mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-07-03 03:03:43 +00:00
Merge pull request #7792 from MicrosoftDocs/main
Publish main to live on 1/25 @ 10:30 am
This commit is contained in:
Stephanie Savell
GitHub
@ -47,7 +47,7 @@ We recommend that you disable or manage Windows Hello for Business provisioning
|
|||||||
|
|
||||||
### Disable Windows Hello for Business using Intune Enrollment policy
|
### Disable Windows Hello for Business using Intune Enrollment policy
|
||||||
|
|
||||||
The following method explains how to disable Windows Hello for Business enrollment without Intune.
|
The following method explains how to disable Windows Hello for Business enrollment using Intune.
|
||||||
|
|
||||||
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
|
||||||
2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
|
2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
|
||||||
|
|||||||
@ -235,14 +235,14 @@ Example: D:(A;;FA;;;WD)
|
|||||||
| "GR" | GENERIC READ | "SD" | Delete |
|
| "GR" | GENERIC READ | "SD" | Delete |
|
||||||
| "GW" | GENERIC WRITE | "WD" | Modify Permissions |
|
| "GW" | GENERIC WRITE | "WD" | Modify Permissions |
|
||||||
| "GX" | GENERIC EXECUTE | "WO" | Modify Owner |
|
| "GX" | GENERIC EXECUTE | "WO" | Modify Owner |
|
||||||
| File access rights | "RP" | Read All Properties |
|
| File access rights | | "RP" | Read All Properties |
|
||||||
| "FA" | FILE ALL ACCESS | "WP" | Write All Properties |
|
| "FA" | FILE ALL ACCESS | "WP" | Write All Properties |
|
||||||
| "FR" | FILE GENERIC READ | "CC" | Create All Child Objects |
|
| "FR" | FILE GENERIC READ | "CC" | Create All Child Objects |
|
||||||
| "FW" | FILE GENERIC WRITE | "DC" | Delete All Child Objects |
|
| "FW" | FILE GENERIC WRITE | "DC" | Delete All Child Objects |
|
||||||
| "FX" | FILE GENERIC EXECUTE | "LC" | List Contents |
|
| "FX" | FILE GENERIC EXECUTE | "LC" | List Contents |
|
||||||
| Registry key access rights | "SW" | All Validated Writes |
|
| Registry key access rights | | "SW" | Self Write |
|
||||||
| "KA" | "LO" | "LO" | List Object |
|
| "KA" | KEY ALL ACCESS | "LO" | List Object |
|
||||||
| "K" | KEY READ | "DT" | Delete Subtree |
|
| "KR" | KEY READ | "DT" | Delete Subtree |
|
||||||
| "KW" | KEY WRITE | "CR" | All Extended Rights |
|
| "KW" | KEY WRITE | "CR" | All Extended Rights |
|
||||||
| "KX" | KEY EXECUTE | | |
|
| "KX" | KEY EXECUTE | | |
|
||||||
|
|
||||||
@ -272,4 +272,4 @@ For file system and registry objects, the following recommendations apply.
|
|||||||
|
|
||||||
- If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**
|
- If you have critical registry objects for which you need to monitor all modifications (especially permissions changes and owner changes), monitor for the specific **Object\\Object Name.**
|
||||||
|
|
||||||
- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.
|
- If you have high-value computers for which you need to monitor all changes for all or specific objects (for example, file system or registry objects), monitor for all [4670](event-4670.md) events on these computers<b>.</b> For example, you could monitor the **ntds.dit** file on domain controllers.
|
||||||
|
|||||||
Reference in New Issue
Block a user