deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/MicrosoftDocs/windows-docs-pr

Browse Source
This commit is contained in:
Siddarth Mandalika 2021-08-06 16:18:34 +05:30
commit 7a221abee2
11 changed files with 310 additions and 139 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
windows/client-management/index.yml
View File

@ -1,11 +1,11 @@
### YamlMime:Landing
title: Client management # < 60 chars
summary: Find out how to apply custom configurations to Windows client devices. Windows provides a number of features and methods to help you configure or lock down specific parts of the Windows interface. # < 160 chars
summary: Find out how to apply custom configurations to Windows client devices. Windows provides many features and methods to help you configure or lock down specific parts of the Windows interface. # < 160 chars
metadata:
title: Configure Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about the administrative tools, tasks and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars.
title: Manage Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Learn about the administrative tools, tasks, and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 04/30/2021 #Required; mm/dd/yyyy format.
ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

22
windows/client-management/mdm/defender-csp.md
View File

@ -10,7 +10,7 @@ ms.prod: w10
ms.technology: windows
author: dansimp
ms.localizationpriority: medium
ms.date: 07/23/2021
ms.date: 08/05/2021
---
# Defender CSP
@ -453,6 +453,26 @@ Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-hideexclusionsfromlocaladmins"></a>**Configuration/HideExclusionsFromLocalAdmins**<br>
This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled.
If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App and via PowerShell.
If you enable this setting, Local Admins will no longer be able to see the exclusion list in Windows Security App or via PowerShell.
> [!NOTE]
> Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
Supported OS versions: Windows 10
The data type is integer.
Supported operations are Add, Delete, Get, Replace.
Valid values are:
- 1 Enable.
- 0 (default) Disable.
<a href="" id="configuration-disablecputhrottleonidlescans"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>
Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur.

2
windows/client-management/toc.yml
View File

@ -36,7 +36,7 @@ items:
items:
- name: CSP reference
href: mdm/configuration-service-provider-reference.md
- name: Troubleshoot Windows 10 clients
- name: Troubleshoot Windows clients
items:
- name: Windows 10 support solutions
href: windows-10-support-solutions.md

30
windows/configuration/TOC.yml
View File

@ -1,24 +1,26 @@
- name: Configure Windows 10
- name: Configure Windows client
href: index.yml
- name: Configure appearance settings
- name: Customize the appearance
items:
- name: Windows 10 Start and taskbar
items:
- name: Manage Windows 10 Start and taskbar layout
- name: Start layout and taskbar
href: windows-10-start-layout-options-and-policies.md
- name: Configure Windows 10 taskbar
href: configure-windows-10-taskbar.md
- name: Customize and export Start layout
href: customize-and-export-start-layout.md
- name: Add image for secondary tiles
href: start-secondary-tiles.md
- name: Start layout XML for desktop editions of Windows 10 (reference)
href: start-layout-xml-desktop.md
- name: Customize Windows 10 Start and taskbar with Group Policy
- name: Use XML
items:
- name: Customize and export Start layout
href: customize-and-export-start-layout.md
- name: Customize the taskbar
href: configure-windows-10-taskbar.md
- name: Add image for secondary Microsoft Edge tiles
href: start-secondary-tiles.md
- name: Start layout XML for Windows 10 desktop editions (reference)
href: start-layout-xml-desktop.md
- name: Use group policy
href: customize-windows-10-start-screens-by-using-group-policy.md
- name: Customize Windows 10 Start and taskbar with provisioning packages
- name: Use provisioning packages
href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
- name: Customize Windows 10 Start and taskbar with mobile device management (MDM)
- name: Use mobile device management (MDM)
href: customize-windows-10-start-screens-by-using-mobile-device-management.md
- name: Troubleshoot Start menu errors
href: start-layout-troubleshoot.md

47
windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
View File

@ -1,6 +1,6 @@
---
title: Alter Windows 10 Start and taskbar via mobile device management
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users.
title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
ms.assetid: F487850D-8950-41FB-9B06-64240127C1E4
ms.reviewer:
manager: dansimp
@ -12,7 +12,7 @@ author: greg-lindsay
ms.topic: article
ms.author: greglin
ms.localizationpriority: medium
ms.date: 02/08/2018
ms.date: 08/05/2021
---
# Customize Windows 10 Start and taskbar with mobile device management (MDM)
@ -25,7 +25,7 @@ ms.date: 02/08/2018
>**Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required. The layout can be updated simply by overwriting the `.xml` file that contains the layout. This feature enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
>[!NOTE]
>Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
@ -56,36 +56,39 @@ Two features enable Start layout control:
## <a href="" id="bkmk-domaingpodeployment"></a>Create a policy for your customized Start layout
The following example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout:
This example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout. See the documentation for your MDM solution for help in applying the policy.
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
1. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
2. Select **Devices** > **Configuration profiles** > **Create profile**.
2. Select **Device configuration**.
3. Enter the following properties:
3. Select **Profiles**.
- **Platform**: Select **Windows 10 and later**.
- **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
4. Select **Create profile**.
4. In **Basics**, enter the following properties:
5. Enter a friendly name for the profile.
- **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Customize Start menu and taskbar**.
- **Description**: Enter a description for the profile. This setting is optional, but recommended.
6. Select **Windows 10 and later** for the platform.
5. Select **Next**.
7. Select **Device restrictions for the profile type.
6. In **Configuration settings**, select **Start**:
8. Select **Start**.
- If you're using an XML file, select **Start menu layout**. Browse to and select your Start layout XML file.
- If you don't have an XML file, configure the others settings. For more information on these settings, see [Start settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
9. In **Start menu layout**, browse to and select your Start layout XML File.
7. Select **Next**.
8. In **Scope tags**, select **Next**. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
9. In **Assignments**, select the user or groups that will receive your profile. Select **Next**. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
10. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
10. Select **OK** twice, and then select **Create**.
11. Assign the profile to a device group.
For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
> [!NOTE]
> For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
## Related topics
## Next steps
- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
@ -95,5 +98,3 @@ For other MDM solutions, you may need to use an OMA-URI setting for Start layout
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

20
windows/configuration/index.yml
View File

@ -1,11 +1,11 @@
### YamlMime:Landing
title: Configure Windows 10 # < 60 chars
summary: Find out how to apply custom configurations to Windows 10 devices. Windows 10 provides a number of features and methods to help you configure or lock down specific parts of Windows 10. # < 160 chars
title: Configure Windows client # < 60 chars
summary: Find out how to apply custom configurations to Windows 10 and Windows 11 devices. Windows 10 provides a number of features and methods to help you configure or lock down specific parts of Windows client. # < 160 chars
metadata:
title: Configure Windows 10 # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out how to apply custom configurations to Windows 10 devices. # Required; article description that is displayed in search results. < 160 chars.
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out how to apply custom configurations to Windows client devices. # Required; article description that is displayed in search results. < 160 chars.
services: windows-10
ms.service: windows-10 #Required; service per approved list. service slug assigned to your service by ACOM.
ms.subservice: subservice
@ -13,7 +13,7 @@ metadata:
ms.collection: windows-10
author: greg-lindsay #Required; your GitHub user alias, with correct capitalization.
ms.author: greglin #Required; microsoft alias of author; optional team alias.
ms.date: 03/23/2021 #Required; mm/dd/yyyy format.
ms.date: 08/05/2021 #Required; mm/dd/yyyy format.
localization_priority: medium
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@ -22,7 +22,7 @@ landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
# Card (optional)
- title: Manage Windows 10 settings
- title: Manage Windows client settings
linkLists:
- linkListType: overview
links:
@ -35,7 +35,7 @@ landingContent:
# Card (optional)
- title: Configure a Windows 10 kiosk
- title: Configure a Windows kiosk
linkLists:
- linkListType: overview
links:
@ -48,7 +48,7 @@ landingContent:
# Card (optional)
- title: Windows 10 provisioning packages
- title: Windows client provisioning packages
linkLists:
- linkListType: overview
links:
@ -70,7 +70,7 @@ landingContent:
url: wcd/wcd-oobe.md
# Card (optional)
- title: Configure Cortana in Windows 10
- title: Configure Cortana in Windows client
linkLists:
- linkListType: overview
links:
@ -80,7 +80,7 @@ landingContent:
url: cortana-at-work/cortana-at-work-voice-commands.md
# Card (optional)
- title: User Experience Virtualization (UE-V) for Windows 10
- title: User Experience Virtualization (UE-V) for Windows client
linkLists:
- linkListType: overview
links:

234
windows/configuration/windows-10-start-layout-options-and-policies.md
View File

@ -1,6 +1,6 @@
---
title: Manage Windows 10 Start and taskbar layout (Windows 10)
description: Organizations might want to deploy a customized Start and taskbar layout to devices.
title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10) | Microsoft Docs
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
ms.assetid: 2E94743B-6A49-463C-9448-B7DD19D9CD6A
ms.reviewer:
manager: dansimp
@ -12,119 +12,215 @@ author: greg-lindsay
ms.author: greglin
ms.topic: article
ms.localizationpriority: medium
ms.date: 06/19/2018
ms.date: 08/05/2021
---
# Manage Windows 10 Start and taskbar layout
# Customize the Start menu and taskbar layout on Windows 10 and later devices
**Applies to**:
**Applies to**
- Windows 10, Windows Server 2016 with Desktop Experience, Windows Server 2019 with Desktop Experience
- Windows 10 version 1607 and later
- Windows Server 2016 with Desktop Experience
- Windows Server 2019 with Desktop Experience
> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
>
> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Pro, Enterprise, or Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.
Your organization can deploy a customized Start and taskbar to Windows 10 Professional, Enterprise, or Education devices. Use a standard, customized Start layout on devices that are common to multiple users, and devices that are locked down. Configuring the taskbar allows you to pin useful apps for your users, and remove apps that are pinned by default.
>[!NOTE]
>Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
As administrator, you can use these features to customize Start and taskbar to meet your organization needs. This article describes the different ways you can customize Start and taskbar, and lists the Start policies. It also includes taskbar information on a clean operating system (OS) installation, and when an OS is upgraded.
>[!NOTE]
>Taskbar configuration is available starting in Windows 10, version 1607.
>
>Start and taskbar configuration can be applied to devices running Windows 10 Pro, version 1703.
>
>For information on using the layout modification XML to configure Start with roaming user profiles, see [Deploy Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs).
>
>Using CopyProfile for Start menu customization in Windows 10 isn't supported. For more information [Customize the Default User Profile by Using CopyProfile](/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile)
## Use XML
On an existing Windows device, you can set up the **Start** screen, and then export the layout to an XML file. When you have the XML file, add this file to a group policy, a Windows Configuration Designer provisioning package, or a mobile device management (MDM) policy. Using these methods, you can deploy the XML file to your devices. When the devices receive your policy, they'll use the layout configured in the XML file.
## Start options
For more information, see [Customize and export Start layout](customize-and-export-start-layout.md).
For the **taskbar**, you can use the same XML file as the start screen. Or, you can create a new XML file. When you have the XML file, add this file to a group policy or a provisioning package. Using these methods, you can deploy the XML file to your devices. When the devices receive your policy, they'll use the taskbar settings you configured in the XML file.
For more information, see [Configure Windows 10 taskbar](configure-windows-10-taskbar.md).
## Use group policy
Using group policy objects (GPO), you can manage different parts of the Start menu and taskbar. You don't need to reimage the devices. Using administrative templates, you configure settings in a policy, and then deploy this policy to your devices. [Start menu policy settings](#start-menu-policy-settings) (in this article) lists the policies you can configure.
For more information, see [Use group policy to customize Windows 10 Start and taskbar](customize-windows-10-start-screens-by-using-group-policy.md).
## Use provisioning packages
Provisioning packages are containers that include a set of configuration settings. They're designed to configure a device quickly, without installing a new image. For more information on what provisioning packages are, and what they do, see [Provisioning packages](./provisioning-packages/provisioning-packages.md).
Using a provisioning package, you can customize the Start and taskbar. For more information, see [Use provisioning packages to customize Windows 10 Start and taskbar](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
## Use a mobile device management (MDM) solution
Using an MDM solution, you add an XML file to a policy, and then deploy this policy to your devices.
If you use Microsoft Intune for your MDM solution, then you can use settings to configure Start and the taskbar. For more information on the settings you can configure, see [Start settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
For more information, see [Use MDM to customize Windows 10 Start and taskbar](customize-windows-10-start-screens-by-using-mobile-device-management.md).
## Start menu policy settings
![start layout sections](images/startannotated.png)
Some areas of Start can be managed using Group Policy. The layout of Start tiles can be managed using either Group Policy or Mobile Device Management (MDM) policy.
The following list includes the different Start options, and any policy or local settings. The settings in the list can also be used in a provisioning package. If you use a provisioning package, see the [Windows Configuration Designer reference](./wcd/wcd-policies.md#start).
>[!NOTE]
>The MDM policy settings in the table can also be configured [in a provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) using **Policies** > **Start**. [See the reference for **Start** settings in Windows Configuration Designer.](./wcd/wcd-policies.md#start)
- **User tile**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove Logoff on the Start menu`
- **Local setting**: None
- **MDM policy**:
- Start/HideUserTile
- Start/HideSwitchAccount
- Start/HideSignOut
- Start/HideLock
- Start/HideChangeAccountSettings
The following table lists the different parts of Start and any applicable policy settings or Settings options. Group Policy settings are in the **User Configuration**\\**Administrative Templates**\\**Start Menu and Taskbar** path except where a different path is listed in the table.
- **Most used**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove frequent programs from the Start menu`
- **Local setting**: Settings > Personalization > Start > Show most used apps
- **MDM policy**: Start/HideFrequentlyUsedApps
| Start | Policy | Local setting |
| --- | --- | --- |
| User tile | MDM: **Start/HideUserTile**</br>**Start/HideSwitchAccount**</br>**Start/HideSignOut**</br>**Start/HideLock**</br>**Start/HideChangeAccountSettings**</br></br>Group Policy: **Remove Logoff on the Start menu** | none |
| Most used | MDM: **Start/HideFrequentlyUsedApps**</br></br>Group Policy: **Remove frequent programs from the Start menu** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show most used apps** |
| Suggestions</br>-and-</br>Dynamically inserted app tile | MDM: **Allow Windows Consumer Features**</br></br>Group Policy: **Computer Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off Microsoft consumer experiences**</br></br>**Note:** This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu. | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start** |
| Recently added | MDM: **Start/HideRecentlyAddedApps**<br>Group Policy: **Computer configuration**\\**Administrative Template**\\**Start Menu and Taskbar**\\**Remove "Recently Added" list from Start Menu** (for Windows 10, version 1803) | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show recently added apps** |
| Pinned folders | MDM: **AllowPinnedFolder** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Choose which folders appear on Start** |
| Power | MDM: **Start/HidePowerButton**</br>**Start/HideHibernate**</br>**Start/HideRestart**</br>**Start/HideShutDown**</br>**Start/HideSleep**</br></br>Group Policy: **Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands** | none |
| Start layout | MDM: **Start layout**</br>**ImportEdgeAssets**</br></br>Group Policy: **Prevent users from customizing their Start screen**</br></br>**Note:** When a full Start screen layout is imported with Group Policy or MDM, the users cannot pin, unpin, or uninstall apps from the Start screen. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to the Start screen. When a partial Start screen layout is imported, users cannot change the tile groups applied by the partial layout, but can modify other tile groups and create their own.</br></br>**Start layout** policy can be used to pin apps to the taskbar based on an XML File that you provide. Users will be able to change the order of pinned apps, unpin apps, and pin additional apps to the taskbar. | none |
| Jump lists | MDM: **Start/HideRecentJumplists**</br></br>Group Policy: **Do not keep history of recently opened documents** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show recently opened items in Jump Lists on Start or the taskbar** |
| Start size | MDM: **Force Start size**</br></br>Group Policy: **Force Start to be either full screen size or menu size** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Use Start full screen** |
| App list | MDM: **Start/HideAppList** | **Settings** &gt; **Personalization** &gt; **Start** &gt; **Show app list in Start menu** |
| All Settings | Group Policy: **Prevent changes to Taskbar and Start Menu Settings** | none |
| Taskbar | MDM: **Start/NoPinningToTaskbar** | none |
- **Suggestions, Dynamically inserted app tile**
- **Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off Microsoft consumer experiences`
>[!NOTE]
>In local **Settings** > **Personalization** > **Start**, there is an option to **Show more tiles**. The default tile layout for Start tiles is 3 columns of medium sized tiles. **Show more tiles** enables 4 columns. To configure the 4-column layout when you [customize and export a Start layout](customize-and-export-start-layout.md), turn on the **Show more tiles** setting and then arrange your tiles.
This policy also enables or disables notifications for:
[Learn how to customize and export Start layout](customize-and-export-start-layout.md)
- A user's Microsoft account
- App tiles that Microsoft dynamically adds to the default Start menu
## Taskbar options
- **Local setting**: Settings > Personalization > Start > Occasionally show suggestions in Start
- **MDM policy**: Allow Windows Consumer Features
Starting in Windows 10, version 1607, you can pin additional apps to the taskbar and remove default pinned apps from the taskbar. You can specify different taskbar configurations based on device locale or region.
- **Recently added**
- **Group policy**: `Computer configuration\Administrative Template\Start Menu and Taskbar\Remove "Recently Added" list from Start Menu`
There are three categories of apps that might be pinned to a taskbar:
* Apps pinned by the user
* Default Windows apps, pinned during operating system installation (Microsoft Edge, File Explorer, Store)
* Apps pinned by the enterprise, such as in an unattended Windows setup
This policy applies to:
>[!NOTE]
>We recommend using [the layoutmodification.xml method](configure-windows-10-taskbar.md) to configure taskbar options, rather than the earlier method of using [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks) in an unattended Windows setup file.
- Windows 10 version 1803 and later
The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square).
- **Local setting**: Settings > Personalization > Start > Show recently added apps
- **MDM policy**: Start/HideRecentlyAddedApps
- **Pinned folders**
- **Local setting**: Settings > Personalization > Start > Choose which folders appear on Start
- **MDM policy**: AllowPinnedFolder
- **Power**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands`
- **Local setting**: None
- **MDM policy**:
- Start/HidePowerButton
- Start/HideHibernate
- Start/HideRestart
- Start/HideShutDown
- Start/HideSleep
- **Start layout**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from customizing their Start screen`
When a full Start screen layout is imported with Group Policy or MDM, users can't pin, unpin, or uninstall apps from the Start screen. Users can see and open all apps in the **All Apps** view, but they can't pin any apps to the Start screen. When a partial Start screen layout is imported, users can't change the tile groups applied by the partial layout. They can change other tile groups, and create their own tile groups.
**Start layout** policy can be used to pin apps to the taskbar based on an XML File you provide. Users can change the order of pinned apps, unpin apps, and pin more apps to the taskbar.
- **Local setting**: None
- **MDM policy**:
- Start layout
- ImportEdgeAssets
- **Jump lists**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
- **Local setting**: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
- **MDM policy**: Start/HideRecentJumplists
- **Start size**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Force Start to be either full screen size or menu size`
- **Local setting**: Settings > Personalization > Start > Use Start full screen
- **MDM policy**: Force Start size
- **App list**
- **Local setting**: Settings > Personalization > Start > Show app list in Start menu
- **MDM policy**: Start/HideAppList
- **All settings**
- **Group policy**: `User Configuration\Administrative Templates\Prevent changes to Taskbar and Start Menu Settings`
- **Local setting**: None
- **Taskbar**
- **Local setting**: None
- **MDM policy**: Start/NoPinningToTaskbar
> [!NOTE]
> In the **Settings** app > **Personalization** > **Start**, there is a **Show more tiles on Start** option. The default tile layout for Start tiles is 3 columns of medium sized tiles. **Show more tiles on Start** enables 4 columns. To configure the 4-column layout when you [customize and export a Start layout](customize-and-export-start-layout.md), turn on the **Show more tiles** setting, and then arrange your tiles.
## Taskbar options
Starting in Windows 10 version 1607, you can pin more apps to the taskbar, and remove default pinned apps from the taskbar. You can select different taskbar configurations based on device locale or region.
There are three app categories that could be pinned to a taskbar:
- Apps pinned by the user
- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Store
- Apps pinned by your organization, such as in an unattended Windows setup
In an unattended Windows setup file, it's recommended to use the [layoutmodification.xml method](configure-windows-10-taskbar.md) to configure the taskbar options. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
The following example shows how apps are pinned. In OS configured to use a right-to-left language, the taskbar order is reversed:
- Windows default apps to the left (blue circle)
- Apps pinned by the user in the center (orange triangle)
- Apps that you pin using XML to the right (green square)
![Windows left, user center, enterprise to the right](images/taskbar-generic.png)
>[!NOTE]
>In operating systems configured to use a right-to-left language, the taskbar order will be reversed.
If you apply the taskbar configuration to a clean install or an update, users can still:
- Pin more apps
- Change the order of pinned apps
- Unpin any app
Whether you apply the taskbar configuration to a clean install or an update, users will still be able to:
* Pin additional apps
* Change the order of pinned apps
* Unpin any app
>[!NOTE]
>In Windows 10, version 1703, you can apply an MDM policy, `Start/NoPinningToTaskbar`, to prevents users from pinning and unpinning apps on the taskbar.
> [!TIP]
> In Windows 10 version 1703, you can apply the `Start/NoPinningToTaskbar` MDM policy. This policy prevents users from pinning and unpinning apps on the taskbar.
### Taskbar configuration applied to clean install of Windows 10
In a clean install, if you apply a taskbar layout, only the apps that you specify and default apps that you do not remove will be pinned to the taskbar. Users can pin additional apps to the taskbar after the layout is applied.
In a clean install, if you apply a taskbar layout, only the following apps are pinned to the taskbar:
- Apps you specifically add
- Any default apps you don't remove
After the layout is applied, users can pin more apps to the taskbar.
### Taskbar configuration applied to Windows 10 upgrades
When a device is upgraded to Windows 10, apps will be pinned to the taskbar already. Some apps may have been pinned to the taskbar by a user, and others may have been pinned to the taskbar through a customized base image or by using Windows Unattend setup.
When a device is upgraded to Windows 10, apps are already pinned to the taskbar. Some apps may have been pinned to the taskbar by a user, by a customized base image, or by using Windows unattended setup.
The new taskbar layout for upgrades to Windows 10, version 1607 or later, will apply the following behavior:
* If the user pinned the app to the taskbar, those pinned apps remain and new apps will be added to the right.
* If the user didn't pin the app (it was pinned during installation or by policy) and the app is not in updated layout file, the app will be unpinned.
* If the user didn't pin the app and the app is in the updated layout file, the app will be pinned to the right.
* New apps specified in updated layout file are pinned to right of user's pinned apps.
On Windows 10 version 1607 and later, the new taskbar layout for upgrades apply the following behavior:
- If users pinned apps to the taskbar, then those pinned apps remain. New apps are added to the right.
- If users didn't pin any apps (they're pinned during installation or by policy), and the apps aren't in an updated layout file, then the apps are unpinned.
- If a user didn't pin the app, and the app is in the updated layout file, then the app is pinned to the right.
- New apps specified in updated layout file are pinned to right of user's pinned apps.
[Learn how to configure Windows 10 taskbar](configure-windows-10-taskbar.md).
## Start layout configuration errors
If your Start layout customization is not applied as expected, open **Event Viewer** and navigate to **Applications and Services Log** > **Microsoft** > **Windows** > **ShellCommon-StartLayoutPopulation** > **Operational**, and check for one of the following events:
If your Start layout customization isn't applied as you expect, open the **Event Viewer**. Go to **Applications and Services Log** > **Microsoft** > **Windows** > **ShellCommon-StartLayoutPopulation** > **Operational**. Look for the following events:
- **Event 22** is logged when the xml is malformed, meaning the specified file simply isnt valid xml. This can occur if the file has extra spaces or unexpected characters, or if the file is not saved in the UTF8 format.
- **Event 64** is logged when the xml is valid, but has unexpected values. This can happen when the desired configuration is not understood, elements are not in [the required order](start-layout-xml-desktop.md#required-order), or source is not found, such as a missing or misspelled .lnk.
## Related topics
- **Event 22**: The XML is malformed. The specified file isnt valid XML. This event can happen if the file has extra spaces or unexpected characters. Or, if the file isn't saved in the UTF8 format.
- **Event 64**: The XML is valid, and has unexpected values. This event can happen when the configuration isn't understood, elements aren't in [the required order](start-layout-xml-desktop.md#required-order), or source isn't found, such as a missing or misspelled `.lnk`.
## Next steps
- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
- [Customize and export Start layout](customize-and-export-start-layout.md)
@ -133,4 +229,4 @@ If your Start layout customization is not applied as expected, open **Event View
- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

4
windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
View File

@ -72,7 +72,7 @@ To monitor the task sequence as it happens, right-click the **MDT Build Lab** de
### Configure permissions for the deployment share
In order to read files in the deployment share and write the reference image back to it, you need to assign NTSF and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTBuildLab** folder
In order to read files in the deployment share and write the reference image back to it, you need to assign NTFS and SMB permissions to the MDT Build Account (MDT\_BA) for the **D:\\MDTBuildLab** folder
On **MDT01**:
@ -679,4 +679,4 @@ After some time, you will have a Windows 10 Enterprise x64 image that is fully
[Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md)<br>
[Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
[Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
[Configure MDT settings](configure-mdt-settings.md)
[Configure MDT settings](configure-mdt-settings.md)

76
windows/deployment/update/media-dynamic-update.md
View File

@ -1,5 +1,5 @@
---
title: Update Windows 10 media with Dynamic Update
title: Update Windows installation media with Dynamic Update
description: Learn how to deploy feature updates to your mission critical devices
ms.prod: w10
ms.mktglfcycl: manage
@ -14,17 +14,17 @@ ms.collection: M365-modern-desktop
ms.topic: article
---
# Update Windows 10 media with Dynamic Update
# Update Windows installation media with Dynamic Update
**Applies to**: Windows 10
**Applies to**: Windows 10, Windows 11
This topic explains how to acquire and apply Dynamic Update packages to existing Windows 10 images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
This topic explains how to acquire and apply Dynamic Update packages to existing Windows images *prior to deployment* and includes Windows PowerShell scripts you can use to automate this process.
Volume-licensed media is available for each release of Windows 10 in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows 10 devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.
Volume-licensed media is available for each release of Windows in the Volume Licensing Service Center (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. You can use Dynamic Update to ensure that Windows devices have the latest feature update packages as part of an in-place upgrade while preserving language pack and Features on Demand (FODs) that might have been previously installed. Dynamic Update also eliminates the need to install a separate quality update as part of the in-place upgrade process.
## Dynamic Update
Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows 10 Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages include the following kinds of updates:
Whenever installation of a feature update starts (whether from media or an environment connected to Windows Update), *Dynamic Update* is one of the first steps. Windows Setup contacts a Microsoft endpoint to fetch Dynamic Update packages, and then applies those updates to your operating system installation media. The update packages include the following kinds of updates:
- Updates to Setup.exe binaries or other files that Setup uses for feature updates
- Updates for the "safe operating system" (SafeOS) that is used for the Windows recovery environment
@ -53,14 +53,14 @@ The various Dynamic Update packages might not all be present in the results from
If you want to customize the image with additional languages or Features on Demand, download supplemental media ISO files from the [Volume Licensing Service Center](https://www.microsoft.com/licensing/servicecenter/default.aspx). For example, since Dynamic Update will be disabled for your devices, and if users require specific Features on Demand, you can preinstall these into the image.
## Update Windows 10 installation media
## Update Windows installation media
Properly updating the installation media involves a large number of actions operating on several different targets (image files). Some actions are repeated on different targets. The target images files include:
- Windows Preinstallation Environment (WinPE): a small operating system used to install, deploy, and repair Windows operating systems
- Windows Recovery Environment (WinRE): repairs common causes of unbootable operating systems. WinRE is based on WinPE and can be customized with additional drivers, languages, optional packages, and other troubleshooting or diagnostic tools.
- Windows operating system: one or more editions of Windows 10 stored in \sources\install.wim
- Windows installation media: the complete collection of files and folders in the Windows 10 installation media. For example, \sources folder, \boot folder, Setup.exe, and so on.
- Windows operating system: one or more editions of Windows stored in \sources\install.wim
- Windows installation media: the complete collection of files and folders in the Windows installation media. For example, \sources folder, \boot folder, Setup.exe, and so on.
This table shows the correct sequence for applying the various tasks to the files. For example, the full sequence starts with adding the servicing stack update to WinRE (1) and concludes with adding the Dynamic Update for Setup to the new media (26).
@ -89,7 +89,7 @@ This table shows the correct sequence for applying the various tasks to the file
### Multiple Windows editions
The main operating system file (install.wim) contains multiple editions of Windows 10. Its possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
The main operating system file (install.wim) contains multiple editions of Windows. Its possible that only an update for a given edition is required to deploy it, based on the index. Or, it might be that all editions need an update. Further, ensure that languages are installed before Features on Demand, and the latest cumulative update is always applied last.
### Additional languages and features
@ -178,8 +178,6 @@ The script assumes that only a single edition is being updated, indicated by Ind
It finishes by cleaning and exporting the image to reduce the image size.
> [!NOTE]
> Skip adding the latest cumulative update to Winre.wim because it contains unnecessary components in the recovery environment. The components that are updated and applicable are contained in the safe operating system Dynamic Update package. This also helps to keep the image small.
```powershell
# Mount the main operating system, used throughout the script
@ -194,8 +192,33 @@ Write-Output "$(Get-TS): Mounting WinRE"
Mount-WindowsImage -ImagePath $WORKING_PATH"\winre.wim" -Index 1 -Path $WINRE_MOUNT -ErrorAction stop | Out-Null
# Add servicing stack update
# Note: If you are using a combined cumulative update, there may be a prerequisite servicing stack update required
# This is where you'd add the prerequisite SSU, before applying the latest combined cumulative update.
# Note: If you are applying a combined cumulative update to a previously updated image (e.g. an image you updated last month)
# There is a known issue where the servicing stack update is installed, but the cumulative update will fail.
# This error should be caught and ignored, as the last step will be to apply the cumulative update
# (or in this case the combined cumulative update) and thus the image will be left with the correct packages installed.
Write-Output "$(Get-TS): Adding package $SSU_PATH"
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
try
{
Add-WindowsPackage -Path $WINRE_MOUNT -PackagePath $SSU_PATH | Out-Null
}
Catch
{
$theError = $_
Write-Output "$(Get-TS): $theError"
if ($theError.Exception -like "*0x8007007e*") {
Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
}
else {
throw
}
}
#
# Optional: Add the language to recovery environment
@ -278,8 +301,33 @@ Foreach ($IMAGE in $WINPE_IMAGES) {
Mount-WindowsImage -ImagePath $MEDIA_NEW_PATH"\sources\boot.wim" -Index $IMAGE.ImageIndex -Path $WINPE_MOUNT -ErrorAction stop | Out-Null
# Add SSU
# Note: If you are using a combined cumulative update, there may be a prerequisite servicing stack update required
# This is where you'd add the prerequisite SSU, before applying the latest combined cumulative update.
# Note: If you are applying a combined cumulative update to a previously updated image (e.g. an image you updated last month)
# There is a known issue where the servicing stack update is installed, but the cumulative update will fail.
# This error should be caught and ignored, as the last step will be to apply the cumulative update
# (or in this case the combined cumulative update) and thus the image will be left with the correct packages installed.
Write-Output "$(Get-TS): Adding package $SSU_PATH"
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH -ErrorAction stop | Out-Null
try
{
Add-WindowsPackage -Path $WINPE_MOUNT -PackagePath $SSU_PATH | Out-Null
}
Catch
{
$theError = $_
Write-Output "$(Get-TS): $theError"
if ($theError.Exception -like "*0x8007007e*") {
Write-Output "$(Get-TS): This failure is a known issue with combined cumulative update, we can ignore."
}
else {
throw
}
}
# Install lp.cab cab
Write-Output "$(Get-TS): Adding package $WINPE_OC_LP_PATH"

2
windows/hub/index.yml
View File

@ -95,6 +95,8 @@ landingContent:
url: /windows/client-management/mandatory-user-profile
- text: New policies for Windows 10
url: /windows/client-management/new-policies-for-windows-10
- text: Configuration service provider reference
url: /windows/client-management/mdm/configuration-service-provider-reference
# Card (optional)
- title: Security and Privacy

4
windows/whats-new/windows-11.md
View File

@ -47,6 +47,8 @@ For more information about device eligibility, see [Windows 11 requirements](win
If you are interested in testing Windows 11 before general availability, you can join the [Windows Insider Program](https://insider.windows.com) or [Windows Insider Program for Business](https://insider.windows.com/for-business). You can also preview Windows 11 by enabling pre-release Windows 10 feature updates in [Microsoft Endpoint Configuration Manager](/mem/configmgr/core/servers/manage/pre-release-features) or [Windows Server Update Services](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/publishing-pre-release-windows-10-feature-updates-to-wsus/ba-p/845054) (WSUS).
If you are an administrator, you can manage installations of Windows 11 Insider Preview Builds across multiple devices in your organization using Group Policy, MDM solutions such as Intune, Configuration Manager, or [Windows Server Update Services](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/publishing-pre-release-windows-10-feature-updates-to-wsus/ba-p/845054) (WSUS). For more information, see [Manage Insider Preview builds across your organization](/windows-insider/business/manage-builds).
## Before you begin
The following sections provide a quick summary of licensing, compatibility, management, and servicing considerations to help you get started with Windows 11.
@ -86,4 +88,4 @@ When Windows 11 reaches general availability, important servicing-related announ
## Also see
[What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)<br>
[What's new in Windows 11](/windows-hardware/get-started/what-s-new-in-windows)<br>