From 38d6cc9c96cb8ed4d1b3ab025fe3af8e99258e08 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Wed, 21 Mar 2018 14:58:19 -0700 Subject: [PATCH 1/3] fixed table formatting --- .../active-directory-security-groups.md | 83 +++++++++++-------- 1 file changed, 50 insertions(+), 33 deletions(-) diff --git a/windows/security/identity-protection/access-control/active-directory-security-groups.md b/windows/security/identity-protection/access-control/active-directory-security-groups.md index 05ea62503f..4d1ebc58cb 100644 --- a/windows/security/identity-protection/access-control/active-directory-security-groups.md +++ b/windows/security/identity-protection/access-control/active-directory-security-groups.md @@ -313,217 +313,217 @@ The following tables provide descriptions of the default groups that are located

Yes

Yes

- +

[Enterprise Key Admins](#bkmk-enterprise-key-admins)

Yes

- +

[Enterprise Read-only Domain Controllers](#bkmk-entrodc)

Yes

Yes

Yes

Yes

- +

[Event Log Readers](#bkmk-eventlogreaders)

Yes

Yes

Yes

Yes

- +

[Group Policy Creator Owners](#bkmk-gpcreatorsowners)

Yes

Yes

Yes

Yes

- +

[Guests](#bkmk-guests)

Yes

Yes

Yes

Yes

- +

[Hyper-V Administrators](#bkmk-hypervadministrators)

Yes

Yes

Yes

- +

[IIS_IUSRS](#bkmk-iis-iusrs)

Yes

Yes

Yes

Yes

- +

[Incoming Forest Trust Builders](#bkmk-inforesttrustbldrs)

Yes

Yes

Yes

Yes

- +

[Key Admins](#key-admins)

Yes

- +

[Network Configuration Operators](#bkmk-networkcfgoperators)

Yes

Yes

Yes

Yes

- +

[Performance Log Users](#bkmk-perflogusers)

Yes

Yes

Yes

Yes

- +

[Performance Monitor Users](#bkmk-perfmonitorusers)

Yes

Yes

Yes

Yes

- +

[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)

Yes

Yes

Yes

Yes

- +

[Print Operators](#bkmk-printoperators)

Yes

Yes

Yes

Yes

- +

[Protected Users](#bkmk-protectedusers)

Yes

Yes

- +

[RAS and IAS Servers](#bkmk-rasandias)

Yes

Yes

Yes

Yes

- +

[RDS Endpoint Servers](#bkmk-rdsendpointservers)

Yes

Yes

Yes

- +

[RDS Management Servers](#bkmk-rdsmanagementservers)

Yes

Yes

Yes

- +

[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)

Yes

Yes

Yes

- +

[Read-only Domain Controllers](#bkmk-rodc)

Yes

Yes

Yes

Yes

- +

[Remote Desktop Users](#bkmk-remotedesktopusers)

Yes

Yes

Yes

Yes

- +

[Remote Management Users](#bkmk-remotemanagementusers)

Yes

Yes

Yes

- +

[Replicator](#bkmk-replicator)

Yes

Yes

Yes

Yes

- +

[Schema Admins](#bkmk-schemaadmins)

Yes

Yes

Yes

Yes

- +

[Server Operators](#bkmk-serveroperators)

Yes

Yes

Yes

Yes

- +

[Storage Replica Administrators](#storage-replica-administrators)

Yes

- +

[System Managed Accounts Group](#system-managed-accounts-group)

Yes

- +

[Terminal Server License Servers](#bkmk-terminalserverlic)

Yes

Yes

Yes

Yes

- +

[Users](#bkmk-users)

Yes

Yes

Yes

Yes

- +

[Windows Authorization Access Group](#bkmk-winauthaccess)

Yes

Yes

Yes

Yes

- +

[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)

Yes

@@ -1763,8 +1763,25 @@ This security group has not changed since Windows Server 2008. -  +### Enterprise Key Admins +Members of this group can perform administrative actions on key objects within the forest. + +The Enterprise Key Admins group was introduced in Windows Server 2016. + +| Attribute | Value | +|-----------|-------| +| Well-Known SID/RID | S-1-5-21-<domain>-527 | +| Type | Global | +| Default container | CN=Users, DC=<domain>, DC= | +| Default members | None | +| Default member of | None | +| Protected by ADMINSDHOLDER? | No | +| Safe to move out of default container? | Yes | +| Safe to delegate management of this group to non-Service admins? | No | +| Default User Rights | None | + +  ### Enterprise Read-Only Domain Controllers Members of this group are Read-Only Domain Controllers in the enterprise. Except for account passwords, a Read-only domain controller holds all the Active Directory objects and attributes that a writable domain controller holds. However, changes cannot be made to the database that is stored on the Read-only domain controller. Changes must be made on a writable domain controller and then replicated to the Read-only domain controller. @@ -2233,7 +2250,7 @@ The Key Admins group applies to versions of the Windows Server operating system | Attribute | Value | |-----------|-------| -| Well-Known SID/RID | S-1-5-21-4195037842-338827918-94892514-526 | +| Well-Known SID/RID | S-1-5-21-<domain>-526 | | Type | Global | | Default container | CN=Users, DC=<domain>, DC= | | Default members | None | From 9c38eeda846437997bd1dcd720381d083f675b68 Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 22 Mar 2018 21:39:11 +0000 Subject: [PATCH 2/3] Merged PR 6582: Policies supported by Windows Holographic for Business - updated list --- .../policy-configuration-service-provider.md | 36 +++++++++++++++++++ .../mdm/policy-csp-privacy.md | 8 ----- 2 files changed, 36 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 914f916fa6..df4189187b 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -4462,6 +4462,42 @@ The following diagram shows the Policy configuration service provider in tree fo - [WirelessDisplay/AllowProjectionToPC](./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc) - [WirelessDisplay/RequirePinForPairing](./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing) + +## Policies supported by Windows Holographic for Business + +- [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection) +- [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps) +- [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate) +- [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock) +- [Authentication/AllowFastReconnect](#authentication-allowfastreconnect) +- [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising) +- [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode) +- [Bluetooth/LocalDeviceName](#bluetooth-localdevicename) +- [Browser/AllowCookies](#browser-allowcookies) +- [Browser/AllowDoNotTrack](#browser-allowdonottrack) +- [Browser/AllowPasswordManager](#browser-allowpasswordmanager) +- [Browser/AllowPopups](#browser-allowpopups) +- [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar) +- [Browser/AllowSmartScreen](#browser-allowsmartscreen) +- [Connectivity/AllowBluetooth](#connectivity-allowbluetooth) +- [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword) +- [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled) +- [Experience/AllowCortana](#experience-allowcortana) +- [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment) +- [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) +- [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation) +- [Security/RequireDeviceEncryption](#security-requiredeviceencryption) +- [Settings/AllowDateTime](#settings-allowdatetime) +- [Settings/AllowVPN](#settings-allowvpn) +- [System/AllowLocation](#system-allowlocation) +- [System/AllowTelemetry](#system-allowtelemetry) +- [Update/AllowAutoUpdate](#update-allowautoupdate) +- [Update/AllowUpdateService](#update-allowupdateservice) +- [Update/RequireDeferUpgrade](#update-requiredeferupgrade) +- [Update/RequireUpdateApproval](#update-requireupdateapproval) +- [Update/UpdateServiceUrl](#update-updateserviceurl) + + ## Policies that can be set using Exchange Active Sync (EAS) diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index c084709cd0..932edbd301 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -4493,14 +4493,6 @@ Footnote: ## Privacy policies supported by Windows Holographic for Business - [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization) -- [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo) -- [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps) -- [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps) -- [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps) -- [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground) -- [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps) -- [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps) -- [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps) From 36fb17ef8efc29ff82f900a5dfac6b62d8ee983a Mon Sep 17 00:00:00 2001 From: Maricia Alforque Date: Thu, 22 Mar 2018 21:43:26 +0000 Subject: [PATCH 3/3] Merged PR 6580: MultiSim CSP - added SyncML examples --- windows/client-management/mdm/multisim-csp.md | 101 +++++++++++++++++- ...ew-in-windows-mdm-enrollment-management.md | 8 ++ 2 files changed, 107 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md index 9467b896ff..5453323c70 100644 --- a/windows/client-management/mdm/multisim-csp.md +++ b/windows/client-management/mdm/multisim-csp.md @@ -6,7 +6,7 @@ ms.topic: article ms.prod: w10 ms.technology: windows author: nickbrower -ms.date: 02/27/2018 +ms.date: 03/22/2018 --- # MultiSIM CSP @@ -30,9 +30,13 @@ Node representing a Mobile Broadband Modem. The node name is the modem ID. Modem **_ModemID_/Identifier** Modem ID. +Supported operation is Get. Value type is string. + **_ModemID_/IsEmbedded** Indicates whether this modem is embedded or external. +Supported operation is Get. Value type is bool. + **_ModemID_/Slots** Represents all SIM slots in the Modem. @@ -42,17 +46,110 @@ Node representing a SIM Slot. The node name is the Slot ID. SIM Slot ID format i **_ModemID_/Slots/_SlotID_/Identifier** Slot ID. +Supported operation is Get. Value type is integer. + **_ModemID_/Slots/_SlotID_/IsEmbedded** Indicates whether this Slot is embedded or a physical SIM slot. +Supported operation is Get. Value type is bool. + **_ModemID_/Slots/_SlotID_/IsSelected** Indicates whether this Slot is selected or not. +Supported operation is Get and Replace. Value type is bool. + **_ModemID_/Slots/_SlotID_/State** Slot state (Unknown = 0, OffEmpty = 1, Off = 2, Empty = 3, NotReady = 4, Active = 5, Error = 6, ActiveEsim = 7, ActiveEsimNoProfile = 8) +Supported operation is Get. Value type is integer. + **_ModemID_/Policies** Policies associated with the Modem. **_ModemID_/Policies/SlotSelectionEnabled** -Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true. \ No newline at end of file +Determines whether the user is allowed to change slots in the Cellular settings UI. Default is true. + +Supported operation is Get and Replace. Value type is bool. + +## Examples + +Get modem +``` syntax + + + + 1 + + + + ./Vendor/MSFT/MultiSIM + + + + + + + +``` + +Get slots +``` syntax + + + + 1 + + + + ./Vendor/MSFT/MultiSIM/Embedded/Slots + + + + + + + +``` + +Get slot state +``` syntax + + + + 1 + + + + ./Vendor/MSFT/MultiSIM/Embedded/Slots/Embedded/State + + + + + + + +``` + +Select slot +``` syntax + + + + 1 + + + + ./Vendor/MSFT/MultiSIM/Embedded/Slots/0/IsSelected + + + + bool + text/plain + + true + + + + + +``` \ No newline at end of file diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 5904341127..af947d4d1e 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1671,11 +1671,19 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
    • +

    Added a new section:

    +
      +
    • [Policies supported by GP](policy-configuration-service-provider.md#policies-supported-by-gp) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.
      • +
    [Policy CSP - Bluetooth](policy-csp-bluetooth.md)

    Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).

    + +[MultiSIM CSP](multisim-csp.md) +

    Added SyncML examples and updated the settings descriptions.

    +