Learn about deploying Windows 10 for IT professionals.
 |[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows 10 edition upgrade](windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
-| [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md) | Create a provisioning package to apply commonly used settings to a PC running Windows 10. |
-|  [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md) | Create a provisioning package to add apps and certificates to a PC running Windows 10. |
+| [Provisioning packages for Windows 10](provisioning-packages.md) | Learn how to use the Windows Imaging and Configuration Designer (ICD) and provisioning packages to easily configure multiple devices. |
 |[Windows 10 upgrade paths](windows-10-upgrade-paths.md) |You can upgrade directly to Windows 10 from a previous operating system. |
 |[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
 |[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |

windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md

@@ -2,7 +2,7 @@
 title: Manage Windows upgrades with Upgrade Analytics (Windows 10)
 description: Provides an overview of the process of managing Windows upgrades with Upgrade Analytics.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
 # Manage Windows upgrades with Upgrade Analytics
@@ -18,17 +18,11 @@ With Windows telemetry enabled, Upgrade Analytics collects system, application,
 Use Upgrade Analytics to get:
 
 -   A visual workflow that guides you from pilot to production
-
 -   Detailed computer and application inventory
-
 -   Powerful computer level search and drill-downs
-
 -   Guidance and insights into application and driver compatibility issues, with suggested fixes
-
 -   Data driven application rationalization tools
-
 -   Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-
 -   Data export to commonly used software deployment tools, including System Center Configuration Manager
 
 The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
@@ -36,22 +30,14 @@ The Upgrade Analytics workflow steps you through the discovery and rationalizati
 **Important**  For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
 
 - [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-
 - [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
 - [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
 
 ##**Related topics**
 
-[Upgrade Analytics architecture](upgrade-analytics-architecture.md)
-
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
-
-[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
-
-[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
-
+[Upgrade Analytics architecture](upgrade-analytics-architecture.md)<BR>
+[Upgrade Analytics requirements](upgrade-analytics-requirements.md)<BR>
+[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)<BR>
+[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)<BR>
+[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)<BR>
+[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)<BR>

windows/deploy/provision-pcs-for-initial-deployment.md

@@ -4,7 +4,7 @@ description: Create a provisioning package to apply common settings to a PC runn
 ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: W10
-ms.mktglfcycl: manage
+ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
 localizationpriority: high
@@ -92,40 +92,30 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 > [!IMPORTANT]
 > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-## Apply package
 
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
-    ![The first screen to set up a new PC](images/oobe.jpg)
-
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
-
-    ![Set up device?](images/setupmsg.jpg)
-
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
-
-    ![Provision this device](images/prov.jpg)
-    
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
-
-    ![Choose a package](images/choose-package.png)
-
-5. Select **Yes, add it**.
-
-    ![Do you trust this package?](images/trust-package.png)
-    
+ **Next step**: [How to apply a provisioning package](provisioning-apply-package.md)   
 
 
 ## Learn more
--   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
 -   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
  
+## Related topics
 
- 
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
 
 

windows/deploy/provision-pcs-with-apps-and-certificates.md

@@ -4,7 +4,7 @@ description: Create a provisioning package to apply settings to a PC running Win
 ms.assetid: 66D14E97-E116-4218-8924-E2A326C9367E
 keywords: ["runtime provisioning", "provisioning package"]
 ms.prod: W10
-ms.mktglfcycl: manage
+ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
 localizationpriority: high
@@ -57,7 +57,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the `msiexec /quiet` option. 
 
 > [!NOTE]
-> If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/library/windows/hardware/mt703295%28v=vs.85%29.aspx). 
+> If you are installing more than one app, then use `CommandLine` to invoke the script or batch file that orchestrates installation of the files. For more information, see [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md). 
 
 
 ### Add a universal app to your package
@@ -170,66 +170,27 @@ If your build is successful, the name of the provisioning package, output direct
 
 
 
-## Apply package
-
-### During initial setup, from a USB drive
-
-1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
-
-    ![The first screen to set up a new PC](images/oobe.jpg)
-
-2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
-
-    ![Set up device?](images/setupmsg.jpg)
-
-3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
-
-    ![Provision this device](images/prov.jpg)
-    
-4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
-
-    ![Choose a package](images/choose-package.png)
-
-5. Select **Yes, add it**.
-
-    ![Do you trust this package?](images/trust-package.png)
-    
-6. Read and accept the Microsoft Software License Terms.  
-
-    ![Sign in](images/license-terms.png)
-    
-7. Select **Use Express settings**.
-
-    ![Get going fast](images/express-settings.png)
-
-8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
-
-    ![Who owns this PC?](images/who-owns-pc.png)
-
-9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
-
-    ![Connect to Azure AD](images/connect-aad.png)
-
-10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
-
-    ![Sign in](images/sign-in-prov.png)
-    
-
-### After setup, from a USB drive, network folder, or SharePoint site
-
-On a desktop computer, navigate to **Settings** > **Accounts** > **Work access** > **Add or remove a management package** > **Add a package**, and select the package to install. 
-
-![add a package option](images/package.png)
+**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
 
 ## Learn more
--   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
 -   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
 -   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
-
-
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
 
 

windows/deploy/provisioning-apply-package.md

@@ -0,0 +1,119 @@
+---
+title: Apply a provisioning package (Windows 10)
+description: Provisioning packages can be applied to a device during the first-run experience (OOBE) and after ("runtime").
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Apply a provisioning package
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
+
+## Desktop editions
+
+### During initial setup, from a USB drive
+
+1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
+
+    ![The first screen to set up a new PC](images/oobe.jpg)
+
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+
+    ![Set up device?](images/setupmsg.jpg)
+
+3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
+
+    ![Provision this device](images/prov.jpg)
+    
+4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
+
+    ![Choose a package](images/choose-package.png)
+
+5. Select **Yes, add it**.
+
+    ![Do you trust this package?](images/trust-package.png)
+    
+6. Read and accept the Microsoft Software License Terms.  
+
+    ![Sign in](images/license-terms.png)
+    
+7. Select **Use Express settings**.
+
+    ![Get going fast](images/express-settings.png)
+
+8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
+
+    ![Who owns this PC?](images/who-owns-pc.png)
+
+9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
+
+    ![Connect to Azure AD](images/connect-aad.png)
+
+10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
+
+    ![Sign in](images/sign-in-prov.png)
+    
+### After setup, from a USB drive, network folder, or SharePoint site
+
+On a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
+
+![add a package option](images/package.png)
+    
+## Mobile editions
+
+### Using removable media
+
+1. Insert an SD card containing the provisioning package into the device.
+2. Navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
+
+    ![add a package option](images/packages-mobile.png)
+
+3. Click **Add**.
+
+4. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
+
+    ![Is this package from a source you trust](images/package-trust.png)
+    
+### Copying the provisioning package to the device
+
+1. Connect the device to your PC through USB.
+
+2. On the PC, select the provisioning package that you want to use to provision the device and then drag and drop the file to your device.
+
+3. On the device, the **Is this package from a source you trust?** message will appear. Tap **Yes, add it**.
+
+    ![Is this package from a source you trust](images/package-trust.png)
+
+
+
+
+
+## Learn more
+
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

windows/deploy/provisioning-command-line.md

@@ -0,0 +1,68 @@
+---
+title: Windows ICD command-line interface (Windows 10)
+description: 
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Windows ICD command-line interface (reference)
+
+
+**Applies to**
+
+- Windows 10
+- Windows 10 Mobile
+
+You can use the Windows Imaging and Configuration Designer (ICD) command-line interface (CLI) to automate the building of provisioning packages and Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) and Windows 10 Mobile or Windows 10 IoT Core (IoT Core) images. 
+
+- IT pros can use the Windows ICD CLI to require less re-tooling of existing processes. You must run the Windows ICD CLI from a command window with administrator privileges.
+
+- You must use the Windows ICD CLI and edit the customizations.xml sources to create an image and/or provisioning package with multivariant support. You need the customizations.xml file as one of the inputs to the Windows ICD CLI to build a provisioning package. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md). 
+
+
+
+## Syntax
+
+``` 
+icd.exe /Build-ProvisioningPackage /CustomizationXML:<path_to_xml> /PackagePath:<path_to_ppkg> 
+[/StoreFile:<path_to_storefile>]  [/MSPackageRoot:<path_to_mspackage_directory>]  [/OEMInputXML:<path_to_xml>]
+[/ProductName:<product_name>]  [/Variables:<name>:<value>] [[+|-]Encrypted] [[+|-]Overwrite] [/?]
+```
+
+## Switches and arguments
+
+| Switch | Required? | Arguments |
+| --- | --- | --- |
+| /CustomizationXML | No | Specifies the path to a Windows provisioning XML file that contains the customization assets and settings. For more information, see Windows provisioning answer file. |
+| /PackagePath | Yes | Specifies the path and the package name where the built provisioning package will be saved. |
+| /StoreFile | No</br></br></br>See Important note. | For partners using a settings store other than the default store(s) used by Windows ICD, use this parameter to specify the path to one or more comma-separated Windows settings store file. By default, if you don't specify a settings store file, the settings store that's common to all Windows editions will be loaded by Windows ICD.</br></br></br>**Important**  If you use this parameter, you must not use /MSPackageRoot or /OEMInputXML. |
+| /Variables | No | Specifies a semicolon separated <name> and <value> macro pair. The format for the argument must be <name>=<value>. |
+| Encrypted | No | Denotes whether the provisioning package should be built with encryption. Windows ICD auto-generates the decryption password and includes this information in the output.</br></br></br>Precede with + for encryption or - for no encryption. The default is no encryption. |
+| Overwrite | No | Denotes whether to overwrite an existing provisioning package.</br></br></br>Precede with + to overwrite an existing package or - if you don't want to overwrite an existing package. The default is false (don't overwrite). |
+| /? | No | Lists the switches and their descriptions for the command-line tool or for certain commands. |
+ 
+
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+ 
+
+
+
+
+

windows/deploy/provisioning-create-package.md

@@ -0,0 +1,149 @@
+---
+title: Create a provisioning package (Windows 10)
+description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Create a provisioning package for Windows 10
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+You use Windows Imaging and Configuration Designer (ICD) to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10. 
+
+>[Learn how to install Windows ICD.](provisioning-install-icd.md)
+
+## Start a new project
+
+1. Open Windows ICD:
+    - From either the Start screen or Start menu search, type 'Imaging and Configuration Designer' and click on the Windows ICD shortcut, 
+    
+    or
+    
+    - Navigate to `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86` (on an x64 computer) or `C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe` (on an x86 computer), and then double-click **ICD.exe**.
+
+2. Select your desired option on the **Start** page, which offers three options for creating a provisioning package, as shown in the following image:
+
+    ![Simple provisioning or provision school devices or advanced provisioning](images/icd-create-options.png)
+    
+    - The **Simple provisioning** and **Provision school devices** options provide wizard-style walkthroughs for creating a provisioning package based on a set of common settings. 
+    - The **Advanced provisioning** option opens a new project with all **Runtime settings** available. 
+    
+    >[!TIP]
+    >You can start a project in the simple editor and then switch the project to the advanced editor.
+    >
+    >![Switch to advanced editor](images/icd-switch.png)
+        
+3. Enter a name for your project, and then click **Next**.
+
+4. Select the settings you want to configure, based on the type of device, and then click **Next**. The following table describes the options.
+
+    | Windows edition | Settings available for customization | Provisioning package can apply to |
+    | --- | --- | --- |
+    | All Windows editions | Common settings | All Windows 10 devices |
+    | All Windows desktop editions | Common settings and settings specific to desktop devices  | All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)   |
+    | All Windows mobile editions | Common settings and settings specific to mobile devices | All Windows 10 Mobile devices |
+    | Windows 10 IoT Core | Common settings and settings specific to Windows 10 IoT Core | All Windows 10 IoT Core devices |
+    | Windows 10 Holographic | Common settings and settings specific to Windows 10 Holographic  | [Microsoft HoloLens](https://technet.microsoft.com/itpro/hololens/hololens-provisioning)   |
+    | Common to Windows 10 Team edition | Common settings and settings specific to Windows 10 Team  | [Microsoft Surface Hub](https://technet.microsoft.com/itpro/surface-hub/provisioning-packages-for-certificates-surface-hub)  |
+ 
+5. On the **Import a provisioning package (optional)** page, you can click **Finish** to create your project, or browse to and select an existing provisioning packge to import to your project, and then click **Finish**.
+
+>[!TIP]
+>**Import a provisioning package** can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.
+
+After you click **Finish**, Windows ICD will open the appropriate walkthrough page if you selected **Simple provisioning** or **Provision school devices**, or the **Available customizations** pane if you selected **Advanced provisioning**. The remainder of this topic will explain the **Advanced provisioning scenario**. 
+
+- For instructions on **Simple provisioning**, see [Provision PCs with common settings](provision-pcs-for-initial-deployment.md). 
+- For instructions on **Provision school devices**, see [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain).
+
+
+## Configure settings
+
+For an advanced provisioning project, Windows ICD opens the **Available customizations** pane. The example in the following image is based on **All Windows desktop editions** settings.
+
+![What the ICD interface looks like](images/icd-runtime.png)
+
+The settings in Windows ICD are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see [Introduction to configuration service providers (CSPs) for IT pros](https://technet.microsoft.com/itpro/windows/manage/how-it-pros-can-use-configuration-service-providers).
+
+The process for configuring settings is similar for all settings. The following table shows an example.
+
+<table>
+<tr><td>![step one](images/one.png)</br>Expand a category.</td><td>![Expand Certificates category](images/icd-step1.png)</td></tr>
+<tr><td>![step two](images/two.png)</br>Select a setting.</td><td>![Select ClientCertificates](images/icd-step2.png)</td></tr>
+<tr><td>![step three](images/three.png)</br>Enter a value for the setting. Click **Add** if the button is displayed.</td><td>![Enter a name for the certificate](images/icd-step3.png)</td></tr>
+<tr><td>![step four](images/four.png)</br>Some settings, such as this example, require additional information. In **Available customizations**, select the value you just created, and additional settings are displayed.</td><td>![Additional settings for client certificate](images/icd-step4.png)</td></tr> 
+<tr><td>![step five](images/five.png)</br>When the setting is configured, it is displayed in the **Selected customizations** pane.</td><td>![Selected customizations pane](images/icd-step5.png)</td></tr>
+</table>
+
+For details on each specific setting, see [Windows Provisioning settings reference](https://msdn.microsoft.com/library/windows/hardware/dn965990.aspx). The reference topic for a setting is also displayed in Windows ICD when you select the setting, as shown in the following image.
+
+![Windows ICD opens the reference topic when you select a setting](images/icd-setting-help.png) 
+
+
+ ## Build package
+
+1. After you're done configuring your customizations, click **Export** and select **Provisioning Package**.
+
+    ![Export on top bar](images/icd-export-menu.png)
+    
+2. In the **Describe the provisioning package** window, enter the following information, and then click **Next**:
+    - **Name** - This field is pre-populated with the project name. You can change this value by entering a different name in the **Name** field.
+    - **Version (in Major.Minor format** - - Optional. You can change the default package version by specifying a new value in the **Version** field. 
+    - **Owner** - Select **IT Admin**. For more information, see [Precedence for provisioning packages](provisioning-how-it-works.md#precedence-for-provisioning-packages).
+    - **Rank (between 0-99)** - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
+    
+3. In the **Select security details for the provisioning package** window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click **Next** after you make your selections.
+
+    - **Encrypt package** -  If you select this option, an auto-generated password will be shown on the screen.
+    - **Sign package** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select** and choosing the certificate you want to use to sign the package.
+
+    >[!NOTE]
+    >You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device. 
+    >
+    >If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the **TrustedProvisioners** setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set **RequireProvisioningPackageSignature**, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
+
+4. In the **Select where to save the provisioning package** window, specify the output location where you want the provisioning package to go once it's built, and then click **Next**. By default, Windows ICD uses the project folder as the output location.
+
+5. In the **Build the provisioning package** window, click **Build**. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status. 
+
+    If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.
+
+6. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+
+    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown. 
+
+    If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+
+7. When you are done, click **Finish** to close the wizard and go back to the Customizations page.
+
+**Next step**: [How to apply a provisioning package](provisioning-apply-package.md)
+
+## Learn more
+
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

windows/deploy/provisioning-how-it-works.md

@@ -0,0 +1,184 @@
+---
+title: How provisioning works in Windows 10 (Windows 10)
+description: A provisioning package (.ppkg) is a container for a collection of configuration settings. 
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# How provisioning works in Windows 10
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+Provisioning packages in Windows 10 provide IT administrators with a simplified way to apply configuration settings to Windows 10 devices. Windows Imaging and Configuration Designer (Windows ICD) is a tool that makes it easy to create a provisioning package. Windows ICD is contained in the [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). 
+
+## Provisioning packages
+
+A provisioning package contains specific configurations/settings and assets that can be provided through a removable media or simply downloaded to the device.
+
+To enable adding multiple sets of settings or configurations, the configuration data used by the provisioning engine is built out of multiple configuration sources that consist of separate provisioning packages. Each provisioning package contains the provisioning data from a different source.
+
+A provisioning package (.ppkg) is a container for a collection of configuration settings. The package has the following format: 
+
+- Package metadata – The metadata contains basic information about the package such as package name, description, version, ranking, and so on. 
+
+- XML descriptors – Each descriptor defines a customization asset or configuration setting included in the package. 
+
+- Asset payloads – The payloads of a customization asset or a configuration setting associated with an app or data asset. 
+
+You can  use provisioning packages for runtime device provisioning by accessing the package on a removable media attached to the device, through near field communication (NFC), or by downloading from a remote source location. 
+
+## Precedence for provisioning packages
+
+When multiple provisioning packages are available for device provisioning, the combination of package owner type and package rank level defined in the package manifest is used to resolve setting conflicts. The pre-defined package owner types are listed below in the order of lowest to highest owner type precedence:
+
+1. Microsoft 
+
+2. Silicon Vender 
+
+3. OEM 
+
+4. System Integrator 
+
+5. Mobile Operator 
+
+6. IT Admin 
+
+The valid value range of package rank level is 0 to 99. 
+
+When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For example, the value of a setting in a package with owner **System Integrator** and rank level **3** takes precedence over the same setting in a package with owner **OEM** and rank level **4**. This is because the System Integrator owner type has the higher precedence over the OEM owner type. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device. 
+
+## Windows provisioning XML
+
+Windows provisioning XML is the framework that allows Microsoft and OEM components to declare end-user configurable settings and the on-device infrastructure for applying the settings with minimal work by the component owner. 
+
+Settings for each component can be declared within that component's package manifest file. These declarations are turned into settings schema that are used by Windows ICD to expose the potential settings to users to create customizations in the image or in provisioning packages. Windows ICD translates the user configuration, which is declared through Windows provisioning answer file(s), into the on-device provisioning format.
+
+When the provisioning engine selects a configuration, the Windows provisioning XML is contained within the selected provisioning data and is passed through the configuration manager and then to the Windows provisioning CSP. The Windows provisioning CSP then takes and applies the provisioning to the proper location for the actual component to use. 
+
+## Provisioning engine
+
+The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10. 
+
+The provisioning engine provides the following functionality:
+
+- Provisioning configuration at any time when the device is running including first boot and setup or OOBE. It is also extensible to other points during the run-time of the device.
+- Reading and combining settings from multiple sources of configuration that may be added to an image by Microsoft, the OEM, or system integrator, or added by IT/education administrators or users to the device at run-time. Configuration sources may be built into the image or from provisioning packages added to the device.
+- Responding to triggers or events and initiating a provisioning stage.
+- Authenticating the provisioning packages.
+- Selecting a set of configuration based on the stage and a set of keys—such as the SIM, MCC/MNC, IMSI range, and so on—that map to a specific configuration then passing this configuration to the configuration management infrastructure to be applied.
+- Working with OOBE and the control panel UI to allow user selection of configuration when a specific match cannot be determined.
+
+## Configuration manager
+
+The configuration manager provides the unified way of managing Windows 10 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to Configuration Service Providers (CSPs) to perform the specific management requests and settings. 
+
+The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied. 
+
+Underneath the configuration manager are the CSPs. Each section of configuration translates to a particular CSP to handle interpreting into an action on the device. Each CSP translates the instructions in the configuration and calls into the appropriate APIs and components to perform the requested provisioning actions. 
+
+## Policy and resource manager
+
+The policy, resource, and context manager components manage the enrollment and unenrollment of devices into enterprise environments. The enrollment process into an enterprise is essentially the provisioning of configuration and device management policies that the enterprise wants to enforce on the device. This is usually done through the explicit signing up of the device to an enterprise's device management server over a network connection. This provides the user with the ability to access the enterprise's resources through the device and the enterprise with a means to manage and control access and manage and control the device itself. 
+
+The key differences between enterprise enrollment and the configuration performed by the provisioning engine are: 
+- Enrollment enforces a limited and controlled set of policies on the device that the user may not have full control over. The provisioning engine exposes a larger set of settings that configure more aspects of the device and are generally user adjustable.
+- The policy manager manages policy settings from multiple entities and performs a selection of the setting based on priority of the entities. The provisioning engine applies the settings and does not offer a means of prioritizing settings from different sources. The more specific provisioning is the last one applied and the one that is used.
+- Individual policy settings applied from different enrollment entities are stored so they can be removed later during unenrollment. This enables the user to remove enterprise policy and return the device to a state without the enterprise restrictions and any sensitive data. The provisioning engine does not maintain individual provisioning settings or a means to roll back all applied settings.
+
+In Windows 10, the application of policy and enrollment through provisioning is required to support cases where an enterprise or educational institution does not have a DM server for full device management. The provisioning engine supports provisioning enrollment and policy through its configuration and integrates with the existing policy and resource manager components directly or through the configuration manager. 
+
+## Triggers and stages
+
+Triggers are events during the lifetime of the system that start a provisioning stage. Some examples of triggers are: boot, OOBE, SIM change, user added, administrator added, user login, device update, and various manual triggers (such as deployment over USB or launched from an email attachment or USB flash drive).
+
+When a trigger occurs, provisioning is initiated for a particular provisioning stage. The stages are grouped into sets based on the scope of the settings:
+- **Static**: First stage run for provisioning to apply configuration settings to the system to set up OOBE or apply device-wide settings that cannot be done when the image is being created.
+- **System**: Run during OOBE and configure system-wide settings.
+- **UICC**: UICC stages run for each new UICC in a device to handle configuration and branding based on the identity of the UICC or SIM card. This enables the runtime configuration scenarios where an OEM can maintain one image that can be configured for multiple operators.
+- **Update**: Runs after an update to apply potential updated settings changes.
+- **User**: runs during a user account first run to configure per-user settings.
+
+
+
+
+
+
+
+
+
+## Device provisioning during OOBE
+
+The provisioning engine always applies provisioning packages persisted in the C:\Recovery\Customizations folder on the OS partition. When the provisioning engine applies provisioning packages in the %ProgramData%\Microsoft\Provisioning folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect. 
+
+Device users can apply a provisioning package from a remote source when the device first boots to OOBE. The device provisioning during OOBE is only triggered after the language, locale, time zone, and other settings on the first OOBE UI page are configured. On all Windows devices, device provisioning during OOBE can be triggered by 5 fast taps on the Windows hardware key. When device provisioning is triggered, the provisioning UI is displayed in the OOBE page. The provisioning UI allows users to select a provisioning package acquired from a remote source, such as through NFC or a removable media. 
+
+The following table shows how device provisioning can be initiated when a user first boots to OOBE.
+
+
+| Package delivery | Initiation method | Supported device |
+| --- | --- | --- |
+| Removable media - USB drive or SD card</br> (Packages must be placed at media root) | 5 fast taps on the Windows key to launch the provisioning UI |All Windows devices |
+| From an administrator device through machine to machine NFC or NFC tag</br>(The administrator device must run an app that can transfer the package over NFC) | 5 fast taps on the Windows key to launch the provisioning UI | Windows 10 Mobile devices and IoT Core devices |
+ 
+The provisioning engine always copies the acquired provisioning packages to the %ProgramData%\Microsoft\Provisioning folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device. 
+
+When the provisioning engine applies provisioning packages during OOBE, it applies only the runtime settings from the package to the device. Runtime settings can be system-wide configuration settings, including security policy, Windows app install/uninstall, network configuration, bootstrapping MDM enrollment, provisioning of file assets, account and domain configuration, Windows edition upgrade, and more. The provisioning engine also checks for the configuration settings on the device, such as region/locale or SIM card, and applies the multivariant settings with matching condition(s). 
+
+## Device provisioning at runtime
+
+At device runtime, standalone provisioning packages can be applied by user initiation. Only runtime configuration settings including multivariant settings contained in a provisioning package can be applied at device runtime.
+
+The following table shows when provisioning at device runtime can be initiated.
+
+| Package delivery | Initiation method | Supported device |
+| --- | --- | --- |
+| Removable media - USB drive or SD card</br>(Packages must be placed at media root) | **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** | All Windows devices |
+| Downloaded from a network connection and copied to a local folder | Double-click the package file | Windows 10 for desktop editions devices |
+| From an administrator device connected to the target device through USB tethering | Drag and drop the package file onto the target device | Windows 10 Mobile devices and IoT Core devices |
+
+When applying provisioning packages from a removable media attached to the device, the Settings UI allows viewing contents of a package before selecting the package for provisioning. To minimize the risk of the device being spammed by applying provisioning packages from unknown sources, a provisioning package can be signed and encrypted. Partners can also set policies to limit the application of provisioning packages at device runtime. Applying provisioning packages at device runtime requires administrator privilege. If the package is not signed or trusted, a user must provide consent before the package is applied to the device. If the package is encrypted, a valid password is needed to decrypt the package before it can be applied to the device.
+
+When applying multiple provisioning packages to a device, the provisioning engine resolves settings with conflicting configuration values from different packages by evaluating the package ranking using the combination of package owner type and package rank level defined in the package metadata. A configuration setting applied from a provisioning package with the highest package ranking will be the final value applied to the device.
+
+After a standalone provisioning package is applied to the device, the package is persisted in the %ProgramData%\Microsoft\Provisioning folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**. However, Windows 10 doesn't provide an uninstall option to revert runtime settings when removing a provisioning package from the device.
+
+
+## Learn more
+
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+
+
+
+
+ 
+
+ 
+
+
+
+
+

windows/deploy/provisioning-install-icd.md

@@ -0,0 +1,106 @@
+---
+title: Install Windows Imaging and Configuration Designer (Windows 10)
+description: Learn how to install and run Windows ICD. 
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Install Windows Imaging and Configuration Designer (ICD)
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+Use the Windows Imaging and Configuration Designer (ICD) tool in the Windows Assessment and Deployment Kit (ADK) to create provisioning packages to easily configure devices running Windows 10. Windows ICD is primarily designed for use by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
+
+## Supported platforms
+
+Windows ICD can create provisioning packages for Windows 10 desktop and mobile editions, including Windows 10 IoT Core. You can run Windows ICD on the following operating systems:
+
+- Windows 10 - x86 and amd64
+- Windows 8.1 Update - x86 and amd64
+- Windows 8.1 - x86 and amd64
+- Windows 8 - x86 and amd64
+- Windows 7 - x86 and amd64
+- Windows Server 2016
+- Windows Server 2012 R2 Update
+- Windows Server 2012 R2
+- Windows Server 2012
+- Windows Server 2008 R2
+
+## Install Windows ICD
+
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) and select **Get Windows ADK** for the version of Windows 10 that you want to create provisioning packages for (version 1511 or version 1607).
+
+    >[!NOTE]
+    >The rest of this procedure uses Windows ADK for Windows 10, version 1607 as an example.
+    
+2. Save **adksetup.exe** and then run it.
+
+3. On the **Specify Location** page, select an installation path and then click **Next**.
+    >[!NOTE]
+    >The estimated disk space listed on this page applies to the full Windows ADK. If you only install Windows ICD, the space requirement is approximately 32 MB.
+4. Make a selection on the **Windows Kits Privacy** page, and then click **Next**.
+
+5. Accept the **License Agreement**, and then click **Next**.
+
+6. On the **Select the features you want to install** page, clear all selections except **Configuration Designer**, and then click **Install**.
+
+    ![Only Configuration Designer selected for installation](images/icd-install.png)
+
+## Current Windows ICD limitations
+
+
+- You can only run one instance of Windows ICD on your computer at a time.
+
+- Be aware that when adding apps and drivers, all files stored in the same folder will be imported and may cause errors during the build process.
+
+- The Windows ICD UI does not support multivariant configurations. Instead, you must use the Windows ICD command-line interface to configure multivariant settings. For more information, see [Create a provisioning package with multivariant settings](provisioning-multivariant.md).
+
+- While you can open multiple projects at the same time within Windows ICD, you can only build one project at a time.
+
+- In order to enable the simplified authoring jscripts to work on a server SKU running Windows ICD, you need to explicitly enable **Allow websites to prompt for information using scripted windows**. Do this by opening Internet Explorer and then navigating to **Settings** > **Internet Options** > **Security**  -> **Custom level** > **Allow websites to prompt for information using scripted windows**, and then choose **Enable**. 
+
+- If you copy a Windows ICD project from one PC to another PC, make sure that all the associated files for the deployment assets, such as apps and drivers, are copied along with the project to the same path as it was on the original PC. 
+
+    For example, when you add a driver to a provisioned package, you must copy the .INF file to a local directory on the PC that is running Windows ICD. If you don't do this, and attempt to use a copied version of this project on a different PC, Windows ICD might attempt to resolve the path to the files that point to the original PC.
+ 
+- **Recommended**: Before starting, copy all source files to the PC running Windows ICD, rather than using external sources like network shares or removable drives. This reduces the risk of interrupting the build process from a temporary network issue or from disconnecting the USB device.
+
+**Next step**: [How to create a provisioning package](provisioning-create-package.md)
+
+## Learn more
+
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
+
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+
+
+
+ 
+
+ 
+
+
+
+
+

windows/deploy/provisioning-multivariant.md

@@ -0,0 +1,322 @@
+---
+title: Create a provisioning package with multivariant settings (Windows 10)
+description: Create a provisioning package with multivariant settings to customize the provisioned settings.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Create a provisioning package with multivariant settings
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+Multivariant provisioning packages enable you to create a single provisioning package that can work for multiple locales.
+
+To provision multivariant settings, you must create a provisioning package with defined **Conditions** and **Settings** that are tied to these conditions. When you install this package on a Windows 10 device, the provisioning engine applies the matching condition settings at every event and triggers provisioning.
+
+The following events trigger provisioning on Windows 10 devices:
+
+| Event | Windows 10 Mobile | Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) |
+| --- | --- | --- |
+| System boot | Supported | Supported |
+| Operating system update | Supported | Planned |
+| Package installation during device first run experience | Supported | Supported |
+| Detection of SIM presence or update | Supported | Not supported |
+| Package installation at runtime | Supported | Supported |
+| Roaming detected | Supported | Not supported |
+
+## Target, TargetState, Condition, and priorities
+
+Targets describe keying for a variant and must be described or pre-declared before being referenced by the variant.
+
+- You can define multiple **Target** child elements for each **Id** that you need for the customization setting.
+
+- Within a **Target** you can define multiple **TargetState** elements.
+
+- Within a **TargetState** element you can create multiple **Condition** elements.
+
+- A **Condition** element defines the matching type between the condition and the specified value.
+
+The following table shows the conditions supported in Windows 10 provisioning:
+
+>[!NOTE]
+>You can use any of these supported conditions when defining your **TargetState**.
+
+| Condition Name | Condition priority | Windows 10 Mobile | Windows 10 for desktop editions | Value type | Value description |
+| --- | --- | --- | --- | --- | --- |
+| MNC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
+| MCC | P0 | Supported | N/A | Digit string | Use to target settings based on the Mobile Country Code (MCC) value. |
+| SPN | P0 | Supported | N/A | String | Use to target settings based on the Service Provider Name (SPN) value. |
+| PNN | P0 | Supported | N/A | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
+| GID1 | P0 | Supported | N/A | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
+| ICCID | P0 | Supported | N/A | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
+| Roaming | P0 | Supported | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). | 
+| UICC | P0 | Supported | N/A | Enumeration | Use to specify the UICC state. Set the value to one of the following:</br></br></br>- 0 - Empty</br>- 1 - Ready</br>- 2 - Locked |
+| UICCSLOT | P0 | Supported | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:</br></br></br>- 0 - Slot 0</br>- 1 - Slot 1 |
+| ProcessorType | P1 | Supported | Supported | String | Use to target settings based on the processor type. |
+| ProcessorName | P1 | Supported | Supported | String | Use to target settings based on the processor name. |
+| AoAc | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
+| PowerPlatformRole | P1 | Supported | Supported | Enumeration | Indicates the preferred power management profile. Set the value based on the POWER_PLATFORM_ROLE enumeration. |
+| Architecture | P1 | Supported | Supported | String | Matches the PROCESSOR_ARCHITECTURE environment variable. |
+| Server | P1 | Supported | Supported | Boolean | Set the value to 0 or 1. |
+| Region | P1 | Supported | Supported | Enumeration | Use to target settings based on country/region. |
+| Lang | P1 | Supported | Supported | Enumeration | Use to target settings based on language code. |
+| ROMLANG | P1 | Supported | N/A | Digit string | Use to specify the PhoneROMLanguage that's set for DeviceTargeting. This condition is used primarily to detect variants for China. For example, you can use this condition and set the value to "0804". |
+
+The matching types supported in Windows 10 are:
+
+| Matching type | Syntax | Example |
+| --- | --- | --- |
+| Straight match | Matching type is specified as-is | &lt;Condition Name="ProcessorName" Value="Barton" /&gt; |
+| Regex match | Matching type is prefixed by "Pattern:" | &lt;Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /&gt; |
+| Numeric range match | Matching type is prefixed by "!Range:" | &lt;Condition Name="MNC" Value="!Range:400, 550" /&gt; |
+ 
+
+- When all **Condition** elements are TRUE, **TargetState** is TRUE (**AND** logic).
+
+- If any of the **TargetState** elements is TRUE, **Target** is TRUE (**OR** logic), and **Id** can be used for the setting customization.
+
+
+You can define more than one **TargetState** within a provisioning package to apply variant settings that match device conditions. When the provisioning engine evalues each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the variant settings are applied, the system assigns a priority to every **TargetState**. 
+
+A variant setting that matches a **TargetState** with a lower priority is applied before the variant that matches a **TargetState** with a higher priority. Variant settings that match more than one **TargetState** with equal priority are applied according to the order that each **TargetState** is defined in the provisioning package.
+
+The **TargetState** priority is assigned based on the conditions priority and the priority evaluation rules are as followed:
+
+1. **TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
+
+
+2. **TargetState** with P1 conditions is higher than **TargetState** without P0 and P1 conditions.
+
+
+3. If N₁>N₂>0, the **TargetState** priority with N₁ P0 conditions is higher than the **TargetState** with N₂ P1 conditions.
+
+
+4. For **TargetState** without P0 conditions, if N₁>N₂>0 **TargetState** with N₁ P1 conditions is higher than the **TargetState** with N₂ P1 conditions.
+
+
+5. For **TargetState** without P0 and P1 conditions, if N₁>N₂>0 **TargetState** priority with N₁ P2 conditions is higher than the **TargetState** with N₂ P2 conditions.
+
+
+6. For rules 3, 4, and 5, if N₁=N₂, **TargetState** priorities are considered equal.
+
+
+## Create a provisioning package with multivariant settings
+
+Follow these steps to create a provisioning package with multivariant capabilities.
+
+
+1. Build a provisioning package and configure the customizations you need to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
+
+
+2. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
+
+
+3. Open the project folder and copy the customizations.xml file. 
+
+4. Use an XML or text editor to open the customizations.xml file.
+
+    The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The Customizations node contains a Common section, which contains the customization settings.
+
+    The following example shows the contents of a sample customizations.xml file.
+
+    ```XML
+<?xml version="1.0" encoding="utf-8"?> 
+<WindowsCustomizatons> 
+  <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
+    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
+    <Name>My Provisioning Package</Name> 
+    <Version>1.0</Version> 
+    <OwnerType>OEM</OwnerType> 
+    <Rank>50</Rank> 
+  </PackageConfig> 
+  <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
+    <Customizations> 
+      <Common> 
+        <Policies> 
+          <AllowBrowser>0</AllowBrowser> 
+          <AllowCamera>0</AllowCamera> 
+          <AllowBluetooth>0</AllowBluetooth> 
+        </Policies> 
+        <HotSpot> 
+          <Enabled>0</Enabled> 
+        </HotSpot> 
+      </Common> 
+    </Customizations> 
+  </Settings> 
+</WindowsCustomizatons> 
+    ```
+
+4. Edit the customizations.xml file and create a **Targets** section to describe the conditions that will handle your multivariant settings. 
+
+    The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
+    
+    ```XML
+    <?xml version="1.0" encoding="utf-8"?> 
+<WindowsCustomizatons> 
+  <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0"> 
+    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
+    <Name>My Provisioning Package</Name> 
+    <Version>1.0</Version> 
+    <OwnerType>OEM</OwnerType> 
+    <Rank>50</Rank> 
+  </PackageConfig> 
+  <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
+    <Customizations> 
+      <Common> 
+        <Policies> 
+          <AllowBrowser>0</AllowBrowser> 
+          <AllowCamera>0</AllowCamera> 
+          <AllowBluetooth>0</AllowBluetooth> 
+        </Policies> 
+        <HotSpot> 
+          <Enabled>0</Enabled> 
+        </HotSpot> 
+      </Common> 
+      <Targets> 
+        <Target Id="Unique target identifier for desktop"> 
+          <TargetState> 
+            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
+            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
+          </TargetState> 
+          <TargetState> 
+            <Condition Name="ProcessorName" Value="Barton" /> 
+            <Condition Name="ProcessorType" Value="Athlon MP" /> 
+          </TargetState> 
+        </Target> 
+        <Target Id="Mobile target"> 
+          <TargetState> 
+            <Condition Name="MCC" Value="Range:310, 320" /> 
+            <Condition Name="MNC" Value="!Range:400, 550" /> 
+          </TargetState> 
+        </Target> 
+      </Targets> 
+    </Customizations> 
+  </Settings> 
+</WindowsCustomizatons> 
+    ```
+
+5. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
+
+    a. Define a child **TargetRefs** element.
+    
+    b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings. 
+
+    c. Move compliant settings from the **Common** section to the **Variant** section.
+
+    If any of the TargetRef elements matches the Target, all settings in the Variant are applied (OR logic).
+
+    >[!NOTE]
+    >You can define multiple Variant sections. Settings that reside in the **Common** section are applied unconditionally on every triggering event.
+
+    The following example shows the customizations.xml updated to include a **Variant** section and the moved settings that will be applied if the conditions for the variant are met.
+
+    ```XML
+<?xml version="1.0" encoding="utf-8"?> 
+<WindowsCustomizatons> 
+  <PackageConfig xmlns="urn:schemas-Microsoft-com:Windows-ICD-Package-Config.v1.0">
+    <ID>{6aaa4dfa-00d7-4aaa-8adf-73c6a7e2501e}</ID> 
+    <Name>My Provisioning Package</Name> 
+    <Version>1.0</Version> 
+    <OwnerType>OEM</OwnerType> 
+    <Rank>50</Rank> 
+  </PackageConfig> 
+  <Settings xmlns="urn:schemas-microsoft-com:windows-provisioning"> 
+    <Customizations> 
+      <Common> 
+      </Common> 
+      <Targets> 
+        <Target Id="Unique target identifier for desktop"> 
+          <TargetState> 
+            <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> 
+            <Condition Name="ProcessorType" Value="Pattern:.*(I|i)ntel.*" /> 
+          </TargetState> 
+          <TargetState> 
+            <Condition Name="ProcessorName" Value="Barton" /> 
+            <Condition Name="ProcessorType" Value="Athlon MP" /> 
+          </TargetState> 
+        </Target> 
+        <Target Id="Mobile target"> 
+          <TargetState> 
+            <Condition Name="MCC" Value="Range:310, 320" /> 
+            <Condition Name="MNC" Value="!Range:400, 550" /> 
+          </TargetState> 
+        </Target>
+      </Targets> 
+      <Variant> 
+        <TargetRefs> 
+          <TargetRef Id="Unique target identifier for desktop" /> 
+          <TargetRef Id="Mobile target" /> 
+        </TargetRefs> 
+        <Settings> 
+          <Policies> 
+            <AllowBrowser>1</AllowBrowser> 
+            <AllowCamera>1</AllowCamera> 
+            <AllowBluetooth>1</AllowBluetooth> 
+          </Policies> 
+          <HotSpot> 
+            <Enabled>1</Enabled> 
+          </HotSpot> 
+        </Settings> 
+      </Variant> 
+    </Customizations> 
+  </Settings> 
+</WindowsCustomizatons> 
+    ```
+
+6. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
+
+
+7. Use the [Windows ICD command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml. 
+
+    For example:
+
+    ```
+    icd.exe /Build-ProvisioningPackage /CustomizationXML:"C:\CustomProject\customizations.xml" /PackagePath:"C:\CustomProject\output.ppkg" /StoreFile:C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\Microsoft-Common-Provisioning.dat"
+    ```
+    
+
+In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition. 
+
+>[!NOTE]
+>The provisioning package created during this step will contain the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
+
+ 
+
+
+ 
+
+ 
+
+
+
+
+
+ 
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+
+ 
+
+
+
+
+

windows/deploy/provisioning-nfc.md

@@ -0,0 +1,153 @@
+---
+title: NFC-based device provisioning (Windows 10)
+description: 
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# NFC-based device provisioning
+
+
+**Applies to**
+
+-   Windows 10 Mobile
+
+Near field communication (NFC) enables Windows 10 Mobile Enterprise and Windows 10 Mobile devices to communicate with an NFC tag or another NFC-enabled transmitting device. Enterprises that do bulk provisioning can use NFC-based device provisioning to provide a provisioning package to the device that's being provisioned. NFC provisioning is simple and convenient and it can easily store an entire provisioning package. 
+
+The NFC provisioning option enables the administrator to provide a provisioning package during initial device setup or the out-of-box experience (OOBE) phase. Administrators can use the NFC provisioning option to transfer provisioning information to persistent storage by tapping an unprovisioned mobile device to an NFC tag or NFC-enabled device. To use NFC for pre-provisioning a device, you must either prepare your own NFC tags by storing your provisioning package to a tag as described in this section, or build the infrastructure needed to transmit a provisioning package between an NFC-enabled device and a mobile device during OOBE.
+
+## Provisioning OOBE UI
+
+All Windows 10 Mobile Enterprise and Windows 10 Mobile images have the NFC provisioning capability incorporated into the operating system. On devices that support NFC and are running Windows 10 Mobile Enterprise or Windows 10 Mobile, NFC-based device provisioning provides an additional mechanism to provision the device during OOBE.
+
+On all Windows devices, device provisioning during OOBE can be triggered by 5 fast taps on the Windows hardware key, which shows the **Provision this device** screen. In the **Provision this device** screen, select **NFC** for NFC-based provisioning. 
+
+![Example of Provision this device screen](images/nfc.png)
+
+If there is an error during NFC provisioning, the device will show a message if any of the following errors occur:
+
+- **NFC initialization error** - This can be caused by any error that occurs before data transfer has started. For example, if the NFC driver isn't enabled or there's an error communicating with the proximity API.
+- **Interrupted download or incomplete package transfer** - This error can happen if the peer device is out of range or the transfer is aborted. This error can be caused whenever the device being provisioned fails to receive the provisioning package in time.
+- **Incorrect package format** - This error can be caused by any protocol error that the operating system encounters during the data transfer between the devices.
+- **NFC is disabled by policy** - Enterprises can use policies to disallow any NFC usage on the managed device. In this case, NFC functionality is not enabled.
+
+## NFC tag
+
+You can use an NFC tag for minimal provisioning and use an NFC-enabled device tag for larger provisioning packages.
+
+The protocol used for NFC-based device provisioning is similar to the one used for NFC provisioning on Windows Embedded 8.1 Handheld, which supported both single-chunk and multi-chunk transfer when the total transfer didn't fit in one NDEP message size. In Windows 10, the provisioning stack contains the following changes:
+
+- **Protocol namespace** - The protocol namespace has changed from Windows.WEH.PreStageProv.Chunk to Windows.ProvPlugins.Chunk.
+- **Tag data type** - The tag data type has changed from UTF-8 into binary raw data.
+
+
+>[!NOTE]
+>The NFC tag doesn't go in the secondary device. You can transfer the NFC tag by using a provisioning package from device-to-device using the NFC radio or by re-reading the provisioning package from an NFC tag.
+
+### NFC tag components
+
+NFC tags are suitable for very light applications where minimal provisioning is required. The size of NFC tags that contain provisioning packages is typically 4 KB to 10 KB. 
+
+To write to an NFC tag, you will need to use an NFC Writer tool, or you can use the [ProximityDevice class API](https://msdn.microsoft.com/library/windows/apps/windows.networking.proximity.proximitydevice.aspx) to write your own custom tool to transfer your provisioning package file to your NFC tag. The tool must publish a binary message (write) a Chunk data type to your NFC tag.
+
+The following table describes the information that is required when writing to an NFC tag.
+
+| Required field | Description |
+| --- | --- |
+| **Type** | Windows.ProvPlugins.Chunk<br></br>The receiving device uses this information to understand information in the Data field. |
+| **Data** | Tag data with small header in raw binary format that contains a chunk of the provisioning package to be transferred. |
+ 
+
+
+### NFC provisioning helper
+
+The NFC provisioning helper device must split the provisioning package raw content into multiple parts and publish these in order. Each part should follow the following format:
+
+<table><tr><td>**Version**</br>(1 byte)</td><td>**Leading**<br>(1 byte)</td><td>**Order**</br>(1 byte)</td><td>**Total**</br>(1 byte)</td><td>**Chunk payload**</br>(N bytes)</td></tr></table>
+ 
+For each part:
+- **Version** should always be 0x00.
+- **Leading byte** should always be 0xFF.
+- **Order** represents which message chunk (out of the whole message) the part belongs to. The Order begins with zero (0). 
+- **Total** represents the total number of chunks to be transferred for the whole message.
+- **Chunk payload** represents each of the split parts.
+
+The NFC provisioning helper device must publish the record in a type of Windows.ProvPlugins.Chunk.
+
+**Code example**
+
+The following example shows how to write to an NFC tag. This example assumes that the tag is already in range of the writing device.
+
+```
+        private async void WriteProvPkgToTag(IStorageFile provPkgFile)
+        {
+            var buffer = await FileIO.ReadBufferAsync(provPkgFile);
+            if (null == buffer)
+            {
+                return;
+            }
+
+            var proximityDevice = Windows.Networking.Proximity.ProximityDevice.GetDefault();
+            if (null == proximityDevice)
+            {
+                return;
+            }
+
+            var dataWriter = new DataWriter();
+            var header = new NfcProvHeader();
+
+            header.version = NFC_PROV_MESSAGE_CURRENT_VERSION;  // Currently the supported version is 0x00.
+            header.leading = NFC_PROV_MESSAGE_LEADING_BYTE;     // The leading byte should be always 0xFF.
+            header.index = 0; // Assume we only have 1 chunk.
+            header.total = 1; // Assume we only have 1 chunk.
+
+            // Write the header first and then the raw data of the provisioning package.
+            dataWriter.WriteBytes(GetBytes(header));
+            dataWriter.WriteBuffer(buffer);
+
+            var chunkPubId = proximityDevice.PublishBinaryMessage(
+                            "Windows:WriteTag.ProvPlugins.Chunk",
+                            dataWriter.DetachBuffer());
+        }
+```
+
+
+### NFC-enabled device tag components
+
+Provisioning from an NFC-enabled source device allows for larger provisioning packages than can be transferred using an NFC tag. When provisioning from an NFC-enabled device, we recommend that the total file size not exceed 120 KB. Be aware that the larger the NFC file is, the longer it will take to transfer the provisioning file. Depending on your NFC hardware, the transfer time for a 120 KB file will vary between 2.5 seconds and 10 seconds.
+
+To provision from an NFC-enabled source device, use [ProximityDevice class API](https://msdn.microsoft.com/library/windows/apps/windows.networking.proximity.proximitydevice.aspx) to write your own custom tool that transfers your provisioning package in chunks to your target mobile device. The tool must publish binary messages (transmit) a Header message, followed by one or more Chunk messages. The Header specifies the total amount of data that will be transferred to the target device; the Chunks must contain binary raw data formatted provisioning data, as shown in the NFC tag components section.
+
+For detailed information and code samples on how to implement an NFC-enabled device tag, see **ConvertToNfcMessageAsync** in [this GitHub NfcProvisioner Universal Windows app example](https://github.com/Microsoft/Windows-universal-samples/blob/master/Samples/NfcProvisioner/cs/Scenario1.xaml.cs). The sample app shows you how to host the provisioning package on a master device so that you can transfer it to the receiving device.
+
+ 
+
+
+
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+
+ 
+
+ 
+
+
+
+
+

windows/deploy/provisioning-packages.md

@@ -3,9 +3,8 @@ title: Provisioning packages (Windows 10)
 description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 ms.assetid: 287706E5-063F-4AB5-902C-A0DF6D0730BC
 ms.prod: w10
-ms.mktglfcycl: explore
+ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.pagetype: mobile
 author: jdeckerMS
 localizationpriority: high
 ---
@@ -18,19 +17,21 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows Provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management (through a wizard-driven user interface) and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
+Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
 
-With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
 Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
 
-## New in Windows 10, Version 1607
+The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Imaging and Configuration Designer (ICD), a tool for configuring provisioning packages. 
 
-The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Imaging and Configuration Designer (ICD), a tool for configuring images and runtime settings which are then built into provisioning packages. Windows ICD for Windows 10, Version 1607, simplifies common provisioning scenarios. 
+## New in Windows 10, version 1607
+
+Windows ICD for Windows 10, version 1607, simplifies common provisioning scenarios. 
 
 ![Configuration Designer options](images/icd.png)
 
-Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT administrators:
+Windows ICD in Windows 10, version 1607, supports the following scenarios for IT administrators:
 
 * **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
 
@@ -48,7 +49,7 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT
     * Other MDMs (cert-based enrollment) 
 
 > [!NOTE]
-> Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
+> Windows ICD in Windows 10, version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
 
 ## Benefits of provisioning packages
 
@@ -74,7 +75,7 @@ Provisioning packages can be:
 ## What you can configure
 
 
-The following table provides some examples of what can be configured using provisioning packages.
+The following table provides some examples of what you can configure using provisioning packages.
 
 | Customization options    | Examples                                                                                      |
 |--------------------------|-----------------------------------------------------------------------------------------------|
@@ -92,42 +93,26 @@ The following table provides some examples of what can be configured using provi
 
 For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
-## Creating a provisioning package
-
-
-With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
-
-When you run ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
-
--   **Configuration Designer**
-
-![Choose Configuration Designer](images/adk-install.png)
-
-> [!NOTE]
-> In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
-
-After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
-
-## Applying a provisioning package to a device
-
-
-Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
-
 ## Learn more
 
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
-[Windows 10: Deployment](https://go.microsoft.com/fwlink/p/?LinkId=533708)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
 ## Related topics
 
-- [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
-- [Provision PCs with apps and certificates for initial deployments](provision-pcs-with-apps-and-certificates.md)
-- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
-- [Set up a shared or guest PC with Windows 10](../manage/set-up-shared-or-guest-pc.md)
-- [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
-- [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md)
-- [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+
 
 
 

windows/deploy/provisioning-script-to-install-app.md

@@ -0,0 +1,222 @@
+---
+title: Use a script to install a desktop app in provisioning packages (Windows 10)
+description: With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Use a script to install a desktop app in provisioning packages
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+This walkthrough describes how to leverage the ability to include scripts in a Windows 10 provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed, however, some care is needed in order to avoid unintended behavior during script execution (see Remarks below). 
+
+>**Prerequisite**: [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit), version 1511 or higher 
+
+>[!NOTE]
+>This scenario is only supported for installing applications on Windows 10 for desktop, version 1511 or higher.
+
+## Assemble the application assets
+
+1. On the device where you’re authoring the package, place all of your assets in a known location. Each asset must have a unique filename, because all files will be copied to the same temp directory on the device. It’s common for many apps to have an installer called ‘install.exe’ or similar, and there may be name overlap because of that. To fix this, you can use the technique described in the next step to include a complete directory structure that is then expanded into the temp directory on the device. The most common use for this would be to include a subdirectory for each application. 
+
+2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
+
+## Cab the application assets
+
+1. Create a .DDF file as below, replacing *file1* and *file2* with the files you want to package, and adding the name of file/directory.
+
+    ```
+    ;*** MSDN Sample Source Code MakeCAB Directive file example
+    
+    ;
+    
+    .OPTION EXPLICIT  ; Generate errors on variable typos
+    
+    .set DiskDirectoryTemplate=CDROM  ; All cabinets go in a single directory
+    
+    .Set MaxDiskFileCount=1000; Limit file count per cabinet, so that
+    
+    ; scanning is not too slow
+    
+    .Set FolderSizeThreshold=200000   ; Aim for ~200K per folder
+    
+    .Set CompressionType=MSZIP
+    
+    ;** All files are compressed in cabinet files
+    
+    .Set Cabinet=on
+    
+    .Set Compress=on
+    
+    ;-------------------------------------------------------------------
+    
+    ;** CabinetNameTemplate = name of cab
+    
+    ;** DiskDirectory1 = output directory where cab will be created
+    
+    ;-------------------------------------------------------------------
+    
+    .Set CabinetNameTemplate=tt.cab
+    
+    .Set DiskDirectory1=.
+        
+    ;-------------------------------------------------------------------
+    
+    ; Replace <file> with actual files you want to package
+    
+    ;-------------------------------------------------------------------
+    
+    <file1>
+    
+    <file2>
+    
+    ;*** <the end>  
+    ```
+
+2. Use makecab to create the cab files.
+
+    ```
+    Makecab -f <path to DDF file>
+    ```
+
+## Create the script to install the application
+
+Create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
+
+>[!NOTE]
+>All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
+>
+>The scripts will be run on the device in system context.
+
+### Debugging example 
+
+Granular logging is not built in, so the logging must be built into the script itself. Here is an example script that logs ‘Hello World’ to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you will see in the following examples, it’s recommended that you log each action that your script performs.
+
+```
+set LOGFILE=%SystemDrive%\HelloWorld.log
+echo Hello, World >> %LOGFILE% 
+```
+### .exe example
+
+This example script shows how to create a log output file on the system drive, install an app from a .exe installer, and echo the results to the log file.
+
+```
+set LOGFILE=%SystemDrive%\Fiddler_install.log
+echo Installing Fiddler.exe >> %LOGFILE%
+fiddler4setup.exe /S >> %LOGFILE%
+echo result: %ERRORLEVEL% >> %LOGFILE%
+```
+
+### .msi example
+
+This is the same as the previous installer, but installs the app from an MSI installer. Notice that msiexec is called with the /quiet flag in order to meet the silent requirement of scripts run from within a provisioning package.
+
+```
+set LOGFILE=%SystemDrive%\IPOverUsb_install.log
+echo Installing IpOverUsbInstaller.msi >> %LOGFILE%
+msiexec /i IpOverUsbInstaller.msi /quiet >> %LOGFILE%
+echo result: %ERRORLEVEL% >> %LOGFILE%
+```
+
+### PowerShell example
+
+This is an example script with logging that shows how to run a powershell script from the provisioning commands setting. Note that the PowerShell script referenced from this example must also be included in the package, and obey the same requirements as all scripts run from within the provisioning package: it must execute silently, with no user interaction.
+
+```
+set LOGFILE=%SystemDrive%\my_powershell_script.log
+echo Running my_powershell_script.ps1 in system context >> %LOGFILE%
+echo Executing "PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1" >> %LOGFILE%
+PsExec.exe -accepteula -i -s cmd.exe /c powershell.exe my_powershell_script.ps1' >> %LOGFILE%
+echo result: %ERRORLEVEL% >> %LOGFILE%
+```
+
+### Extract from a .CAB example
+
+This example script shows expansion of a .cab from the provisioning commands script, as well as installation of the expanded setup.exe
+
+```
+set LOGFILE=%SystemDrive%\install_my_app.log
+echo Expanding installer_assets.cab >> %LOGFILE%
+expand -r installer_assets.cab -F:* . >> %LOGFILE%
+echo result: %ERRORLEVEL% >> %LOGFILE%
+echo Installing MyApp >> %LOGFILE%
+setup.exe >> %LOGFILE%
+echo result: %ERRORLEVEL% >> %LOGFILE%
+```
+
+### Calling multiple scripts in the package
+
+You are currently allowed one CommandLine per PPKG. The batch files shown above are orchestrator scripts that manage the installation and calls any other scripts included in the PPKG. The orchestrator script is what should be invoked from the CommandLine specified in the package. 
+
+Here’s a table describing this relationship, using the PowerShell example from above:
+
+
+|ICD Setting | Value  | Description |
+| --- | --- | --- |
+| ProvisioningCommands/DeviceContext/CommandLine | cmd /c PowerShell_Example.bat | The command line needed to invoke the orchestrator script. |
+| ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
+| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
+
+ 
+### Add script to provisioning package 
+ 
+When you have the batch file written and the referenced assets ready to include, you can add them to a provisioning package in the Window Imaging and Configuration Designer (Windows ICD). 
+
+Using ICD, specify the full details of how the script should be run in the CommandLine setting in the provisioning package. This includes flags or any other parameters that you would normally type on the command line. So for example if the package contained an app installer called install.exe and a script used to automate the install called InstallMyApp.bat, the `ProvisioningCommands/DeviceContext/CommandLine` setting should be configured to: 
+
+```
+cmd /c InstallMyApp.bat
+```
+
+In ICD, this looks like:
+
+![Command line in Selected customizations](images/icd-script1.png)
+
+You also need to add the relevant assets for that command line including the orchestrator script and any other assets it references such as installers or .cab files.
+
+In ICD, that is done by adding files under the `ProvisioningCommands/DeviceContext/CommandFiles` setting.
+
+![Command files in Selected customizations](images/icd-script2.png)
+
+When you are done, [build the package](provisioning-create-package.md#build-package). 
+ 
+
+### Remarks
+1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it will cause undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
+    a. Echo to console
+    b. Display anything on the screen
+    c. Prompt the user with a dialog or install wizard
+2. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
+3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows 10](https://support.microsoft.com/help/12415/windows-10-recovery-options).
+4. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
+    a. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
+    b. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the PPKG: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands`
+5. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
+6. The runtime provisioning component will attempt to run the scripts from the PPKG at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the Out-of-Box Experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and “please wait” will be displayed on the screen. 
+
+    >[!NOTE]
+    >There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time. 
+7. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there is no notification that provisioning or script execution has completed
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Settings changed when you uninstall a provisioning package](provisioning-uninstall-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)

windows/deploy/provisioning-uninstall-package.md

@@ -0,0 +1,98 @@
+---
+title: Settings changed when you uninstall a provisioning package (Windows 10)
+description: This topic lists the settings that are reverted when you uninstall a provisioning package.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Settings changed when you uninstall a provisioning package
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+When you uninstall a provisioning package, only certain settings are revertible. This topic lists the settings that are reverted when you uninstall a provisioning package.
+
+
+As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
+
+When a provisioning package is uninstalled, some of its settings are reverted, which means the value for the setting is changed to the next available or default value. Not all settings, however, are revertible. 
+
+Only settings in the following lists are revertible. 
+
+## Registry-based settings
+
+The registry-based settings that are revertible when a provisioning package is uninstalled all fall under these categories, which you can find in the Graphical User Interface of the Windows Imaging and Configuration Designer (Windows ICD). 
+
+
+- [Wi-Fi Sense](https://msdn.microsoft.com/library/windows/hardware/mt219706.aspx)
+- [CountryAndRegion](https://msdn.microsoft.com/library/windows/hardware/mt219726.aspx)
+- DeviceManagement / PGList/ LogicalProxyName
+- UniversalAppInstall / LaunchAppAtLogin
+- [Power](https://msdn.microsoft.com/library/windows/hardware/dn953704.aspx)
+- [TabletMode](https://msdn.microsoft.com/library/windows/hardware/mt297550.aspx) 
+- [Maps](https://msdn.microsoft.com/library/windows/hardware/mt131464.aspx) 
+- [Browser](https://msdn.microsoft.com/library/windows/hardware/mt573151.aspx)
+- [DeviceFormFactor](https://msdn.microsoft.com/library/windows/hardware/mt243449.aspx) 
+- [USBErrorsOEMOverride](https://msdn.microsoft.com/library/windows/hardware/mt769908.aspx) 
+- [WeakCharger](https://msdn.microsoft.com/library/windows/hardware/mt346401.aspx) 
+
+
+
+## CSP-based settings
+
+Here is the list of revertible settings based on configuration service providers (CSPs). 
+
+[ActiveSync CSP](https://msdn.microsoft.com/library/windows/hardware/dn920017.aspx) 
+[AppLocker CSP](https://msdn.microsoft.com/library/windows/hardware/dn920019.aspx)  
+[BrowserFavorite CSP](https://msdn.microsoft.com/library/windows/hardware/dn914758.aspx)   
+[CertificateStore CSP](https://msdn.microsoft.com/library/windows/hardware/dn920021.aspx) 
+[ClientCertificateInstall CSP](https://msdn.microsoft.com/library/windows/hardware/dn920023.aspx)   
+[RootCATrustedCertificates CSP](https://msdn.microsoft.com/library/windows/hardware/dn904970.aspx)   
+[CM_CellularEntries CSP](https://msdn.microsoft.com/library/windows/hardware/dn914761.aspx)   
+[CM_ProxyEntries CSP](https://msdn.microsoft.com/library/windows/hardware/dn914762.aspx)   
+[CMPolicy CSP](https://msdn.microsoft.com/library/windows/hardware/dn914760.aspx)   
+[CMPolicyEnterprise CSP](https://msdn.microsoft.com/library/windows/hardware/mt706463.aspx)   
+[EMAIL2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn904953.aspx)   
+[EnterpriseAPN CSP](https://msdn.microsoft.com/library/windows/hardware/dn958617.aspx)   
+[EnterpriseAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn904955.aspx)   
+[EnterpriseDesktopAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn958620.aspx)   
+[EnterpriseModernAppManagement CSP](https://msdn.microsoft.com/library/windows/hardware/dn904956.aspx)   
+[NAP CSP](https://msdn.microsoft.com/library/windows/hardware/dn914767.aspx)   
+[PassportForWork CSP](https://msdn.microsoft.com/library/windows/hardware/dn987099.aspx)   
+[Provisioning CSP](https://msdn.microsoft.com/library/windows/hardware/mt203665.aspx)   
+[PROXY CSP](https://msdn.microsoft.com/library/windows/hardware/dn914770.aspx)   
+[SecureAssessment CSP](https://msdn.microsoft.com/library/windows/hardware/mt718628.aspx)   
+[VPN CSP](https://msdn.microsoft.com/library/windows/hardware/dn904978.aspx)   
+[VPNv2 CSP](https://msdn.microsoft.com/library/windows/hardware/dn914776.aspx)   
+[WiFi CSP](https://msdn.microsoft.com/library/windows/hardware/dn904981.aspx)   
+
+
+
+## Related topics
+
+- [Provisioning packages for Windows 10](provisioning-packages.md)
+- [How provisioning works in Windows 10](provisioning-how-it-works.md)
+- [Install Windows Imaging and Configuration Designer](provisioning-install-icd.md)
+- [Create a provisioning package](provisioning-create-package.md)
+- [Apply a provisioning package](provisioning-apply-package.md)
+- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
+- [Provision PCs with apps and certificates for initial deployments (advanced provisioning)](provision-pcs-with-apps-and-certificates.md)
+- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
+- [NFC-based device provisioning](provisioning-nfc.md)
+- [Windows ICD command-line interface (reference)](provisioning-command-line.md)
+- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+
+ 
+
+ 
+
+
+
+
+

windows/deploy/troubleshoot-upgrade-analytics.md

@@ -1,19 +1,19 @@
----
+---
 title: Troubleshoot Upgrade Analytics (Windows 10)
 description: Provides troubleshooting information for Upgrade Analytics.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
 # Troubleshoot Upgrade Analytics
 
-If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error. 
+If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error.
 
 If you still don’t see data in Upgrade Analytics, follow these steps:
 
 1.  Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
 
-2.  Edit the script as described in [Run the Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script).
+2.  Edit the script as described in [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md).
 
 3.  Check that isVerboseLogging is set to $true.
 
@@ -25,9 +25,14 @@ If you still don’t see data in Upgrade Analytics, follow these steps:
 
 If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps:
 
-1.  Unsubscribe from the Upgrade Analytics solution in the OMS portal.
+1.  Unsubscribe from the Upgrade Analytics solution in the OMS portal. In the OMS portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
 
-2.  Disable the Customer Experience Improvement Program on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to Security.
+  ![Upgrade Analytics unsubscribe](images/upgrade-analytics-unsubscribe.png)
 
-3.  Delete the CommercialDataOptin key in *HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection*
+2.  Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to **Security**:
 
+  **Windows 7 and Windows 8.1**: Delete CommercialDataOptIn registry property from *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*
+  **Windows 10**: Follow the instructions in the [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization#enterprise-management) topic.
+
+3.	If you enabled **Internet Explorer Site Discovery**, you can disable Internet Explorer data collection by setting the *IEDataOptIn* registry key to value "0".  The IEDataOptIn key can be found under: *HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection*.
+4.	You can also remove the “CommercialId” key from: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection". **This is an optional step**.

windows/deploy/update-windows-10-images-with-provisioning-packages.md

@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages
 ---
 
 # Update Windows 10 images with provisioning packages

windows/deploy/upgrade-analytics-additional-insights.md

@@ -0,0 +1,81 @@
+---
+title: Upgrade Analytics - Additional insights
+description: Explains additional features of Upgrade Analytics.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Analytics - Additional insights
+
+This topic provides information on additional features that are available in Upgrade Analytics to provide insights into your environment. These include:
+
+- [Site discovery](#site-discovery): An inventory of web sites that are accessed by client computers running Windows 7 or Windows 8.1 using Internet Explorer.
+- [Office add-ins](#office-add-ins): A list of the Microsoft Office add-ins that are installed on client computers.
+
+## Site discovery
+
+The site discovery feature in Upgrade Analytics provides an inventory of web sites that are accessed by client computers using Internet Explorer on Windows 8.1 and Windows 7. Site discovery does not include sites that are accessed using other Web browsers, such as Microsoft Edge. Site inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data.
+
+> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
+
+### Install prerequisite security update for Internet Explorer
+
+Ensure the following prerequisites are met before using site discovery:
+
+1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. 
+2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
+3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) to allow Internet Explorer data collection before you run it. 
+
+    If necessary, you can also enable it by creating the following registry entry. 
+
+    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection 
+
+    Entry name: IEDataOptIn
+
+    Data type: DWORD
+
+    Values:
+
+    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+    >
+    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+    >
+    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+    >
+    > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+    For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). 
+
+    ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
+
+### Review most active sites
+
+This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
+
+For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. 
+
+![Most active sites](Images/upgrade-analytics-most-active-sites.png) 
+
+Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. 
+
+![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
+
+### Review document modes in use 
+
+This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
+
+![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
+
+### Run browser-related queries 
+
+You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. 
+
+![](images/upgrade-analytics-query-activex-name.png)
+
+## Office add-ins
+
+Office add-ins provides a list of the Microsoft Office add-ins in your environment, and enumerates the computers that have these add-ins installed.  This information should not affect the upgrade decision workflow, but can be helpful to an administrator.
+
+## Related topics
+
+[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)

windows/deploy/upgrade-analytics-architecture.md

@@ -2,7 +2,7 @@
 title: Upgrade Analytics architecture (Windows 10)
 description: Describes Upgrade Analytics architecture.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
 # Upgrade Analytics architecture
@@ -19,16 +19,12 @@ After you enable Windows telemetry on user computers and install the compatibili
 
 For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
 
-[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
-
-[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
-
-[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)<BR>
+[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)<BR>
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)<BR>
 
 ##**Related topics**
 
-[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
-
-[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
-
-[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
+[Upgrade Analytics requirements](upgrade-analytics-requirements.md)<BR>
+[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)<BR>
+[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)<BR>

windows/deploy/upgrade-analytics-deploy-windows.md

@@ -2,25 +2,96 @@
 title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
 description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
-# Upgrade Analytics - Get a list of computers that are upgrade ready
-
-All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready.
+# Upgrade Analytics - Step 3: Deploy Windows
 
+All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready. 
 The blades in the **Deploy** section are:
 
+- [Deploy eligible computers](#deploy-eligible-computers)
+- [Deploy computers by group](#computer-groups) 
+
+>Computers that are listed in this step are assigned an **UpgradeDecision** value, and the total count of computers in each upgrade decision category is displayed. Additionally, computers are assigned an **UpgradeAssessment** value. This value is displayed by drilling down into a specific upgrade decision category. For information about upgrade assessment values, see [Upgrade assessment](#upgrade-assessment).
+
 ## Deploy eligible computers
 
-Computers grouped by deployment decision are listed.
+In this blade, computers grouped by upgrade decision are listed. The upgrade decision on the machines is a calculated value based on the upgrade decision status for the apps and drivers installed on the computer.  This value cannot be modified directly. The upgrade decision is calculated in the following ways:
+- **Review in progress**:  At least one app or driver installed on the computer is marked **Review in progress**.
+- **Ready to upgrade**:  All apps and drivers installed on the computer are marked as **Ready to Upgrade**.
+- **Won’t upgrade**:  At least one app or driver installed on the computer is marked as **Won’t upgrade**, or a system requirement is not met.
 
 <!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
 <img src="media/image9.png" width="195" height="316" />
 -->
 
-![Deploy eligible computers](images/upgrade-analytics-deploy-eligible.png)
+![Deploy eligible computers](images/ua-cg-16.png)
 
 Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
 
 >**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
+
+## Computer groups
+
+Computer groups allow you to segment your environment by creating device groups based on OMS log search results, or by importing groups from Active Directory, WSUS or System Center Configuration Manager. Computer groups are an OMS feature. For more information, see [Computer groups in OMS](https://blogs.technet.microsoft.com/msoms/2016/04/04/computer-groups-in-oms/).
+
+Query based computer groups are recommended in the initial release of this feature. A feature known as **Configuration Manager Upgrade Analytics Connector** is anticipated in a future release that will enable synchronization of **ConfigMgr Collections** with computer groups in OMS.
+
+### Getting started with Computer Groups
+
+When you sign in to OMS, you will see a new blade entitled **Computer Groups**. See the following example:
+
+![Computer groups](images/ua-cg-01.png)
+
+To create a computer group, open **Log Search** and create a query based on **Type=UAComputer**, for example:
+
+```
+Type=UAComputer Manufacturer=DELL
+```
+
+![Computer groups](images/ua-cg-02.png)
+
+When you are satisfied that the query is returning the intended results, add the following text to your search:
+
+```
+| measure count() by Computer
+```
+
+This will ensure every computer only shows up once. Then, save your group by clicking **Save** and **Yes**. See the following example:
+
+![Computer groups](images/ua-cg-03.png)
+
+Your new computer group will now be available in Upgrade Analytics. See the following example:
+
+![Computer groups](images/ua-cg-04.png)
+
+### Using Computer Groups
+
+When you drill into a computer group, you will see that computers are categorized by **UpgradeDecision**. For computers with the status **Review in progress** or **Won’t upgrade** you can drill down to view issues that cause a computer to be in each category, or you can simply display a list of the computers in the category. For computers that are designated **Ready to upgrade**, you can go directly to the list of computers that are ready.
+
+![Computer groups](images/ua-cg-05.png)
+
+Viewing a list of computers in a certain status is self-explanatory, Let’s look at what happens when you click the details link on **Review in progress**:
+
+![Computer groups](images/ua-cg-06.png)
+
+Next, select if you want to see application issues (**UAApp**) or driver issues (**UADriver**). See the following example of selecting **UAApp**:
+
+![Computer groups](images/ua-cg-07.png)
+
+A list of apps that require review so that Dell Computers are ready for upgrade to Windows 10 is displayed.
+
+### Upgrade assessment
+
+Upgrade assessment and guidance details are explained in the following table.
+
+| Upgrade assessment    | Action required before or after upgrade pilot? | Issue    | What it means   | Guidance      |
+|-----------------------|------------------------------------------------|----------|-----------------|---------------|
+| No known issues                                 | No                                             | None                                             | Computers will upgrade seamlessly.<br>                                                                                                                                         | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot, fixed during upgrade               | No, for awareness only                         | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot with new driver from Windows Update | Yes                                            | Driver will not migrate to new OS                | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update.                    | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
+
+Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
+
+>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.

windows/deploy/upgrade-analytics-deployment-script.md

@@ -0,0 +1,103 @@
+---
+title: Upgrade Analytics deployment script (Windows 10)
+description: Deployment script for Upgrade Analytics.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+# Upgrade Analytics deployment script
+
+To automate the steps provided in [Get started with Upgrade Analytics](upgrade-analytics-get-started.md), and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
+
+For detailed information about using the upgrade analytics deployment script, also see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).
+
+> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
+
+The Upgrade Analytics deployment script does the following:
+
+1.  Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
+2.  Verifies that user computers can send data to Microsoft.
+3.  Checks whether the computer has a pending restart.  
+4.  Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
+5.  If enabled, turns on verbose mode for troubleshooting.
+6.  Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
+7.  If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
+
+To run the Upgrade Analytics deployment script:
+
+1.  Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly.  Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
+
+2.  Edit the following parameters in RunConfig.bat:
+
+    1.  Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
+
+    2.  Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
+
+    3.  By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
+
+        > *logMode = 0 log to console only*
+>
+        > *logMode = 1 log to file and console*
+>
+        > *logMode = 2 log to file only*
+
+3.  To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
+
+    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
+    >
+    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
+    >
+    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
+    >
+    > *IEOptInLevel = 3 Data collection is enabled for all sites*
+
+4.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script.  If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
+
+<div id="error-codes"></div>
+
+The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
+
+<div style='font-size:10.0pt'>
+
+<TABLE border=1 cellspacing=0 cellpadding=0>
+<TR><TH BGCOLOR="#a0e4fa">Exit code<TH BGCOLOR="#a0e4fa">Meaning<TH BGCOLOR="#a0e4fa">Suggested fix
+<TR><TD>0<TD>Success<TD>
+<TR><TD>1<TD>Unexpected error occurred while executing the script<TD> The files in the deployment script are likely corrupted.  Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
+<TR><TD>2<TD>Error when logging to console. $logMode = 0.<TD> Try changing the $logMode value to **1** and try again.
+<TR><TD>3<TD>Error when logging to console and file. $logMode = 1.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+<TR><TD>4<TD>Error when logging to file. $logMode = 2.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+<TR><TD>5<TD>Error when logging to console and file. $logMode = unknown.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
+<TR><TD>6<TD>The commercialID parameter is set to unknown. Modify the script.<TD>Set the value for CommercialID in runconfig.bat file.
+<TR><TD>8<TD>Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. <TD> Verify that the configuration script has access to this location.
+<TR><TD>9<TD>Error when writing CommercialId to registry.<TD>Verify that the configuration script has access to this location.
+<TR><TD>10<TD>Error when writing CommercialDataOptIn to registry.<TD>Verify that the configuration script has access to this location.
+<TR><TD>11<TD>Function -SetupCommercialId: Unexpected failure.<TD>Verify that the configuration script has access to this location.
+<TR><TD>12<TD>Can’t connect to Microsoft – Vortex. Check your network/proxy settings.<TD>Verify that the required endpoints are whitelisted correctly.
+<TR><TD>13<TD>Can’t connect to Microsoft – setting. <TD>Verify that the required endpoints  are whitelisted correctly.
+<TR><TD>14<TD>Can’t connect to Microsoft – compatexchange.<TD> Verify that the required endpoints are whitelisted.
+<TR><TD>15<TD>Error connecting to Microsoft:Unexpected failure.<TD>
+<TR><TD>16<TD>Machine requires reboot.<TD> The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
+<TR><TD>17<TD>Function -CheckRebootRequired: Unexpected failure.<TD>The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
+<TR><TD>18<TD>Outdated compatibility update KB package. Update via Windows Update/WSUS.<TD>
+The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1.
+<TR><TD>19<TD>The compatibility update failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the [latest script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) from the download center and try again.
+<TR><TD>20<TD>Error writing RequestAllAppraiserVersions registry key.<TD> This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
+<TR><TD>21<TD>Function – SetRequestAllAppraiserVersions: Unexpected failure.<TD>This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
+<TR><TD>22<TD>RunAppraiser failed with unexpected exception.<TD> Check %windir%\System32 directory for a file called CompatTelRunner.exe.  If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file.
+<TR><TD>23<TD>Error finding system variable %WINDIR%.<TD> Make sure that this environment variable is available on the machine.
+<TR><TD>24<TD>SetIEDataOptIn failed when writing IEDataOptIn to registry.<TD> Verify that the deployment script in running in a context that has access to the registry key.
+<TR><TD>25<TD>SetIEDataOptIn failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
+<TR><TD>26<TD>The operating system is Server or LTSB SKU.<TD> The script does not support Server or LTSB SKUs.
+<TR><TD>27<TD>The script is not running under System account.<TD>The Upgrade Analytics configuration script must be run as system.  
+<TR><TD>28<TD>Could not create log file at the specified logPath.<TD> Make sure the deployment script has access to the location specified in the logPath parameter.
+<TR><TD>29<TD> Connectivity check failed for proxy authentication. <TD> Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+<TR><TD>30<TD>Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled.<TD> The `DisableEnterpriseAuthProxy` setting is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` setting to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
+<TR><TD>31<TD>There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. <TD>  Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script.  
+**The Upgrade Analytics task is scheduled to run daily at 3 a.m.**
+</TABLE>
+
+</div>
+

windows/deploy/upgrade-analytics-get-started.md

@@ -10,9 +10,25 @@ author: greg-lindsay
 
 # Get started with Upgrade Analytics
 
-This topic explains how to obtain and set up Upgrade Analytics components. If you haven’t done so already, see [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements) for information about requirements for using Upgrade Analytics. Also, check out the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics) for new announcements and helpful tips for using Upgrade Analytics.  
+This topic explains how to obtain and configure Upgrade Analytics for your organization. 
 
-You can use Upgrade Analytics to plan and manage your upgrade project end to end. After you’ve established communications between user computers and Microsoft, Upgrade Analytics collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
+You can use Upgrade Analytics to plan and manage your upgrade project end-to-end. Upgrade Analytics works by establishing communications between computers in your organization and Microsoft. Upgrade Analytics collects computer, application, and driver data for analysis. This data is used to identify compatibility issues that can block your upgrade and to suggest fixes that are known to Microsoft.
+
+Before you begin, consider reviewing the following helpful information:<BR>
+    - [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements): Provides detailed requirements to use Upgrade Analytics.<BR>
+    - [Upgrade Analytics blog](https://blogs.technet.microsoft.com/UpgradeAnalytics): Contains announcements of new features and provides helpful tips for using Upgrade Analytics.
+
+>If you are using System Center Configuration Manager, also check out information about how to integrate Upgrade Analytics with Configuration Manager: [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
+When you are ready to begin using Upgrade Analytics, perform the following steps:
+
+1. Review [data collection and privacy](#data-collection-and-privacy) information.
+2. [Add Upgrade Analytics to OMS](#add-upgrade-analytics-to-operations-management-suite).
+3. [Enable data sharing](#enable-data-sharing).
+4. [Deploy required updates](#deploy-the-compatibility-update-and-related-kbs) to computers, and validate using a pilot deployment.
+5. [Deploy Upgrade Analytics at scale](#deploy-upgrade-analytics-at-scale).
+
+## Data collection and privacy 
 
 To enable system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see the following topics:
 
@@ -20,13 +36,6 @@ To enable system, application, and driver data to be shared with Microsoft, you
 - [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
 - [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
 
-To configure Upgrade Analytics, you’ll need to:
-
--   Add the Upgrade Analytics solution to a workspace in the Operations Management Suite portal
--   Establish communications and enable data sharing between your organization and Microsoft
-
-Each task is explained in detail in the following sections.
-
 ## Add Upgrade Analytics to Operations Management Suite
 
 Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
@@ -36,11 +45,8 @@ If you are already using OMS, you’ll find Upgrade Analytics in the Solutions G
 If you are not using OMS:
 
 1.  Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
-
 2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
-
 3.  Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
-
 4.  If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
 
     > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
@@ -49,11 +55,7 @@ If you are not using OMS:
 
 2.  Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens.
 
-## Enable data sharing between your organization and Upgrade Analytics
-
-After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, complete the following tasks to establish communication and enable data sharing between user computers, Microsoft secure data centers, and Upgrade Analytics.
-
-## Generate your commercial ID key
+### Generate your commercial ID key
 
 Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
 
@@ -65,7 +67,7 @@ Microsoft uses a unique commercial ID to map information from user computers to
 
     >**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
 
-## Subscribe to Upgrade Analytics
+### Subscribe to Upgrade Analytics
 
 For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics.
 
@@ -73,15 +75,15 @@ For Upgrade Analytics to receive and display upgrade readiness data from Microso
 
 1.  Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics.
 
-## Whitelist select endpoints
+## Enable data sharing
 
 To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
 
-Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688)to learn what you need to do to run it under the logged on user account.
+Note: The compatibility update KB runs under the computer’s system account. If you are using user authenticated proxies, read [this blog post](https://go.microsoft.com/fwlink/?linkid=838688) to learn what you need to do to run it under the logged on user account.
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10.vortex-win.data.microsoft.com/collect/v1`  <br><br>                       `https://Vortex-win.data.microsoft.com/health/keepalive`                                                                                                      | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
+| `https://v10.vortex-win.data.microsoft.com/collect/v1`<br>`https://Vortex-win.data.microsoft.com/health/keepalive`                                                                                                      | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
 | `https://settings.data.microsoft.com/qos`                                                                                                                                  | Enables the compatibility update KB to send data to Microsoft.                                                                       |
 | `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc`                                         | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
 
@@ -92,8 +94,8 @@ The compatibility update KB scans your computers and enables application usage t
 
 | **Operating System** | **KBs** |
 |----------------------|-----------------------------------------------------------------------------|
-| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513.   |
-| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
+| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513.   |
+| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br><BR>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2952664 must be installed before you can download and install KB3150513. |
 
 IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
 
@@ -103,111 +105,26 @@ If you are planning to enable IE Site Discovery, you will need to install a few
 |----------------------|-----------------------------------------------------------------------------|
 | [Review site discovery](upgrade-analytics-review-site-discovery.md)         | [KB3080149](http://www.catalog.update.microsoft.com/Search.aspx?q=3080149)<br>Updates the Diagnostic and Telemetry tracking service to existing devices. This update is only necessary on Windows 7 and Windows 8.1 devices. <br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br><br>Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update.  |
 
+### Deploy the Upgrade Analytics deployment script
 
+You can use the Upgrade Analytics deployment script to automate and verify your deployment. 
+
+See [Upgrade Analytics deployment script](upgrade-analytics-deployment-script.md) for information on obtaining and running the script, and for a description of the error codes that can be displayed.
+
+>After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+
+## Deploy Upgrade Analytics at scale
+
+When you have completed a pilot deployment, you are ready to automate data collection and distribute the deployment script to the remaining computers in your organization.
 
 ### Automate data collection
 
 To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
 
--   Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
--   Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again.
--   Schedule monthly user computer scans to view monthly active computer and usage information.
+- Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
+- Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again.
+- Schedule monthly user computer scans to view monthly active computer and usage information.
 
-## Run the Upgrade Analytics deployment script
+### Distribute the deployment script at scale
 
-To automate many of the steps outlined above and to troubleshoot data sharing issues, you can run the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409), developed by Microsoft.
-
-> The following guidance applies to version 11.11.16 or later of the Upgrade Analytics deployment script. If you are using an older version, please download the latest from [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
-
-The Upgrade Analytics deployment script does the following:
-
-1.  Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
-
-2.  Verifies that user computers can send data to Microsoft.
-
-3.  Checks whether the computer has a pending restart.  
-
-4.  Verifies that the latest version of KB package 10.0.x is installed (version 10.0.14348 or later is required, but version 10.0.14913 or later is recommended).
-
-5.  If enabled, turns on verbose mode for troubleshooting.
-
-6.  Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
-
-7.  If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
-
-To run the Upgrade Analytics deployment script:
-
-1.  Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. Inside, there are two folders: Pilot and Deployment. The Pilot folder contains advanced logging that can help troubleshoot issues and is intended to be run from an elevated command prompt. The Deployment folder offers a lightweight script intended for broad deployment through ConfigMgr or other software deployment system. We recommend manually running the Pilot version of the script on 5-10 machines to verify that everything is configured correctly.  Once you have confirmed that data is flowing successfully, proceed to run the Deployment version throughout your organization.
-
-2.  Edit the following parameters in RunConfig.bat:
-
-    1.  Provide a storage location for log information. You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory. Example: %SystemDrive%\\UADiagnostics
-
-    2.  Input your commercial ID key. This can be found in your OMS workspace under Settings -> Connected Sources -> Windows Telemetry.
-
-    3.  By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
-
-        > *logMode = 0 log to console only*
->
-        > *logMode = 1 log to file and console*
->
-        > *logMode = 2 log to file only*
-
-3.  To enable Internet Explorer data collection, set AllowIEData to IEDataOptIn. By default, AllowIEData is set to Disable. Then use one of the following options to determine what Internet Explorer data can be collected:
-
-    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
-    >
-    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
-    >
-    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
-    >
-    > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
-4.  After you finish editing the parameters in RunConfig.bat, you are ready to run the script.  If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
-
-The deployment script displays the following exit codes to let you know if it was successful, or if an error was encountered.
-
-<div style='font-size:10.0pt'>
-
-<TABLE border=1 cellspacing=0 cellpadding=0>
-<TR><TH BGCOLOR="#a0e4fa">Exit code<TH BGCOLOR="#a0e4fa">Meaning<TH BGCOLOR="#a0e4fa">Suggest fix
-<TR><TD>0<TD>Success<TD>
-<TR><TD>1<TD>Unexpected error occurred while executing the script<TD> The files in the deployment script are likely corrupted.  Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
-<TR><TD>2<TD>Error when logging to console. $logMode = 0.<TD> Try changing the $logMode value to **1** and try again.
-<TR><TD>3<TD>Error when logging to console and file. $logMode = 1.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>4<TD>Error when logging to file. $logMode = 2.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>5<TD>Error when logging to console and file. $logMode = unknown.<TD>Verify that you have set the logPath parameter in RunConfig.bat, and that the configuration script has access to connect and write to this location.
-<TR><TD>6<TD>The commercialID parameter is set to unknown. Modify the script.<TD>Set the value for CommercialID in runconfig.bat file.
-<TR><TD>8<TD>Failure to create registry key path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection. <TD> Verify that the configuration script has access to this location.
-<TR><TD>9<TD>Error when writing CommercialId to registry.<TD>Verify that the configuration script has access to this location.
-<TR><TD>10<TD>Error when writing CommercialDataOptIn to registry.<TD>Verify that the configuration script has access to this location.
-<TR><TD>11<TD>Function -SetupCommercialId: Unexpected failure.<TD>Verify that the configuration script has access to this location.
-<TR><TD>12<TD>Can’t connect to Microsoft – Vortex. Check your network/proxy settings.<TD>Verify that the required endpoints are whitelisted correctly.
-<TR><TD>13<TD>Can’t connect to Microsoft – setting. <TD>Verify that the required endpoints  are whitelisted correctly.
-<TR><TD>14<TD>Can’t connect to Microsoft – compatexchange.<TD> Verify that the required endpoints are whitelisted.
-<TR><TD>15<TD>Error connecting to Microsoft:Unexpected failure.<TD>
-<TR><TD>16<TD>Machine requires reboot.<TD> The reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
-<TR><TD>17<TD>Function -CheckRebootRequired: Unexpected failure.<TD>he reboot is required to complete the installation of the compatibility update and related KBs. Reboot the machine before running the Upgrade Analytics deployment script.
-<TR><TD>18<TD>Outdated compatibility update KB package. Update via Windows Update/WSUS.<TD>
-The configuration script detected a version of the Compatibility update module that is older than the minimum required to correctly collect the data required by Upgrade Analytics solution. Use the latest version of the Compatibility update for Windows 7 SP1/Windows 8.1.
-<TR><TD>19<TD>The compatibility update failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
-<TR><TD>20<TD>Error writing RequestAllAppraiserVersions registry key.<TD> This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
-<TR><TD>21<TD>Function – SetRequestAllAppraiserVersions: Unexpected failure.<TD>This registry key is required for data collection to work correctly. Verify that the configuration script has access to this location.
-<TR><TD>22<TD>RunAppraiser failed with unexpected exception.<TD> Check %windr%\System32 directory for a file called CompatTelRunner.exe.  If the file does not exist, reinstall the required compatibility updates which include this file, and check your organization group policy to make sure it does not remove this file.
-<TR><TD>23<TD>Error finding system variable %WINDIR%.<TD> Make sure that this environment variable is available on the machine.
-<TR><TD>24<TD>SetIEDataOptIn failed when writing IEDataOptIn to registry.<TD> Verify that the deployment script in running in a context that has access to the registry key.
-<TR><TD>25<TD>SetIEDataOptIn failed with unexpected exception.<TD> The files in the deployment script are likely corrupted.  Download the latest script from the [download center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and try again.
-<TR><TD>26<TD>The operating system is Server or LTSB SKU.<TD> The script does not support Server or LTSB SKUs.
-<TR><TD>27<TD>The script is not running under System account.<TD>The Upgrade Analytics configuration script must be run as system.  
-<TR><TD>28<TD>Could not create log file at the specified logPath.<TD> Make sure the deployment script has access to the location specified in the logPath parameter.
-<TR><TD>29<TD> Connectivity check failed for proxy authentication. <TD> Install the cumulative updates on the machine and enable the `DisableEnterpriseAuthProxy` authentication proxy setting. The `DisableEnterpriseAuthProxy` is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` to **0** (not disabled). For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
-<TR><TD>30<TD>Connectivity check failed. Registry key property `DisableEnterpriseAuthProxy` is not enabled.<TD> The `DisableEnterpriseAuthProxy` is enabled by default for Windows 7.  For Windows 8.1 machines, set the `DisableEnterpriseAuthProxy` to **0** (not disabled).For more information on authentication proxy support, see [this blog post](https://go.microsoft.com/fwlink/?linkid=838688).
-<TR><TD>30<TD>There is more than one instance of the Upgrade Analytics data collector running at the same time on this machine. <TD>  Use the Windows Task Manager to check if CompatTelRunner.exe is running, and wait until it has completed to rerun the script.  
-**The Upgrade Analytics task is scheduled to run daily at 3 a.m.**
-</TABLE>
-
-</div>
-
-## Seeing data from computers in Upgrade Analytics
-
-After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Analytics deployment script at scale. For more information, see the [Upgrade Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/).

windows/deploy/upgrade-analytics-identify-apps.md

@@ -0,0 +1,36 @@
+---
+title: Upgrade Analytics - Identify important apps (Windows 10)
+description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Analytics - Step 1: Identify important apps
+
+This is the first step of the Upgrade Analytics workflow. In this step, applications are listed and grouped by importance level. Setting the importance level enables you to prioritize applications for upgrade.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image5.png" width="213" height="345" />
+-->
+
+![Prioritize applications](images/upgrade-analytics-prioritize.png)
+
+Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
+
+To change an application’s importance level:
+
+1.  Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level.
+2.  Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
+3.  Click **Save** when finished.
+
+Importance levels include:
+
+| Importance level   | When to use it   | Recommendation   |
+|--------------------|------------------|------------------|
+| Low install count  | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. For example, payroll apps or tax accounting apps tend to be installed on a relatively small number of machines but are still considered business critical applications.<br><br>                                                                                                                                                                                                 |
+| Not reviewed       | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you set their importance level.<br><br>                                                                                                                                              | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.                                                                                                                                                                      |
+| Business critical  | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**. <br><br>                                                                                                                                                                    | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
+| Important          | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**.                                                                                                                                                                          | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>         |
+| Ignore             | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br>                                  | Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing. If you set the importance level to ignore, and this is an app that you are not planning on testing or validating, consider changing the upgrade decision to **Ready to upgrade**.  By marking these apps ready to upgrade, you are indicating that you are comfortable upgrading with the app remaining in its current state.<br><br>                                                                       |
+| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br>                                                                                                                                                                                 | As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br>                                               |
+

windows/deploy/upgrade-analytics-prepare-your-environment.md

@@ -1,116 +1,4 @@
 ---
-title: Upgrade Analytics - Prepare your environment (Windows 10)
-description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
-ms.prod: w10
-author: MaggiePucciEvans
----
-
-# Upgrade Analytics - Prepare your environment
-
-This section of the Upgrade Analytics workflow reports your computer and application inventory and lists computers that you can use in a pilot with no known issues or with fixable driver issues. Additionally, you can determine the priority level of applications to indicate which applications the team should focus on to get them upgrade ready.
-
-The blades in the **Prepare your environment** section are:
-
-## Upgrade overview
-
-Displays the total count of computers sharing data with Microsoft and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
-
-Check this blade for data refresh status, including the date and time of the most recent data update and whether user changes are reflected. If a user change is pending when changing the upgrade assessment or importance level of an application or driver, **Data refresh pending** is displayed in orange. User changes are processed once every 24 hours and read **Up to date** in green when there are no pending changes.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image3.png" width="214" height="345" />
--->
-
-![Upgrade overview](images/upgrade-analytics-overview.png)
-
-Select **Total computers** for a list of computers and details about them, including:
-
--   Computer ID and computer name
-
--   Computer manufacturer
-
--   Computer model
-
--   Operating system version and build
-
--   Count of system requirement, application, and driver issues per computer
-
--   Upgrade assessment based on analysis of computer telemetry data
-
--   Upgrade decision status
-
-Select **Total applications** for a list of applications discovered on user computers and details about them, including:
-
--   Application vendor
-
--   Application version
-
--   Count of computers the application is installed on
-
--   Count of computers that opened the application at least once in the past 30 days
-
--   Percentage of computers in your total computer inventory that opened the application in the past 30 days
-
--   Issues detected, if any
-
--   Upgrade assessment based on analysis of application data
-   
--   Roll up level
-
-## Run a pilot
-
-Computers with no known issues and computers with fixable driver issues are listed, grouped by upgrade assessment. We recommend that you use these computers to test the impact of upgrading.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image4.png" width="203" height="326" />
--->
-
-![Run a pilot](images/upgrade-analytics-pilot.png)
-
-Before you start your pilot project, be sure to review upgrade assessment and guidance details, explained in more detail in the table below.
-
-| Upgrade assessment    | Action required before or after upgrade pilot? | Issue    | What it means   | Guidance      |
-|-----------------------|------------------------------------------------|----------|-----------------|---------------|
-| No known issues                                 | No                                             | None                                             | Computers will upgrade seamlessly.<br>                                                                                                                                         | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
-| OK to pilot, fixed during upgrade               | No, for awareness only                         | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
-| OK to pilot with new driver from Windows Update | Yes                                            | Driver will not migrate to new OS                | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update.                    | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
-
-Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
-
->**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
-
-See [Plan for Windows 10 deployment](http://technet.microsoft.com/itpro/windows/plan/index) for more information about ways to deploy Windows in your organization. Read about [how Microsoft IT deployed Windows as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade) for best practices using the in-place upgrade method.
-
-## Prioritize applications
-
-Applications are listed, grouped by importance level. Prioritizing your applications allows you to identify the ones that you will focus on preparing for upgrade.
-
-<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
-<img src="media/image5.png" width="213" height="345" />
--->
-
-![Prioritize applications](images/upgrade-analytics-prioritize.png)
-
-Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
-
-To change an application’s importance level:
-
-1.  Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level. Select **Table** to view the list in a table.
-
-2.  Select **User changes** to enable user input.
-
-3.  Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
-
-4.  Click **Save** when finished.
-
-Importance levels include:
-
-| Importance level   | When to use it   | Recommendation   |
-|--------------------|------------------|------------------|
-| Low install count  | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>                                                                                                                                                                                                 |
-| Not reviewed       | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you change the importance level.<br><br>These applications are also marked as **Not reviewed** in the **UpgradeDecision** column. <br>                                                                                                                                              | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.                                                                                                                                                                      |
-| Business critical  | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**. <br><br>                                                                                                                                                                    | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
-| Important          | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**.                                                                                                                                                                          | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>         |
-| Ignore             | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br>                                  | Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing.<br><br>You may also want to change the application’s status to **Not reviewed** or **Ready to upgrade** in the **UpgradeDecision** column. <br>                                                                           |
-| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br>                                                                                                                                                                                 | As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br>                                               |
-
+title: Upgrade Analytics - Identify important apps (Windows 10)
+redirect_url: upgrade-analytics-identify-apps
+---

windows/deploy/upgrade-analytics-requirements.md

@@ -2,7 +2,7 @@
 title: Upgrade Analytics requirements (Windows 10)
 description: Provides requirements for Upgrade Analytics.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
 # Upgrade Analytics requirements
@@ -33,6 +33,10 @@ If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](ht
 
 Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
 
+## System Center Configuration Manager integration
+
+Upgrade Analytics can be integrated with your installation of Configuration Manager. For more information, see [Integrate Upgrade Analytics with System Center Configuration Manager](https://docs.microsoft.com/sccm/core/clients/manage/upgrade/upgrade-analytics).
+
 ## Telemetry and data sharing 
 
 After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
@@ -41,19 +45,13 @@ See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields
 
 **Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
 
-`https://v10.vortex-win.data.microsoft.com/collect/v1`
-
-`https://vortex-win.data.microsoft.com/health/keepalive`
-
-`https://settings-win.data.microsoft.com/settings`
-
-`https://vortex.data.microsoft.com/health/keepalive`
-
-`https://settings.data.microsoft.com/qos`
-
-`https://go.microsoft.com/fwlink/?LinkID=544713`
-
-`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
+`https://v10.vortex-win.data.microsoft.com/collect/v1`<BR>
+`https://vortex-win.data.microsoft.com/health/keepalive`<BR>
+`https://settings-win.data.microsoft.com/settings`<BR>
+`https://vortex.data.microsoft.com/health/keepalive`<BR>
+`https://settings.data.microsoft.com/qos`<BR>
+`https://go.microsoft.com/fwlink/?LinkID=544713`<BR>
+`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`<BR>
 
 >**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
 

windows/deploy/upgrade-analytics-resolve-issues.md

@@ -2,10 +2,10 @@
 title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
 description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
-# Upgrade Analytics - Resolve application and driver issues
+# Upgrade Analytics - Step 2: Resolve app and driver issues
 
 This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
 
@@ -15,10 +15,10 @@ Upgrade decisions include:
 
 | Upgrade decision   | When to use it    | Guidance    |
 |--------------------|-------------------|-------------|
-| Not reviewed       | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress.** <br><br> <br>                                                                                                                                                                                      | Some applications are automatically assigned upgrade decisions based on information known to Microsoft. <br><br>All drivers are marked not reviewed by default.<br><br>                                                                                                                                                                                           |
-| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br>Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>                                                                                                                                                                                                          |
-| Ready to upgrade   | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is.                                                                                                                                                          | Applications with no known issues or with low installation rates are marked **Ready to upgrade** by default.<br><br>Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>All drivers are marked **Not reviewed** by default. <br> |
-| Won’t upgrade      | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination. <br><br>Use **Won’t upgrade** for applications and drivers you don’t want to upgrade. <br>                                                                                                                                                        | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**. <br><br>                                                                                                                                                                                                                    |
+| Not reviewed       | All drivers are marked as Not reviewed by default.<br><br>Any app that has not been marked **Low install count** will also have an upgrade decision of **Not reviewed** by default. <br>                                                                                                                                                                                      | Apps you have not yet reviewed or are waiting to review later should be marked as **Not reviewed**. When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br>                                                                                                                                                                                           |
+| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change its upgrade decision to **Review in progress**.<br><br>Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>                                                                                                                                                                                                          |
+| Ready to upgrade   | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is.                                                                                                                                                          | Applications with no known issues and with low installation rates are marked **Ready to upgrade** by default.<br><br>In Step 1, you might have marked some of your apps as **Ignore**.  These should be marked as **Ready to upgrade**. Apps with low installation rates are marked as **Ready to upgrade** by default.  Be sure to review any low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br> |
+| Won’t upgrade      | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination. <br><br>Use **Won’t upgrade** for applications and drivers that you do not work on your target operating system, or that you are unable to upgrade.<br>                                                                                                                                                        | If, during your investigation into an application or driver, you determine that they should not or cannot be upgraded, mark them **Won’t upgrade**. <br><br>                                                                                                                                                                                                                    |
 
 The blades in the **Resolve issues** section are:
 
@@ -26,7 +26,7 @@ The blades in the **Resolve issues** section are:
 - Review applications with no known issues
 - Review drivers with known issues
 
-As you review applications with known issues, you can also see ISV support of applications for [Ready for Windows](https://www.readyforwindows.com/).
+As you review applications with known issues, you can also see ISV support statements or applications using [Ready for Windows](https://www.readyforwindows.com/).
 
 ## Review applications with known issues
 
@@ -41,13 +41,9 @@ Applications with issues known to Microsoft are listed, grouped by upgrade asses
 To change an application's upgrade decision:
 
 1. Select **Decide upgrade readiness** to view applications with issues. 
-
-2. In the table view, sort on **UpgradeAssessment** to group applications into **Attention needed** and **Fix available**. 
-
-3. Select **User changes** to change the upgrade decision for each application.
-
+2. In the table view, select an **UpgradeDecision** value. 
+3. Select **Decide upgrade readiness** to change the upgrade decision for each application.
 4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
-
 5. Click **Save** when finished.  
 
 IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.

windows/deploy/upgrade-analytics-review-site-discovery.md

@@ -1,68 +1,7 @@
 ---
 title: Review site discovery
-description: Explains how to review internet web site discovery with Upgrade Analytics.
-ms.prod: w10
-author: Justinha
+redirect_url: upgrade-analytics-additional-insights
 ---
 
-# Review site discovery
-
-This section of the Upgrade Analytics workflow provides an inventory of web sites that are being used by client computers that run Internet Explorer on Windows 8.1 and Windows 7 in your environment. This inventory information is provided as optional data related to upgrading to Windows 10 and Internet Explorer 11, and is meant to help prioritize compatibility testing for web applications. You can make more informed decisions about testing based on usage data. Data from Microsoft Edge is not collected. 
-
-> Note: Site discovery data is disabled by default; you can find documentation on what is collected in the [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965). After you turn on this feature, data is collected on all sites visited by Internet Explorer, except during InPrivate sessions. In addition, the data collection process is silent, without notification to the employee. You are responsible for ensuring that your use of this feature complies with all applicable local laws and regulatory requirements, including any requirements to provide notice to employees.
-
-## Install prerequisite security update for Internet Explorer
-
-Ensure the following prerequisites are met before using site discovery:
-
-1. Install the latest [Windows Monthly Rollup](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup). This functionality has been included in Internet Explorer 11 starting with the July 2016 Cumulative Update. 
-2. Install the update for customer experience and diagnostic telemetery ([KB3080149](https://support.microsoft.com/kb/3080149)).
-3. Enable Internet Explorer data collection, which is disabled by default. The best way to enable it is to modify the [Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script) to allow Internet Explorer data collection before you run it. 
-
-    If necessary, you can also enable it by creating the following registry entry. 
-
-    HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\DataCollection 
-
-    Entry name: IEDataOptIn
-
-    Data type: DWORD
-
-    Values:
-
-    > *IEOptInLevel = 0 Internet Explorer data collection is disabled*
-    >
-    > *IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones*
-    >
-    > *IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones*
-    >
-    > *IEOptInLevel = 3 Data collection is enabled for all sites*
-
-    For more information about Internet Explorer Security Zones, see [About URL Security Zones](https://msdn.microsoft.com/library/ms537183.aspx). 
-
-    ![Create the IEDataOptIn registry key](images/upgrade-analytics-create-iedataoptin.png)
-
-## Review most active sites
-
-This blade indicates the most visited sites by computers in your environment. Review this list to determine which web applications and sites are used most frequently. The number of visits is based on the total number of views, and not by the number of unique devices accessing a page.
-
-For each site, the fully qualified domain name will be listed. You can sort the data by domain name or by URL. 
-
-![Most active sites](Images/upgrade-analytics-most-active-sites.png) 
-
-Click the name of any site in the list to drill down into more details about the visits, including the time of each visit and the computer name. 
-
-![Site domain detail](images/upgrade-analytics-site-domain-detail.png)
-
-## Review document modes in use 
-
-This blade provides information about which document modes are used in the sites that are visited in your environment. Document modes are used to provide compatibility with older versions of Internet Explorer. Sites that use older technologies may require additional testing and are less likely to be compatible with Microsoft Edge. Counts are based on total page views and not the number of unique devices. For more information about document modes, see [Deprecated document modes](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/deprecated-document-modes).
-
-![Site activity by document mode](images/upgrade-analytics-site-activity-by-doc-mode.png)
-
-## Run browser-related queries 
-
-You can run predefined queries to capture more info, such as sites that have Enterprise Mode enabled, or the number of unique computers that have visited a site. For example, this query returns the most used ActiveX controls. You can modify and save the predefined queries. 
-
-![](images/upgrade-analytics-query-activex-name.png)
 
 

windows/deploy/upgrade-analytics-upgrade-overview.md

@@ -0,0 +1,51 @@
+---
+title: Upgrade Analytics - Upgrade Overview (Windows 10)
+description: Displays the total count of computers sharing data and upgraded.
+ms.prod: w10
+author: greg-lindsay
+---
+
+# Upgrade Analytics - Upgrade overview
+
+The first blade in the Upgrade Analytics solution is the upgrade overview blade. This blade displays the total count of computers sharing data with Microsoft, and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
+
+The upgrade overivew blade displays data refresh status, including the date and time of the most recent data update and whether user changes are reflected. The following status changes are reflected on the upgrade overview blade:
+
+- Computers with incomplete data:
+    - Less than 4% = count is displayed in green.
+    - 4% - 10% = Count is displayed in amber.
+    - Greater than 10%  = Count is displayed in red.
+- Delay processing device inventory data = The "Last updated" banner is displayed in amber.
+- Pending user changes = User changes count displays "Data refresh pending" in amber.
+- No pending user changes = User changes count displays "Up to date" in green.
+
+In the following example, less than 4% of (3k\355k) computers have incomplete data, and there are no pending user changes:
+
+![Upgrade overview](images/ua-cg-17.png)
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image3.png" width="214" height="345" />
+-->
+
+If data processing is delayed, you can continue using your workspace as normal. However, any changes or additional information that is added might not be displayed. Data is typically refreshed and the display will return to normal again within 24 hours.
+
+Select **Total computers** for a list of computers and details about them, including:
+
+-   Computer ID and computer name
+-   Computer manufacturer
+-   Computer model
+-   Operating system version and build
+-   Count of system requirement, application, and driver issues per computer
+-   Upgrade assessment based on analysis of computer telemetry data
+-   Upgrade decision status
+
+Select **Total applications** for a list of applications discovered on user computers and details about them, including:
+
+-   Application vendor
+-   Application version
+-   Count of computers the application is installed on
+-   Count of computers that opened the application at least once in the past 30 days
+-   Percentage of computers in your total computer inventory that opened the application in the past 30 days
+-   Issues detected, if any
+-   Upgrade assessment based on analysis of application data
+-   Rollup level

windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md

@@ -2,27 +2,51 @@
 title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
 description: Describes how to use Upgrade Analytics to manage Windows upgrades.
 ms.prod: w10
-author: MaggiePucciEvans
+author: greg-lindsay
 ---
 
 # Use Upgrade Analytics to manage Windows upgrades
 
-This topic explains how to use the Upgrade Analytics solution to plan, manage, and deploy Windows upgrades.
+You can use Upgrade Analytics to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. Upgrade Analytics enables you to deploy Windows with confidence, knowing that you’ve addressed potential blocking issues.
 
-Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
+- Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
+- Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
 
-You and your IT team can use the Upgrade Analytics workflow to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. You can then export the list of upgrade-ready computers and start deploying Windows with confidence, knowing that you’ve addressed potential blocking issues.
+When you are ready to begin the upgrade process, a workflow is provided to guide you through critical high-level tasks. 
 
-Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
+<A HREF="images/ua-cg-15.png">![Workflow](images/ua-cg-15.png)</A>
 
-The Upgrade Analytics workflow gives you compatibility and usage information about computers, applications, and drivers and walks you through these high-level tasks. Each task is described in more detail in the topics that follow.
+Each step in the workflow is enumerated using blue tiles. Helpful data is provided on white tiles to help you get started, to monitor your progress, and to complete each step.
 
-1.  [Preparing your environment](upgrade-analytics-prepare-your-environment.md)
+>**Important**: You can use the [Target OS](#target-os) setting to evaluate computers that are runnign a specified version of Windows before starting the Upgrade Analytics workflow. By default, the Target OS is configured to the released version of Windows 10 for the Current Branch for Business (CBB).
 
-2.  [Resolving application and driver issues](upgrade-analytics-resolve-issues.md)
+The following information and workflow is provided:
 
-3.  [Identifying computers that are upgrade ready](upgrade-analytics-deploy-windows.md)
+- [Upgrade overview](upgrade-analytics-upgrade-overview.md): Review compatibility and usage information about computers, applications, and drivers.
+- [Step 1: Identify important apps](upgrade-analytics-identify-apps.md): Assign importance levels to prioritize your applications.
+- [Step 2: Resolve issues](upgrade-analytics-resolve-issues.md): Identify and resolve problems with applications.
+- [Step 3: Deploy](upgrade-analytics-deploy-windows.md): Start the upgrade process.
 
-4.  [Review site discovery](upgrade-analytics-review-site-discovery.md)
+Also see the following topic for information about additional items that can be affected by the upgrade process:
 
+- [Additional insights](upgrade-analytics-additional-insights.md): Find out which MS Office add-ins are installed, and review web site activity.
 
+## Target OS
+
+The target OS setting is used to evaluate the number of computers that are already running the default version of Windows 10, or a later version.
+
+As mentioned previously, the default target OS in Upgrade Analytics is set to the released version of the Current Branch for Business (CBB). CBB can be determined by reviewing [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx). The target OS setting is used to evaluate the number of computers that are already running this version of Windows, or a later version. 
+
+The number displayed under **Computers upgraded** in the Upgrade Overview blade is the total number of computers that are already running the same or a later version of Windows compared to the target OS. It also is used in the evaluation of apps and drivers: Known issues and guidance for the apps and drivers in Upgrade Analytics is based on the target OS version.
+
+You now have the ability to change the Windows 10 version you wish to target. The available options currently are: Windows 10 version 1507, Windows 10 version 1511, and Windows version 1610.
+
+To change the target OS setting, click on **Solutions Settings**, which appears at the top when you open you Upgrade Analytics solution:
+
+![Target OS](images/ua-cg-08.png)
+
+>You must be signed in to Upgrade Analytics as an administrator to view settings.
+
+On the **Upgrade Analytics Settings** page, choose one of the options in the drop down box and click **Save**. The changes in the target OS setting are reflected in evaluations when a new snapshot is uploaded to your workspace.
+
+![Target OS](images/ua-cg-09.png)

windows/deploy/usmt-overview.md

@@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op
 -   Increases employee satisfaction with the migration experience.
 
 ## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248).
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](http://go.microsoft.com/fwlink/?linkid=620915). PCmover Express is a tool created by Microsoft's partner, Laplink.
 
 There are some scenarios in which the use of USMT is not recommended. These include:
 

windows/deploy/usmt-requirements.md

@@ -15,11 +15,11 @@ author: greg-lindsay
 
 
 -   [Supported Operating Systems](#bkmk-1)
-
--   [Software Requirements](#bkmk-2)
-
+-   [Windows PE](#windows-pe)
+-   [Credentials](#credentials)
+-   [Config.xml](#config-xml)
+-   [LoadState](#loadstate)
 -   [Hard Disk Requirements](#bkmk-3)
-
 -   [User Prerequisites](#bkmk-userprereqs)
 
 ## <a href="" id="bkmk-1"></a>Supported Operating Systems
@@ -44,16 +44,6 @@ The following table lists the operating systems supported in USMT.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>32-bit versions of Windows Vista</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>64-bit versions of Windows Vista</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p></p></td>
-</tr>
-<tr class="odd">
 <td align="left"><p>32-bit versions of Windows 7</p></td>
 <td align="left"><p>X</p></td>
 <td align="left"><p>X</p></td>
@@ -95,45 +85,42 @@ USMT does not support any of the Windows Server® operating systems, Windows 20
 
  
 
-## <a href="" id="bkmk-2"></a>Software Requirements
-
+## Windows PE
 
 -   **Must use latest version of Window PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](http://msdn.microsoft.com/library/windows/hardware/dn938350.aspx).
 
--   **Must run in Administrator Mode** When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. This is because User Access Control (UAC) is enabled by default. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration.
+## Credentials
 
-    To run in Administrator mode:
+-  **Run as administrator** 
+    When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
 
-    1.  Click **Start**.
+To open an elevated command prompt:
 
-    2.  Click **All Programs**.
+1. Click **Start**.
+2. Enter **cmd** in the search function.
+3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed.
+3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**.
+4. If the current user is not already an administrator, you will be prompted to enter administrator credentials.
 
-    3.  Click **Accessories**.
+**Important**<BR>
+You must run USMT using an account with full administrative permissions, including the following privileges:
 
-    4.  Right-click **Command Prompt**.
+- SeBackupPrivilege (Back up files and directories)
+- SeDebugPrivilege (Debug programs)
+- SeRestorePrivilege (Restore files and directories)
+- SeSecurityPrivilege (Manage auditing and security log)
+- SeTakeOwnership Privilege (Take ownership of files or other objects)
 
-    5.  Click **Run as administrator**.
 
-    6.  At the command prompt, type the `ScanState` or `LoadState` command.
+## Config.xml
 
-    **Important**  
-    You must run USMT in Administrator mode from an account with full administrative permissions, including the following privileges:
+-  **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.**<BR>
+    USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
 
-    -   SeBackupPrivilege (Back up files and directories)
+## LoadState
 
-    -   SeDebugPrivilege (Debug programs)
-
-    -   SeRestorePrivilege (Restore files and directories)
-
-    -   SeSecurityPrivilege (Manage auditing and security log)
-
-    -   SeTakeOwnership Privilege (Take ownership of files or other objects)
-
-     
-
--   **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.** USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
-
--   **Install applications before running the LoadState command.** Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
+-  **Install applications before running the LoadState command.**<BR>
+    Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
 
 ## <a href="" id="bkmk-3"></a>Hard-Disk Requirements
 
@@ -146,21 +133,16 @@ Ensure that there is enough available space in the migration-store location and
 This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
 
 -   The navigation and hierarchy of the Windows registry.
-
 -   The files and file types that applications use.
-
 -   The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
-
 -   XML-authoring basics.
 
 ## Related topics
 
 
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[Plan Your Migration](usmt-plan-your-migration.md)<BR>
+[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)<BR>
+[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>
 
  
 

windows/deploy/windows-10-poc-mdt.md

@@ -0,0 +1,646 @@
+---
+title: Step by step - Deploy Windows 10 in a test lab using MDT
+description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT)
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+author: greg-lindsay
+---
+
+
+# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
+
+**Applies to**
+
+-   Windows 10
+
+**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide: 
+- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+
+Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
+- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
+
+The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
+- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
+- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
+- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
+
+>This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
+
+## In this guide
+
+This guide provides instructions to install and configure the Microsoft Deployment Toolkit (MDT) to deploy a Windows 10 image.
+
+Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
+
+<div style='font-size:9.0pt'>
+
+<TABLE border=1 cellspacing=0 cellpadding=0>
+<TR><TD BGCOLOR="#a0e4fa"><B>Topic</B><TD BGCOLOR="#a0e4fa"><B>Description</B><TD BGCOLOR="#a0e4fa"><B>Time</B>
+
+<TR><TD>[About MDT](#about-mdt)<TD>A high-level overview of the Microsoft Deployment Toolkit (MDT).<TD>Informational
+<TR><TD>[Install MDT](#install-mdt)<TD>Download and install MDT.<TD>40 minutes
+<TR><TD>[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)<TD>A reference image is created to serve as the template for deploying new images.<TD>90 minutes
+<TR><TD>[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)<TD>The reference image is deployed in the PoC environment.<TD>60 minutes
+<TR><TD>[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)<TD>Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.<TD>60 minutes
+<TR><TD>[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)<TD>Back up an existing client computer, then restore this backup to a new computer.<TD>60 minutes
+<TR><TD>[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)<TD>Log locations and troubleshooting hints.<TD>Informational
+</TABLE>
+
+</div>
+
+## About MDT
+
+MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods. 
+- LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
+- ZTI is fully automated, requiring no user interaction and is performed using MDT and System Center Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
+- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and System Center Configuration Manager. 
+
+## Install MDT
+
+1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
+    Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
+    Stop-Process -Name Explorer
+    ```
+2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/en-us/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443.
+
+3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1607. Installation might require several minutes to acquire all components.
+
+3. If desired, re-enable IE Enhanced Security Configuration:
+
+    ```
+    Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
+    Stop-Process -Name Explorer
+    ```
+
+## Create a deployment share and reference image
+
+A reference image serves as the foundation for Windows 10 devices in your organization.
+
+1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1.  To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
+
+    ```
+    Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
+    ```
+2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
+
+3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
+
+4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then click **Pin this program to the taskbar**.
+
+5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
+
+6. Use the following settings for the New Deployment Share Wizard:
+    - Deployment share path: **C:\MDTBuildLab**<BR>
+    - Share name: **MDTBuildLab$**<BR>
+    - Deployment share description: **MDT build lab**<BR>
+    - Options: click **Next** to accept the default<BR>
+    - Summary: click **Next**<BR>
+    - Progress: settings will be applied<BR>
+    - Confirmation: click **Finish**
+
+
+7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
+
+8. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
+
+9. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+10. Use the following settings for the Import Operating System Wizard: 
+    - OS Type: **Full set of source files**<BR>
+    - Source: **D:\\** <BR>
+    - Destination: **W10Ent_x64**<BR>
+    - Summary: click **Next**
+    - Progress: wait for files to be copied
+    - Confirmation: click **Finish**
+
+    >For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/en-us/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic in the TechNet library.
+
+11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+    - Task sequence ID: **REFW10X64-001**<BR>
+    - Task sequence name: **Windows 10 Enterprise x64 Default Image** <BR>
+    - Task sequence comments: **Reference Build**<BR>
+    - Template: **Standard Client Task Sequence**
+    - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
+    - Specify Product Key: **Do not specify a product key at this time**
+    - Full Name: **Contoso**
+    - Organization: **Contoso**
+    - Internet Explorer home page: **http://www.contoso.com**
+    - Admin Password: **Do not specify an Administrator password at this time**
+    - Summary: click **Next**
+    - Confirmation: click **Finish**
+
+
+12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
+
+13. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**.
+
+14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. Click another location in the window to see the name change.
+
+15. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
+
+16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
+
+17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
+    
+    >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
+
+18. Click **OK** to complete editing the task sequence.
+
+19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and click **Properties**, and then click the **Rules** tab.
+
+20. Replace the default rules with the following text:
+
+    ```
+    [Settings]
+    Priority=Default
+
+    [Default]
+    _SMSTSORGNAME=Contoso
+    UserDataLocation=NONE
+    DoCapture=YES
+    OSInstall=Y
+    AdminPassword=pass@word1
+    TimeZoneName=Pacific Standard Time
+    OSDComputername=#Left("PC-%SerialNumber%",7)#
+    JoinWorkgroup=WORKGROUP
+    HideShell=YES
+    FinishAction=SHUTDOWN
+    DoNotCreateExtraPartition=YES
+    ApplyGPOPack=NO
+    SkipAdminPassword=YES
+    SkipProductKey=YES
+    SkipComputerName=YES
+    SkipDomainMembership=YES
+    SkipUserData=YES
+    SkipLocaleSelection=YES
+    SkipTaskSequence=NO
+    SkipTimeZone=YES
+    SkipApplications=YES
+    SkipBitLocker=YES
+    SkipSummary=YES
+    SkipRoles=YES
+    SkipCapture=NO
+    SkipFinalSummary=NO
+    ```
+
+21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
+
+    ```
+    [Settings]
+    Priority=Default
+
+    [Default]
+    DeployRoot=\\SRV1\MDTBuildLab$
+    UserDomain=CONTOSO
+    UserID=MDT_BA
+    UserPassword=pass@word1
+    SkipBDDWelcome=YES
+    ```
+
+22. Click **OK** to complete the configuration of the deployment share.
+
+23. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
+
+24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice.  The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
+
+25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
+
+    >Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
+
+26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
+
+    <div style='font-size:8.0pt'>
+    <pre style="overflow-y: visible">
+
+    New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
+    Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
+    Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
+    Start-VM REFW10X64-001
+    vmconnect localhost REFW10X64-001
+	</pre>
+    </div>
+    
+    The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file. 
+
+27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**.
+
+28. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes, and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated.
+
+	Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
+
+	- Install the Windows 10 Enterprise operating system.
+	- Install added applications, roles, and features.
+	- Update the operating system using Windows Update (or WSUS if optionally specified).
+	- Stage Windows PE on the local disk.
+	- Run System Preparation (Sysprep) and reboot into Windows PE.
+	- Capture the installation to a Windows Imaging (WIM) file.
+	- Turn off the virtual machine.<BR><BR>
+
+    This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
+
+## Deploy a Windows 10 image using MDT
+
+This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
+
+1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
+     - **Deployment share path**: C:\MDTProd
+     - **Share name**: MDTProd$
+     - **Deployment share description**: MDT Production
+     - **Options**: accept the default
+
+
+2. Click **Next**, verify the new deployment share was added successfully, then click **Finish**.
+
+3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
+
+4. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+5. On the **OS Type** page, choose **Custom image file** and then click **Next**.
+
+6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, click **Open**, and then click **Next**.
+
+7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**. 
+
+8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**.
+
+9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, wait for the import process to complete, and then click **Finish**.
+
+10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. See the following example:
+
+    ![custom image](images/image.png)
+
+
+### Create the deployment task sequence
+
+1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, click **New Folder** and create a folder with the name: **Windows 10**.
+
+2. Right-click the **Windows 10** folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+    - Task sequence ID: W10-X64-001
+    - Task sequence name: Windows 10 Enterprise x64 Custom Image
+    - Task sequence comments: Production Image
+    - Select Template: Standard Client Task Sequence
+    - Select OS: Windows 10 Enterprise x64 Custom Image
+    - Specify Product Key: Do not specify a product key at this time
+    - Full Name: Contoso
+    - Organization: Contoso
+    - Internet Explorer home page: http://www.contoso.com
+    - Admin Password: pass@word1 
+    
+### Configure the MDT production deployment share
+
+1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
+
+    ```
+    copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
+    copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
+    ``` 
+2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click **Properties**.
+
+3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
+
+    ```
+    [Settings]
+    Priority=Default
+    
+    [Default]
+    _SMSTSORGNAME=Contoso
+    OSInstall=YES
+    UserDataLocation=AUTO
+    TimeZoneName=Pacific Standard Time
+    OSDComputername=#Left("PC-%SerialNumber%",7)#
+    AdminPassword=pass@word1
+    JoinDomain=contoso.com
+    DomainAdmin=administrator
+    DomainAdminDomain=CONTOSO
+    DomainAdminPassword=pass@word1
+    ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+    USMTMigFiles001=MigApp.xml
+    USMTMigFiles002=MigUser.xml
+    HideShell=YES
+    ApplyGPOPack=NO
+    SkipAppsOnUpgrade=NO
+    SkipAdminPassword=YES
+    SkipProductKey=YES
+    SkipComputerName=YES
+    SkipDomainMembership=YES
+    SkipUserData=YES
+    SkipLocaleSelection=YES
+    SkipTaskSequence=NO
+    SkipTimeZone=YES
+    SkipApplications=NO
+    SkipBitLocker=YES
+    SkipSummary=YES
+    SkipCapture=YES
+    SkipFinalSummary=NO
+    EventService=http://SRV1:9800
+    ```
+    **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
+    
+    >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
+
+    If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
+    
+    ```
+    ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+    ```
+
+    For example, to migrate **all** users on the computer, replace this line with the following:
+
+    ```
+    ScanStateArgs=/all
+    ```   
+
+    For more information, see [ScanState Syntax](https://technet.microsoft.com/library/cc749015.aspx).
+
+4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
+
+    ```
+    [Settings]
+    Priority=Default
+    
+    [Default]
+    DeployRoot=\\SRV1\MDTProd$
+    UserDomain=CONTOSO
+    UserID=MDT_BA
+    UserPassword=pass@word1
+    SkipBDDWelcome=YES
+    ```
+5. Click **OK** when finished. 
+
+### Update the deployment share
+
+1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**.
+
+2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
+
+3. Click **Finish** when the update is complete.
+
+### Enable deployment monitoring
+
+1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**.
+
+2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+
+3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/).
+
+4. Close Internet Explorer.
+
+### Configure Windows Deployment Services
+
+1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
+    WDSUTIL /Set-Server /AnswerClients:All
+    ```
+
+2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**.
+
+3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then click **Add Boot Image**.
+
+4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image.
+
+### Deploy the client image
+
+1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. 
+
+    >**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
+    
+    Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
+
+    ```
+    Disable-NetAdapter "Ethernet 2" -Confirm:$false
+    ```
+
+    >Wait until the disable-netadapter command completes before proceeding.
+
+
+2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
+    ```
+
+    >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
+
+3. Start the new VM and connect to it:
+
+    ```
+    Start-VM PC2
+    vmconnect localhost PC2
+    ```
+4. When prompted, hit ENTER to start the network boot process.
+
+5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
+
+    ```
+    Enable-NetAdapter "Ethernet 2"
+    ```
+7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
+8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes.  When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
+    
+    ![finish](images/deploy-finish.png)
+
+
+This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
+
+## Refresh a computer with Windows 10
+
+This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). 
+
+1. If the PC1 VM is not already running, then start and connect to it:
+    
+    ```
+    Start-VM PC1
+    vmconnect localhost PC1
+    ```
+
+2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios.  Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Checkpoint-VM -Name PC1 -SnapshotName BeginState
+    ```
+
+3. Sign on to PC1 using the CONTOSO\Administrator account.
+
+    >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
+
+4. Open an elevated command prompt on PC1 and type the following:
+
+    ```
+    cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+    ```
+
+    **Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer.
+
+5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. Choose **Do not back up the existing computer** and click **Next**.
+
+    **Note**: The USMT will still back up the computer.
+
+7. Lite Touch Installation will perform the following actions:
+    - Back up user settings and data using USMT.
+    - Install the Windows 10 Enterprise X64 operating system.
+    - Update the operating system via Windows Update.
+    - Restore user settings and data using USMT.
+
+    You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
+
+8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
+
+9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Checkpoint-VM -Name PC1 -SnapshotName RefreshState
+    ```
+
+10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
+    Start-VM PC1
+    vmconnect localhost PC1
+    ```
+    
+11. Sign in to PC1 using the contoso\administrator account.
+
+## Replace a computer with Windows 10
+
+At a high level, the computer replace process consists of:<BR>
+- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.<BR>
+- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
+
+### Create a backup-only task sequence
+
+1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
+2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
+3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    New-Item -Path C:\MigData -ItemType directory
+    New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
+    icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
+    ```
+4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
+5. Name the new folder **Other**, and complete the wizard using default options.
+6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
+    - **Task sequence ID**: REPLACE-001
+    - **Task sequence name**: Backup Only Task Sequence
+    - **Task sequence comments**: Run USMT to back up user data and settings
+    - **Template**: Standard Client Replace Task Sequence (note: this is not the default template)
+7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings.
+8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence.
+
+### Run the backup-only task sequence
+
+1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
+
+    ```
+    whoami
+    ```
+2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
+
+    ```
+    Remove-Item c:\minint -recurse
+    Remove-Item c:\_SMSTaskSequence -recurse
+    Restart-Computer
+    ```
+2. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
+
+    ```
+    cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+    ```
+3. Complete the deployment wizard using the following:
+    - **Task Sequence**: Backup Only Task Sequence
+    - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
+    - **Computer Backup**: Do not back up the existing computer.
+4. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.  
+5. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
+6. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
+
+    ```
+    PS C:\> dir C:\MigData\PC1\USMT
+
+        Directory: C:\MigData\PC1\USMT
+
+    Mode                LastWriteTime     Length Name
+    ----                -------------     ------ ----
+    -a---          9/6/2016  11:34 AM   14248685 USMT.MIG
+    ```
+### Deploy PC3 
+
+1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
+
+    ```
+    New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
+    ```
+2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+    ```
+    Disable-NetAdapter "Ethernet 2" -Confirm:$false
+    ```
+
+    >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
+
+
+3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+    ```
+    Start-VM PC3
+    vmconnect localhost PC3
+    ```
+
+4. When prompted, press ENTER for network boot.
+
+6. On PC3, use the following settings for the Windows Deployment Wizard:
+    - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
+    - **Move Data and Settings**: Do not move user data and settings
+    - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
+
+5. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
+
+    ```
+    Enable-NetAdapter "Ethernet 2"
+    ```
+7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
+
+8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
+
+9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
+
+10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
+
+## Troubleshooting logs, events, and utilities
+
+Deployment logs are available on the client computer in the following locations:
+- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS
+- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
+- After deployment: %WINDIR%\TEMP\DeploymentLogs
+
+You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**.
+
+Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/en-us/download/details.aspx?id=50012)
+
+Also see [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
+
+## Related Topics
+
+[Microsoft Deployment Toolkit](https://technet.microsoft.com/en-US/windows/dn475741)<BR>
+[Prepare for deployment with MDT 2013](prepare-for-windows-deployment-with-mdt-2013.md)
+
+ 
+
+
+
+
+