deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into comcontrol-7790977

Browse Source
This commit is contained in:
Meghan Stewart
2023-05-12 11:54:53 -07:00
parent f4e6fd64d2 fabbbda6ea
commit 74163a221b
206 changed files with 4731 additions and 2070 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/deployment/update/WIP4Biz-intro.md
View File

@ -44,7 +44,7 @@ Windows 10 Insider Preview builds offer organizations a valuable and exciting op
|Release channel |**Fast Ring:** Insider Preview builds in the Fast Ring are released approximately once a week and contain the very latest features. This makes them ideal for feature exploration.|
|Users | Because Fast Ring builds are released so early in the development cycle, we recommend limiting feature exploration in your organization to IT administrators and developers running Insider Preview builds on secondary devices. |
|Tasks | - Install and manage Insider Preview builds on devices (per device or centrally across multiple devices)<br> - Explore new features in Windows designed for organizations, including new features related to current and planned line of business applications<br> - Before running an Insider Preview build, check our [Windows Insider blog](https://blogs.windows.com/windowsexperience/tag/windows-insider-program/#k3WWwxKCTWHCO82H.97) for a summary of current features. |
|Feedback | - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organizations domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](https://insider.windows.com/how-to-feedback/) |
|Feedback | - This helps us make adjustments to features as quickly as possible.<br> - Encourage users to sign into the Feedback Hub using their Azure Active Directory work accounts. This enables both you and Microsoft to track feedback submitted by users within your specific organization. (Note: This tracking is only visible to Microsoft and registered Insiders within your organizations domain.)<br> - [Learn how to provide effective feedback in the Feedback Hub](/windows-insider/feedback) |
## Validate Insider Preview builds
Along with exploring new features, you also have the option to validate your apps and infrastructure on Insider Preview builds. Early validation has several benefits:

2
windows/deployment/update/eval-infra-tools.md
View File

@ -45,7 +45,7 @@ Keep security baselines current to help ensure that your environment is secure a
There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 10, version 1909](https://www.microsoft.com/download/100591).
- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.

36
windows/deployment/update/media-dynamic-update.md
View File

@ -8,7 +8,7 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 05/09/2023
ms.reviewer: stevedia
---
@ -77,6 +77,7 @@ This table shows the correct sequence for applying the various tasks to the file
|Add Safe OS Dynamic Update | 6 | | |
|Add Setup Dynamic Update | | | | 26
|Add setup.exe from WinPE | | | | 27
|Add boot manager from WinPE | | | | 28
|Add latest cumulative update | | 15 | 21 |
|Clean up the image | 7 | 16 | 22 |
|Add Optional Components | | | 23 |
@ -300,7 +301,7 @@ Move-Item -Path $WORKING_PATH"\winre2.wim" -Destination $WORKING_PATH"\winre.wim
### Update WinPE
This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, add font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. Finally, it cleans and exports Boot.wim, and copies it back to the new media.
This script is similar to the one that updates WinRE, but instead it mounts Boot.wim, applies the packages with the latest cumulative update last, and saves. It repeats this for all images inside of Boot.wim, typically two images. It starts by applying the servicing stack Dynamic Update. Since the script is customizing this media with Japanese, it installs the language pack from the WinPE folder on the language pack ISO. Additionally, it adds font support and text to speech (TTS) support. Since the script is adding a new language, it rebuilds lang.ini, used to identify languages installed in the image. For the second image, we'll save setup.exe for later use, to ensure this version matches the \sources\setup.exe version from the installation media. If these binaries are not identical, Windows Setup will fail during installation. We'll also save the serviced boot manager files for later use in the script. Finally, the script cleans and exports Boot.wim, and copies it back to the new media.
```powershell
#
@ -416,9 +417,15 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
Write-Output "$(Get-TS): Performing image cleanup on WinPE"
DISM /image:$WINPE_MOUNT /cleanup-image /StartComponentCleanup | Out-Null
# If second image, save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
if ($IMAGE.ImageIndex -eq "2") {
# Save setup.exe for later use. This will address possible binary mismatch with the version in the main OS \sources folder
Copy-Item -Path $WINPE_MOUNT"\sources\setup.exe" -Destination $WORKING_PATH"\setup.exe" -Force -ErrorAction stop | Out-Null
# Save serviced boot manager files later copy to the root media.
Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgfw.efi" -Destination $WORKING_PATH"\bootmgfw.efi" -Force -ErrorAction stop | Out-Null
Copy-Item -Path $WINPE_MOUNT"\Windows\boot\efi\bootmgr.efi" -Destination $WORKING_PATH"\bootmgr.efi" -Force -ErrorAction stop | Out-Null
}
# Dismount
@ -532,7 +539,7 @@ Move-Item -Path $WORKING_PATH"\install2.wim" -Destination $MEDIA_NEW_PATH"\sourc
### Update remaining media files
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings an updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe using the previously saved version from WinPE.
This part of the script updates the Setup files. It simply copies the individual files in the Setup Dynamic Update package to the new media. This step brings in updated Setup files as needed, along with the latest compatibility database, and replacement component manifests. This script also does a final replacement of setup.exe and boot manager files using the previously saved versions from WinPE.
```powershell
#
@ -544,8 +551,29 @@ Write-Output "$(Get-TS): Adding package $SETUP_DU_PATH"
cmd.exe /c $env:SystemRoot\System32\expand.exe $SETUP_DU_PATH -F:* $MEDIA_NEW_PATH"\sources" | Out-Null
# Copy setup.exe from boot.wim, saved earlier.
Write-Output "$(Get-TS): Copying $WORKING_PATH\setup.exe to $MEDIA_NEW_PATH\sources\setup.exe"
Copy-Item -Path $WORKING_PATH"\setup.exe" -Destination $MEDIA_NEW_PATH"\sources\setup.exe" -Force -ErrorAction stop | Out-Null
# Copy bootmgr files from boot.wim, saved earlier.
$MEDIA_NEW_FILES = Get-ChildItem $MEDIA_NEW_PATH -Force -Recurse -Filter b*.efi
Foreach ($File in $MEDIA_NEW_FILES){
if (($File.Name -ieq "bootmgfw.efi") -or `
($File.Name -ieq "bootx64.efi") -or `
($File.Name -ieq "bootia32.efi") -or `
($File.Name -ieq "bootaa64.efi"))
{
Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgfw.efi to $($File.FullName)"
Copy-Item -Path $WORKING_PATH"\bootmgfw.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
}
elseif ($File.Name -ieq "bootmgr.efi")
{
Write-Output "$(Get-TS): Copying $WORKING_PATH\bootmgr.efi to $($File.FullName)"
Copy-Item -Path $WORKING_PATH"\bootmgr.efi" -Destination $File.FullName -Force -ErrorAction stop | Out-Null
}
}
```
### Finish up

6
windows/deployment/update/waas-servicing-channels-windows-10-updates.md
View File

@ -48,10 +48,10 @@ The General Availability Channel is the default servicing channel for all Window
To get started with the Windows Insider Program for Business, follows these steps:
1. On the [Windows Insider](https://insider.windows.com) website, go to **For Business > Getting Started** to [register your organizational Azure AD account](https://insider.windows.com/insidersigninaad/).
2. **Register your domain**. Rather than have each user register individually for Insider Preview builds, administrators can [register their domain](https://insider.windows.com/for-business-organization-admin/) and control settings centrally.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register the domain.
1. On the [Windows Insider](https://www.microsoft.com/windowsinsider/for-business) website, select **Register** to register your organizational Azure AD account.
2. Follow the prompts to register your tenant.</br>**Note:** The signed-in user needs to be a **Global Administrator** of the Azure AD domain in order to be able to register.
3. Make sure the **Allow Telemetry** setting is set to **2** or higher.
4. For Windows 10, version 1709 or later, set policies to manage preview builds and their delivery:
4. For Windows devices, set policies to manage preview builds and their delivery:
The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
* Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*

7
windows/deployment/update/wufb-compliancedeadlines.md
View File

@ -8,13 +8,13 @@ ms.author: mstewart
manager: aaroncz
ms.topic: article
ms.technology: itpro-updates
ms.date: 12/31/2017
ms.date: 05/12/2023
---
# Enforcing compliance deadlines for updates
**Applies to**
- Windows 10
- Windows 10
- Windows 11
Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
@ -43,3 +43,6 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.)
For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
> [!NOTE]
> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.

2
windows/deployment/update/wufb-reports-do.md
View File

@ -92,7 +92,7 @@ There are several calculated values that appear on the Delivery Optimization rep
In the **Efficiency By Group** subsection, the **GroupID** is displayed as an encoded SHA256 hash. You can create a mapping of original to encoded GroupIDs using the following PowerShell example:
```powershell
$text = "<myEncodedGroupID>" ;
$text = "<myEncodedGroupID>`0"; (the null-terminator (`0) must be included in the string hash)
$hashObj = [System.Security.Cryptography.HashAlgorithm]::Create('sha256') ; $dig = $hashObj.ComputeHash([System.Text.Encoding]::Unicode.GetBytes($text)) ; $digB64 = [System.Convert]::ToBase64String($dig) ; Write-Host "$text ==> $digB64"
```