diff --git a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
index 1283cb2181..0d237c5cd4 100644
--- a/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
+++ b/windows/keep-secure/devices-allow-undock-without-having-to-log-on.md
@@ -2,84 +2,78 @@
 title: Devices Allow undock without having to log on (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allow undock without having to log on security policy setting.
 ms.assetid: 1d403f5d-ad41-4bb4-9f4a-0779c1c14b8c
-ms.pagetype: security
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
+
 # Devices: Allow undock without having to log on
+
 **Applies to**
 -   Windows 10
+
 Describes the best practices, location, values, and security considerations for the **Devices: Allow undock without having to log on** security policy setting.
+
 ## Reference
+
 This policy setting enables or disables the ability of a user to remove a portable device from a docking station without logging on. If you enable this policy setting, users can press a docked portable device's physical eject button to safely undock the device. If you disable this policy setting, the user must log on to receive permission to undock the device. Only users who have the **Remove Computer from Docking Station** privilege can obtain this permission.
-**Note**  
-Disabling this policy setting only reduces theft risk for portable devices that cannot be mechanically undocked. Devices that can be mechanically undocked can be physically removed by the user whether or not they use the Windows undocking functionality.
+
+>**Note:**  Disabling this policy setting only reduces theft risk for portable devices that cannot be mechanically undocked. Devices that can be mechanically undocked can be physically removed by the user whether or not they use the Windows undocking functionality.
  
 Enabling this policy setting means that anyone with physical access to a device that has been placed in its docking station can remove the computer and possibly tamper with it. For devices that do not have docking stations, this policy setting has no impact. However, for users with a mobile computer that is normally docked while they are in the office, this policy setting will help lower the risk of equipment theft or a malicious user gaining physical access to these devices
+
 ### Possible values
+
 -   Enabled
 -   Disabled
 -   Not defined
+
 ### Best practices
+
 It is advisable to disable the **Devices: Allow undock without having to log on** policy setting. Users who have docked their devices will have to log on to the local console before they can undock their systems.
+
 ### Location
+
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
 ### Default values
+
 The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Server type or GPO</th>
-<th align="left">Default value</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Default Domain Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default Domain Controller Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Stand-Alone Server Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>DC Effective Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Member Server Effective Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Client Computer Effective Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-</tbody>
-</table>
+
+| Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy | Not defined| 
+| Default Domain Controller Policy | Not defined | 
+| Stand-Alone Server Default Settings | Enabled| 
+| DC Effective Default Settings | Enabled| 
+| Member Server Effective Default Settings | Enabled| 
+| Client Computer Effective Default Settings| Enabled| 
  
 ## Policy management
+
 This section describes features and tools that are available to help you manage this policy.
+
 ### Restart requirement
+
 None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
+
 ## Security considerations
+
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
 ### Vulnerability
+
 If this policy setting is enabled, anyone with physical access to portable computers in docking stations could remove them and possibly tamper with them.
+
 ### Countermeasure
+
 Disable the **Devices: Allow undock without having to log on** setting.
 ### Potential impact
+
 Users who have docked their device must log on to the local console before they can undock their computers. For devices that do not have docking stations, this policy setting has no impact.
+
 ## Related topics
-[Security Options](security-options.md)
- 
- 
+
+- [Security Options](security-options.md)
diff --git a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
index 146ef13dde..9c9a232738 100644
--- a/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
+++ b/windows/keep-secure/devices-allowed-to-format-and-eject-removable-media.md
@@ -2,82 +2,79 @@
 title: Devices Allowed to format and eject removable media (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Allowed to format and eject removable media security policy setting.
 ms.assetid: d1b42425-7244-4ab1-9d46-d68de823459c
-ms.pagetype: security
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
+
 # Devices: Allowed to format and eject removable media
+
 **Applies to**
 -   Windows 10
+
 Describes the best practices, location, values, and security considerations for the **Devices: Allowed to format and eject removable media** security policy setting.
+
 ## Reference
+
 This policy setting determines who is allowed to format and eject removable media.
+
 Users can move removable disks to a different device where they have administrative user rights and then take ownership of any file, assign themselves full control, and view or modify any file. The advantage of configuring this policy setting is diminished by the fact that most removable storage devices will eject media with the press of a button.
+
 ### Possible values
+
 -   Administrators
 -   Administrators and Power Users
 -   Administrators and Interactive Users (not applicable to Windows Server 2008 R2 or Windows 7 and later)
 -   Not defined
+
 ### Best practices
+
 -   It is advisable to set **Allowed to format and eject removable media** to **Administrators**. Only administrators will be able to eject NTFS-formatted removable media.
+
 ### Location
+
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
 ### Default values
+
 The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Server type or GPO</th>
-<th align="left">Default value</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Default Domain Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default Domain Controller Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Stand-Alone Server Default Settings</p></td>
-<td align="left"><p>Administrators</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>DC Effective Default Settings</p></td>
-<td align="left"><p>Administrators</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Member Server Effective Default Settings</p></td>
-<td align="left"><p>Administrators</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Client Computer Effective Default Settings</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-</tbody>
-</table>
+
+| Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy| Not defined| 
+| Default Domain Controller Policy | Not defined| 
+| Stand-Alone Server Default Settings | Administrators| 
+| DC Effective Default Settings | Administrators| 
+| Member Server Effective Default Settings | Administrators| 
+| Client Computer Effective Default Settings | Not defined| 
  
 ## Policy management
+
 This section describes features and tools that are available to help you manage this policy.
+
 ### Restart requirement
+
 None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
+
 ## Security considerations
+
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
 ### Vulnerability
-Users could move data on removable disks to a different computer where they have administrative privileges. The user could then take ownership of any file, grant themselves full control, and view or modify any file. The fact that most removable storage devices eject media when a mechanical button is pressed diminishes the advantage of this policy setting.
+
+Users could move data on removable disks to a different computer where they have administrative privileges. The user could then take ownership of any file, grant themselves full control, and view or modify any file. The fact that most removable storage devices eject media when a mechanical button 
+is pressed diminishes the advantage of this policy setting.
+
 ### Countermeasure
+
 Configure the **Devices: Allowed to format and eject removable media** setting to **Administrators**.
+
 ### Potential impact
+
 Only administrators can format and eject removable media. If users are in the habit of using removable media for file transfers and storage, they must be informed of the change in policy.
+
 ## Related topics
-[Security Options](security-options.md)
- 
- 
+
+- [Security Options](security-options.md)
diff --git a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
index 9a31968fed..c71b4b04d5 100644
--- a/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
+++ b/windows/keep-secure/devices-prevent-users-from-installing-printer-drivers.md
@@ -2,82 +2,80 @@
 title: Devices Prevent users from installing printer drivers (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Prevent users from installing printer drivers security policy setting.
 ms.assetid: ab70a122-f7f9-47e0-ad8c-541f30a27ec3
-ms.pagetype: security
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
+
 # Devices: Prevent users from installing printer drivers
+
 **Applies to**
 -   Windows 10
+
 Describes the best practices, location, values, and security considerations for the **Devices: Prevent users from installing printer drivers** security policy setting.
+
 ## Reference
+
 For a device to print to a network printer, the driver for that network printer must be installed locally. The **Devices: Prevent users from installing printer drivers** policy setting determines who can install a printer driver as part of adding a network printer. When you set the value to **Enabled**, only Administrators and Power Users can install a printer driver as part of adding a network printer. Setting the value to **Disabled** allows any user to install a printer driver as part of adding a network printer. This setting prevents unprivileged users from downloading and installing an untrusted printer driver.
+
 This setting has no impact if you have configured a trusted path for downloading drivers. When using trusted paths, the print subsystem attempts to use the trusted path to download the driver. If the trusted path download succeeds, the driver is installed on behalf of any user. If the trusted path download fails, the driver is not installed and the network printer is not added.
+
 Although it might be appropriate in some organizations to allow users to install printer drivers on their own workstations, this is not suitable for servers. Installing a printer driver on a server can cause the system to become less stable. Only administrators should have this user right on servers. A malicious user might deliberately try to damage the system by installing inappropriate printer drivers.
+
 ### Possible values
+
 -   Enabled
 -   Disabled
 -   Not defined
+
 ### Best practices
+
 -   It is advisable to set **Devices: Prevent users from installing printer drivers** to Enabled. Only users in the Administrative, Power User, or Server Operator groups will be able to install printers on servers. If this policy setting is enabled, but the driver for a network printer already exists on the local computer, users can still add the network printer. This policy setting does not affect a user's ability to add a local printer.
+
 ### Location
+
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
 ### Default values
+
 The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Server type or GPO</th>
-<th align="left">Default value</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Default Domain Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default Domain Controller Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Stand-Alone Server Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>DC Effective Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Member Server Effective Default Settings</p></td>
-<td align="left"><p>Enabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Client Computer Effective Default Settings</p></td>
-<td align="left"><p>Disabled</p></td>
-</tr>
-</tbody>
-</table>
+
+Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy | Not defined| 
+| Default Domain Controller Policy | Not defined| 
+| Stand-Alone Server Default Settings | Enabled| 
+| DC Effective Default Settings | Enabled| 
+| Member Server Effective Default Settings | Enabled| 
+| Client Computer Effective Default Settings | Disabled| 
  
 ## Policy management
+
 This section describes features and tools that are available to help you manage this policy.
+
 ### Restart requirement
+
 None. Changes to this policy become effective without a computer restart when they are saved locally or distributed through Group Policy.
+
 ## Security considerations
+
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
 ### Vulnerability
-It may be appropriate in some organizations to allow users to install printer drivers on their own workstations. However, you should allow only administrators, not users, to do so on servers because printer driver installation on a server may unintentionally cause the computer to become less stable. A malicious user could install inappropriate printer drivers in a deliberate attempt to damage the computer, or a user might accidentally install malicious software that masquerades as a printer driver.
+
+It may be appropriate in some organizations to allow users to install printer drivers on their own workstations. However, you should allow only administrators, not users, to do so on servers because printer driver installation on a server may unintentionally cause the computer to become less 
+stable. A malicious user could install inappropriate printer drivers in a deliberate attempt to damage the computer, or a user might accidentally install malicious software that masquerades as a printer driver.
+
 ### Countermeasure
+
 Enable the **Devices: Prevent users from installing printer drivers** setting.
+
 ### Potential impact
+
 Only members of the Administrator, Power Users, or Server Operator groups can install printers on the servers. If this policy setting is enabled but the driver for a network printer already exists on the local computer, users can still add the network printer.
+
 ## Related topics
-[Security Options](security-options.md)
- 
- 
+
+- [Security Options](security-options.md)
diff --git a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
index d4a806d762..e42ea9042c 100644
--- a/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
+++ b/windows/keep-secure/devices-restrict-cd-rom-access-to-locally-logged-on-user-only.md
@@ -2,82 +2,79 @@
 title: Devices Restrict CD-ROM access to locally logged-on user only (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Devices Restrict CD-ROM access to locally logged-on user only security policy setting.
 ms.assetid: 8b8f44bb-84ce-4f18-af30-ab89910e234d
-ms.pagetype: security
 ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+ms.pagetype: security
 author: brianlic-msft
 ---
+
 # Devices: Restrict CD-ROM access to locally logged-on user only
+
 **Applies to**
 -   Windows 10
+
 Describes the best practices, location, values, and security considerations for the **Devices: Restrict CD-ROM access to locally logged-on user only** security policy setting.
+
 ## Reference
+
 This policy setting determines whether a CD is accessible to local and remote users simultaneously. If you enable this policy setting, only the interactively logged-on user is allowed to access removable CDs. If this policy setting is enabled and no one is logged on interactively, the CD can be accessed over the network.
+
 The security benefit of enabling this policy setting is small because it only prevents network users from accessing the drive when someone is logged on to the local console of the system at the same time. Additionally, CD drives are not automatically made available as network shared drives; you must deliberately choose to share the drive. This is important when administrators are installing software or copying data from a CD-ROM, and they do not want network users to be able to execute the applications or view the data.
+
 If this policy setting is enabled, users who connect to the server over the network will not be able to use any CD drives that are installed on the server when anyone is logged on to the local console of the server. Enabling this policy setting is not suitable for a system that serves as a CD jukebox for network users.
+
 ### Possible values
+
 -   Enabled
 -   Disabled
 -   Not defined
+
 ### Best practices
+
 -   Best practices are dependent on your security and user accessibility requirements for CD drives.
+
 ### Location
+
 Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options
+
 ### Default values
+
 The following table lists the actual and effective default values for this policy. Default values are also listed on the policy’s property page.
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Server type or GPO</th>
-<th align="left">Default value</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Default Domain Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Default Domain Controller Policy</p></td>
-<td align="left"><p>Not defined</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Stand-Alone Server Default Settings</p></td>
-<td align="left"><p>Disabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>DC Effective Default Settings</p></td>
-<td align="left"><p>Disabled</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Member Server Effective Default Settings</p></td>
-<td align="left"><p>Disabled</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Client Computer Effective Default Settings</p></td>
-<td align="left"><p>Disabled</p></td>
-</tr>
-</tbody>
-</table>
+
+
+| Server type or GPO | Default value |
+| - | - |
+| Default Domain Policy | Not defined | 
+| Default Domain Controller Policy | Not defined | 
+| Stand-Alone Server Default Settings | Disabled | 
+| DC Effective Default Settings | Disabled | 
+| Member Server Effective Default Settings | Disabled | 
+| Client Computer Effective Default Settings | Disabled | 
  
 ## Policy management
+
 This section describes features and tools that are available to help you manage this policy.
+
 ### Restart requirement
+
 None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy.
+
 ## Security considerations
+
 This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation.
+
 ### Vulnerability
-A remote user could potentially access a mounted CD that contains sensitive information. This risk is small because CD drives are not automatically made available as shared drives; you must deliberately choose to share the drive. However, you can deny network users the ability to view data or run applications from removable media on the server.
+
+A remote user could potentially access a mounted CD that contains sensitive information. This risk is small because CD drives are not automatically made available as shared drives; you must deliberately choose to share the drive. However, you can deny network users the ability to view data or run 
+applications from removable media on the server.
+
 ### Countermeasure
 Enable the **Devices: Restrict CD-ROM drive access to locally logged-on user only** setting.
+
 ### Potential impact
 Users who connect to the server over the network cannot use any CD drives that are installed on the server when anyone is logged on to the local console of the server. System tools that require access to the CD drive will fail. For example, the Volume Shadow Copy service attempts to access all CD and floppy disk drives that are present on the computer when it initializes, and if the service cannot access one of these drives, it fails. This condition causes the Windows Backup tool to fail if volume shadow copies were specified for the backup job. Any non-Microsoft backup products that use volume shadow copies also fail. This policy setting would not be suitable for a computer that serves as a CD jukebox for network users.
+
 ## Related topics
-[Security Options](security-options.md)
- 
- 
+
+- [Security Options](security-options.md)