From 6a0598fa09ee26d5b6dfbf84c54beaf00b62ec5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Fitt?= <36852431+rafalfitt@users.noreply.github.com> Date: Fri, 16 Sep 2022 23:22:37 +0200 Subject: [PATCH 1/3] Update dg-readiness-tool.md try+catch is needed to handle "Variable is currently undefined." error on some older computers Confirm-SecureBootUEFI : Variable is currently undefined: 0xC0000100 At line:1 char:1 + Confirm-SecureBootUEFI + ~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ResourceUnavailable: (Microsoft.Secur...BootUefiCommand:ConfirmSecureBootUefiCommand) [C onfirm-SecureBootUEFI], StatusException + FullyQualifiedErrorId : GetFWVarFailed,Microsoft.SecureBoot.Commands.ConfirmSecureBootUefiCommand https://docs.microsoft.com/en-us/powershell/module/secureboot/get-securebootuefi?view=windowsserver2022-ps --- .../credential-guard/dg-readiness-tool.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 603dcc1d9c..e1e0c996fa 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -796,7 +796,13 @@ function CheckOSArchitecture function CheckSecureBootState { - $_secureBoot = Confirm-SecureBootUEFI + try { + $_secureBoot = Confirm-SecureBootUEFI + } + catch + { + $_secureBoot = $false + } Log $_secureBoot if($_secureBoot) { From 80ffe386090dc544a073679e1b3d4a51b681ee8f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Fitt?= <36852431+rafalfitt@users.noreply.github.com> Date: Fri, 16 Sep 2022 23:49:01 +0200 Subject: [PATCH 2/3] Update dg-readiness-tool.md https://devblogs.microsoft.com/scripting/enforce-better-script-practices-by-using-set-strictmode/ --- .../identity-protection/credential-guard/dg-readiness-tool.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md index 603dcc1d9c..550c39bcf9 100644 --- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md +++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md @@ -25,6 +25,8 @@ appliesto: param([switch]$Capable, [switch]$Ready, [switch]$Enable, [switch]$Disable, $SIPolicyPath, [switch]$AutoReboot, [switch]$DG, [switch]$CG, [switch]$HVCI, [switch]$HLK, [switch]$Clear, [switch]$ResetVerifier) +Set-StrictMode -Version Latest + $path = "C:\DGLogs\" $LogFile = $path + "DeviceGuardCheckLog.txt" From 2a77a0def0dbda991a7cb161f6b57fa6a9722a3c Mon Sep 17 00:00:00 2001 From: 4D5A <4D5A@users.noreply.github.com> Date: Sun, 18 Sep 2022 06:54:59 -0400 Subject: [PATCH 3/3] Update enroll-a-windows-10-device-automatically-using-group-policy.md --- ...roll-a-windows-10-device-automatically-using-group-policy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md index b7a2a1544c..6395d0f9f3 100644 --- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md +++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md @@ -219,7 +219,7 @@ Requirements: 4. Rename the extracted Policy Definitions folder to `PolicyDefinitions`. -5. Copy the PolicyDefinitions folder to `\\SYSVOL\contoso.com\policies\PolicyDefinitions`. +5. Copy the PolicyDefinitions folder to `\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions`. If this folder doesn't exist, then you'll be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.