diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md index 62bed0b6be..7fef07b9f4 100644 --- a/windows/configuration/guidelines-for-assigned-access-app.md +++ b/windows/configuration/guidelines-for-assigned-access-app.md @@ -77,7 +77,7 @@ Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh stat > > 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer. >2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). ->3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com). +>3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com). >4. Save the XML file. >5. Open the project again in Windows Configuration Designer. >6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed. diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md index 76e737d93f..414773196e 100644 --- a/windows/configuration/kiosk-xml.md +++ b/windows/configuration/kiosk-xml.md @@ -24,13 +24,13 @@ ms.topic: article ## Full XML sample >[!NOTE] ->Updated for Windows 10, version 1809. +>Updated for Windows 10, version 1809. ```xml @@ -47,9 +47,9 @@ ms.topic: article - - - + + + @@ -86,7 +86,7 @@ ms.topic: article - + @@ -123,7 +123,7 @@ ms.topic: article - + @@ -147,7 +147,7 @@ ms.topic: article @@ -176,7 +176,7 @@ ms.topic: article xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:default="http://schemas.microsoft.com/AssignedAccess/2017/config" - xmlns:Windows10October2018Update="http://schemas.microsoft.com/AssignedAccess/201810/config" + xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config" targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config" > @@ -196,7 +196,7 @@ ms.topic: article - + @@ -215,7 +215,7 @@ ms.topic: article - + @@ -239,8 +239,8 @@ ms.topic: article - - + + @@ -277,7 +277,7 @@ ms.topic: article - + diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md index 4d4af99711..97525005b3 100644 --- a/windows/configuration/lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md @@ -29,7 +29,7 @@ The following table lists changes to multi-app kiosk in recent updates. New features and improvements | In update --- | --- - Configure [a single-app kiosk profile](#profile) in your XML file

- Assign [group accounts to a config profile](#config-for-group-accounts)

- Configure [an account to sign in automatically](#config-for-autologon-account) | Windows 10, version 1803 -- Explicitly allow [some known folders when user opens file dialog box](#FileExplorerNamespaceRestrictions)

- [Automatically launch an app](#allowedapps) when the user signs in

- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809

**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. +- Explicitly allow [some known folders when user opens file dialog box](#fileexplorernamespacerestrictions)

- [Automatically launch an app](#allowedapps) when the user signs in

- Configure a [display name for the autologon account](#config-for-autologon-account) | Windows 10, version 1809

**Important:** To use features released in Windows 10, version 1809, make sure that [your XML file](#create-xml-file) references `http://schemas.microsoft.com/AssignedAccess/201810/config`. @@ -110,7 +110,7 @@ You can start your file by pasting the following XML (or any other examples in t @@ -175,7 +175,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can - For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867), or [get the AUMID from the Start Layout XML](#startlayout). - For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of %variableName% (i.e. %systemroot%, %windir%). -- To configure the app to launch automatically when the user signs in, include `Windows10October2018Update:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample). +- To configure the app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample). When the mult-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**: @@ -205,7 +205,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula - + ``` @@ -220,7 +220,7 @@ The following example shows how to allow user access to the Downloads folder in @@ -228,9 +228,9 @@ The following example shows how to allow user access to the Downloads folder in ... - - - + + + ... @@ -354,7 +354,7 @@ In Windows 10, version 1809, you can configure the display name that will be sho ```xml - + diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index e42efc4ec8..35ab89b19d 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -108,7 +108,7 @@ Wecutil ss “testSubscription” /cf:Events ### How frequently are WEF events delivered? -Event delivery options are part of the WEF subscription configuration parameters – There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Ciewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector. +Event delivery options are part of the WEF subscription configuration parameters – There are three built-in subscription delivery options: Normal, Minimize Bandwidth, and Minimize Latency. A fourth, catch-all called “Custom” is available but cannot be selected or configured through the WEF UI by using Event Viewer. The Custom delivery option must be selected and configured using the WECUTIL.EXE command-line application. All subscription options define a maximum event count and maximum event age, if either limit is exceeded then the accumulated events are sent to the event collector. This table outlines the built-in delivery options: diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md index 4cb0d0390a..8400f6cb17 100644 --- a/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/applocker/working-with-applocker-rules.md @@ -6,8 +6,9 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security -author: brianlic-msft -ms.date: 09/21/2017 +author: andreabichsel +msauthor: v-anbic +ms.date: 08/27/2018 --- # Working with AppLocker rules @@ -60,6 +61,8 @@ The AppLocker console is organized into rule collections, which are executable f When DLL rules are used, AppLocker must check each DLL that an application loads. Therefore, users may experience a reduction in performance if DLL rules are used. The DLL rule collection is not enabled by default. To learn how to enable the DLL rule collection, see [DLL rule collections](#bkmk-dllrulecollections). + +EXE rules apply to portable executable (PE) files. AppLocker checks whether a file is a valid PE file, rather than just applying rules based on file extension, which attackers can easily change. Regardless of the file extension, the AppLocker EXE rule collection will work on a file as long as it is a valid PE file.   ## Rule conditions