deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 02:43:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

trying to fix conflict

Browse Source
This commit is contained in:
jaimeo
2019-08-06 10:48:58 -07:00
parent 380ee48dad 2b715331fa
commit 7c6a6677d9
642 changed files with 8994 additions and 4640 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/deployment/deploy-m365.md
View File

@ -67,7 +67,7 @@ Examples of these two deployment advisors are shown below.
## M365 Enterprise poster
[![M365 Enterprise poster](images/m365e.png)](http://aka.ms/m365eposter)
[![M365 Enterprise poster](images/m365e.png)](https://aka.ms/m365eposter)
## Related Topics

48
windows/deployment/mbr-to-gpt.md
View File

@ -399,7 +399,55 @@ DISKPART> list disk
In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
## Known issue
### MBR2GPT.exe cannot run in Windows PE
When you start a Windows 10, version 1903-based computer in the Windows Preinstallation Environment (Windows PE), you encounter the following issues:
**Issue 1** When you run the MBR2GPT.exe command, the process exits without converting the drive.
**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool.
**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a System Center Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
#### Cause
This issue occurs because in Windows 10, version 1903 and later versions, MBR2GPT.exe requires access to the ReAgent.dll file. However, this dll file and its associated libraries are currently not included in the Windows PE boot image for Windows 10, version 1903 and later.
#### Workaround
To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps:
1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
2. Copy the ReAgent files and the ReAgent localization files from the Window 10, version 1903 ADK source folder to the mounted WIM.
For example, if the ADK is installed to the default location of C:\Program Files (x86)\Windows Kits\10 and the Windows PE image is mounted to C:\WinPE_Mount, run the following commands from an elevated Command Prompt window:
**Command 1:**
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\ReAgent*.*" "C:\WinPE_Mount\Windows\System32"
```
This command copies three files:
* ReAgent.admx
* ReAgent.dll
* ReAgent.xml
**Command 2:**
```cmd
copy "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Setup\amd64\Sources\En-Us\ReAgent*.*" "C:\WinPE_Mount\Windows\System32\En-Us"
```
This command copies two files:
* ReAgent.adml
* ReAgent.dll.mui
> [!NOTE]
> If you aren't using an English version of Windows, replace "En-Us" in the path with the appropriate string that represents the system language.
3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
## Related topics

1
windows/deployment/planning/features-lifecycle.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.topic: article
---

3
windows/deployment/planning/windows-10-1709-removed-features.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
author: greg-lindsay
manager: laurawi
ms.topic: article
---
# Features that are removed or deprecated in Windows 10, version 1709
@ -42,4 +43,4 @@ For more information about a listed feature or functionality and its replacemen
|**Trusted Platform Module (TPM): TPM.msc and TPM Remote Management** <br> To be replaced by a new user interface in a future release.| | X |
|**Trusted Platform Module (TPM) Remote Management** <br>This legacy code to be removed in a future release.|| X |
|**Windows Hello for Business deployment that uses System Center Configuration Manager** <br> Windows Server 2016 Active Directory Federation Services Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience.|| X |
|**Windows PowerShell 2.0** <br> Applications and components should be migrated to PowerShell 5.0+.| | X |
|**Windows PowerShell 2.0** <br> Applications and components should be migrated to PowerShell 5.0+.| | X |

1
windows/deployment/planning/windows-10-1903-removed-features.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: plan
ms.localizationpriority: medium
ms.sitesec: library
author: greg-lindsay
manager: laurawi
ms.author: greglin
ms.topic: article
---

32
windows/deployment/update/feature-update-maintenance-window.md
View File

@ -24,13 +24,13 @@ Use the following information to deploy feature updates during a maintenance win
### Step 1: Configure maintenance windows
1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
3. On the **Home** tab, in the **Properties** group, choose **Properties**.
4. In the **Maintenance Windows** tab of the `<collection name>` Properties dialog box, choose the New icon.
5. Complete the `<new>` Schedule dialog.
6. Select from the Apply this schedule to drop-down list.
7. Choose **OK** and then close the **\<collection name\> Properties** dialog box.
1. In the Configuration Manager console, choose **Assets and Compliance> Device Collections**.
2. In the **Device Collections** list, select the collection for which you intended to deploy the feature update(s).
3. On the **Home** tab, in the **Properties** group, choose **Properties**.
4. In the **Maintenance Windows** tab of the `<collection name>` Properties dialog box, choose the New icon.
5. Complete the `<new>` Schedule dialog.
6. Select from the Apply this schedule to drop-down list.
7. Choose **OK** and then close the **\<collection name\> Properties** dialog box.
### Step 2: Review computer restart device settings
@ -172,10 +172,10 @@ Before you deploy the feature updates, you can download the content as a separat
9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click Close.
#### To monitor content status
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
3. Select the feature update package that you previously identified to download the feature updates.
4. On the **Home** tab, in the Content group, click **View Status**.
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
3. Select the feature update package that you previously identified to download the feature updates.
4. On the **Home** tab, in the Content group, click **View Status**.
### Step 3: Deploy the feature update(s)
After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
@ -250,12 +250,12 @@ After you determine which feature updates you intend to deploy, you can manually
>[!NOTE]
>Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
11. Click **Next** to deploy the feature update(s).
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
11. Click **Next** to deploy the feature update(s).
### Step 4: Monitor the deployment status
After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
2. Click the software update group or software update for which you want to monitor the deployment status.
3. On the **Home** tab, in the **Deployment** group, click **View Status**.
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
2. Click the software update group or software update for which you want to monitor the deployment status.
3. On the **Home** tab, in the **Deployment** group, click **View Status**.

18
windows/deployment/update/feature-update-user-install.md
View File

@ -150,10 +150,10 @@ Before you deploy the feature updates, you can download the content as a separat
9. On the **Completion** page, verify that the software updates were successfully downloaded, and then click **Close**.
#### To monitor content status
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
3. Select the feature update package that you previously identified to download the feature updates.
4. On the **Home** tab, in the Content group, click **View Status**.
1. To monitor the content status for the feature updates, click **Monitoring** in the Configuration Manager console.
2. In the Monitoring workspace, expand **Distribution Status**, and then click **Content Status**.
3. Select the feature update package that you previously identified to download the feature updates.
4. On the **Home** tab, in the Content group, click **View Status**.
### Step 3: Deploy the feature update(s)
After you determine which feature updates you intend to deploy, you can manually deploy the feature update(s). Use the following procedure to manually deploy the feature update(s).
@ -228,12 +228,12 @@ After you determine which feature updates you intend to deploy, you can manually
>[!NOTE]
>Clients request the content location from a management point for the software updates in a deployment. The download behavior depends upon how you have configured the distribution point, the deployment package, and the settings on this page. For more information, see [Content source location scenarios](https://docs.microsoft.com/sccm/core/plan-design/hierarchy/content-source-location-scenarios).
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
11. Click **Next** to deploy the feature update(s).
10. On the Summary page, review the settings. To save the settings to a deployment template, click **Save As Template**, enter a name and select the settings that you want to include in the template, and then click **Save**. To change a configured setting, click the associated wizard page and change the setting.
11. Click **Next** to deploy the feature update(s).
### Step 4: Monitor the deployment status
After you deploy the feature update(s), you can monitor the deployment status. Use the following procedure to monitor the deployment status:
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
2. Click the software update group or software update for which you want to monitor the deployment status.
3. On the **Home** tab, in the **Deployment** group, click **View Status**.
1. In the Configuration Manager console, navigate to **Monitoring > Overview > Deployments**.
2. Click the software update group or software update for which you want to monitor the deployment status.
3. On the **Home** tab, in the **Deployment** group, click **View Status**.

16
windows/deployment/update/update-compliance-get-started.md
View File

@ -27,16 +27,16 @@ Steps are provided in sections that follow the recommended setup process:
## Update Compliance prerequisites
Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
4. To show device names for versions of Windows 10 starting with 1803 in Windows Analytics you must opt in. For details about this, see the "AllowDeviceNameinTelemetry (in Windows 10)" entry in the table in the [Distributing policies at scale](windows-analytics-get-started.md#deploying-windows-analytics-at-scale) section of [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
5. To use the Windows Defender Status, devices must be E3-licensed and have Cloud Protection enabled. E5-licensed devices will not appear here. For E5 devices, you should use [Windows Defender ATP](https://docs.microsoft.com/sccm/protect/deploy-use/windows-defender-advanced-threat-protection) instead. For more information on Windows 10 Enterprise licensing, see [Windows 10 Enterprise: FAQ for IT Professionals](https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro).
1. Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
2. Update Compliance provides detailed deployment data for devices on the Semi-Annual Channel and the Long-term Servicing Channel. Update Compliance will show Windows Insider Preview devices, but currently will not provide detailed deployment information for them.
3. Update Compliance requires at least the Basic level of diagnostic data and a Commercial ID to be enabled on the device.
4. To show device names for versions of Windows 10 starting with 1803 in Windows Analytics you must opt in. For details about this, see the "AllowDeviceNameinTelemetry (in Windows 10)" entry in the table in the [Distributing policies at scale](windows-analytics-get-started.md#deploying-windows-analytics-at-scale) section of [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
5. To use the Windows Defender Status, devices must be E3-licensed and have Cloud Protection enabled. E5-licensed devices will not appear here. For E5 devices, you should use [Windows Defender ATP](https://docs.microsoft.com/sccm/protect/deploy-use/windows-defender-advanced-threat-protection) instead. For more information on Windows 10 Enterprise licensing, see [Windows 10 Enterprise: FAQ for IT Professionals](https://docs.microsoft.com/windows/deployment/planning/windows-10-enterprise-faq-itpro).
## Add Update Compliance to your Azure subscription
Update Compliance is offered as a solution which is linked to a new or existing [Azure Log Analytics](https://docs.microsoft.com/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
1. Sign in to the [Azure Portal](https://portal.azure.com) with your work or school account or a Microsoft account. If you don't already have an Azure subscription you can create one (including free trial options) through the portal.
> [!NOTE]
> Update Compliance is included at no additional cost with Windows 10 Professional, Education, and Enterprise editions. An Azure subscription is required for managing and using Update Compliance, but no Azure charges are expected to accrue to the subscription as a result of using Update Compliance.
@ -69,7 +69,7 @@ Update Compliance is offered as a solution which is linked to a new or existing
## Enroll devices in Windows Analytics
Once you've added Update Compliance to a workspace in your Azure subscription, you can start enrolling the devices in your organization. For Update Compliance there are two key steps for enrollment:
1. Deploy your Commercial ID (from the Update Compliance Settings page) to your Windows 10 devices (typically by using Group Policy, [Mobile Device Management](https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm), [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) or similar).
2. Ensure the Windows Diagnostic Data setting on devices is set to at least Basic (typically using Group Policy or similar). For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
1. Deploy your Commercial ID (from the Update Compliance Settings page) to your Windows 10 devices (typically by using Group Policy, [Mobile Device Management](https://docs.microsoft.com/windows/client-management/windows-10-mobile-and-mdm), [System Center Configuration Manager](https://docs.microsoft.com/sccm/core/understand/introduction) or similar).
2. Ensure the Windows Diagnostic Data setting on devices is set to at least Basic (typically using Group Policy or similar). For full enrollment instructions and troubleshooting, see [Enrolling devices in Windows Analytics](windows-analytics-get-started.md).
After enrolling your devices (by deploying your CommercialID and Windows Diagnostic Data settings), it might take 48-72 hours for the first data to appear in the solution. Until then, Update Compliance will indicate it is still assessing devices.

2
windows/deployment/update/update-compliance-wd-av-status.md
View File

@ -39,4 +39,4 @@ Because of the way Windows Defender is associated with the rest of Windows devic
## Related topics
- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)
- [Windows Defender Antivirus pre-requisites](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting#confirm-pre-requisites)

4
windows/deployment/update/waas-configure-wufb.md
View File

@ -220,7 +220,7 @@ The following are quick-reference tables of the supported policy values for Wind
| GPO Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
| BranchReadinessLevel | REG_DWORD | 2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdates | REG_DWORD | 1: defer quality updates</br>Other value or absent: dont defer quality updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
@ -234,7 +234,7 @@ The following are quick-reference tables of the supported policy values for Wind
| MDM Key | Key type | Value |
| --- | --- | --- |
| BranchReadinessLevel | REG_DWORD | 16: systems take Feature Updates for the Current Branch (CB)</br>32: systems take Feature Updates for the Current Branch for Business (CBB)</br>Note: Other value or absent: receive all applicable updates (CB) |
| BranchReadinessLevel | REG_DWORD |2: systems take Feature Updates for the Windows Insider build - Fast (added in Windows 10, version 1709)</br> 4: systems take Feature Updates for the Windows Insider build - Slow (added in Windows 10, version 1709)</br> 8: systems take Feature Updates for the Release Windows Insider build (added in Windows 10, version 1709)</br> 16: for Windows 10, version 1703: systems take Feature Updates for the Current Branch (CB); for Windows 10, version 1709, 1803 and 1809: systems take Feature Updates from Semi-annual Channel (Targeted) (SAC-T); for Windows 10, version 1903 or later: systems take Feature Updates from Semi-annual Channel </br>32: systems take Feature Updates from Semi-annual Channel </br>Note: Other value or absent: receive all applicable updates |
| DeferQualityUpdatesPeriodinDays | REG_DWORD | 0-35: defer quality updates by given days |
| PauseQualityUpdatesStartDate | REG_DWORD | 1: pause quality updates</br>Other value or absent: dont pause quality updates |
| DeferFeatureUpdatesPeriodinDays | REG_DWORD | 0-365: defer feature updates by given days |

14
windows/deployment/update/waas-delivery-optimization.md
View File

@ -136,9 +136,9 @@ If you dont see any bytes coming from peers the cause might be one of the fol
If you suspect this is the problem, try these steps:
1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3.
3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
1. Start a download of an app that is larger than 50 MB from the Store (for example "Candy Crush Saga").
2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and observe the DownloadMode setting. For peering to work, DownloadMode should be 1, 2, or 3.
3. If **DownloadMode** is 99 it could indicate your device is unable to reach the Delivery Optimization cloud services. Ensure that the Delivery Optimization hostnames are allowed access: most importantly **\*.do.dsp.mp.microsoft.com**.
@ -146,10 +146,10 @@ If you suspect this is the problem, try these steps:
If you suspect this is the problem, try these steps:
1. Download the same app on two different devices on the same network, waiting 10 15 minutes between downloads.
2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices.
3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero.
4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices arent reporting the same public IP address.
1. Download the same app on two different devices on the same network, waiting 10 15 minutes between downloads.
2. Run `Get-DeliveryOptimizationStatus` from an elevated Powershell window and ensure that **DownloadMode** is 1 or 2 on both devices.
3. Run `Get-DeliveryOptimizationPerfSnap` from an elevated Powershell window on the second device. The **NumberOfPeers** field should be non-zero.
4. If the number of peers is zero and you have **DownloadMode** = 1, ensure that both devices are using the same public IP address to reach the internet. To do this, open a browser Windows and search for “what is my IP”. You can **DownloadMode 2** (Group) and a custom GroupID (Guid) to fix this if the devices arent reporting the same public IP address.
### Clients aren't able to connect to peers offered by the cloud service

158
windows/deployment/update/waas-manage-updates-configuration-manager.md
View File

@ -46,13 +46,13 @@ For the Windows 10 servicing dashboard to display information, you must adhere t
**To configure Upgrade classification**
1. Go to Administration\Overview\Site Configuration\Sites, and then select your site from the list.
1. Go to Administration\Overview\Site Configuration\Sites, and then select your site from the list.
2. On the Ribbon, in the **Settings** section, click **Configure Site Components**, and then click **Software Update Point**.
2. On the Ribbon, in the **Settings** section, click **Configure Site Components**, and then click **Software Update Point**.
![Example of UI](images/waas-sccm-fig1.png)
3. In the **Software Update Point Component Properties** dialog box, on the **Classifications** tab, click **Upgrades**.
3. In the **Software Update Point Component Properties** dialog box, on the **Classifications** tab, click **Upgrades**.
When you have met all these requirements and deployed a servicing plan to a collection, youll receive information on the Windows 10 servicing dashboard.
@ -65,81 +65,81 @@ Regardless of the method by which you deploy Windows 10 feature updates to your
**To create collections for deployment rings**
1. In the Configuration Manager console, go to Assets and Compliance\Overview\Device Collections.
1. In the Configuration Manager console, go to Assets and Compliance\Overview\Device Collections.
2. On the Ribbon, in the **Create** group, click **Create Device Collection**.
2. On the Ribbon, in the **Create** group, click **Create Device Collection**.
3. In the Create Device Collection Wizard, in the **name** box, type **Windows 10 All Current Branch for Business**.
3. In the Create Device Collection Wizard, in the **name** box, type **Windows 10 All Current Branch for Business**.
4. Click **Browse** to select the limiting collection, and then click **All Systems**.
4. Click **Browse** to select the limiting collection, and then click **All Systems**.
5. In **Membership rules**, click **Add Rule**, and then click **Query Rule**.
5. In **Membership rules**, click **Add Rule**, and then click **Query Rule**.
6. Name the rule **CBB Detection**, and then click **Edit Query Statement**.
6. Name the rule **CBB Detection**, and then click **Edit Query Statement**.
7. On the **Criteria** tab, click the **New** icon.
7. On the **Criteria** tab, click the **New** icon.
![Example of UI](images/waas-sccm-fig4.png)
8. In the **Criterion Properties** dialog box, leave the type as **Simple Value**, and then click **Select**.
8. In the **Criterion Properties** dialog box, leave the type as **Simple Value**, and then click **Select**.
9. In the **Select Attribute** dialog box, from the **Attribute class** list, select **System Resource**. From the **Attribute** list, select **OSBranch**, and then click **OK**.
9. In the **Select Attribute** dialog box, from the **Attribute class** list, select **System Resource**. From the **Attribute** list, select **OSBranch**, and then click **OK**.
![Example of UI](images/waas-sccm-fig5.png)
>[!NOTE]
>Configuration Manager discovers clients servicing branch and stores that value in the **OSBranch** attribute, which you will use to create collections based on servicing branch. The values in this attribute can be **0 (Current Branch)**, **1 (Current Branch for Business)**, or **2 (Long-Term Servicing Branch)**.
10. Leave **Operator** set to **is equal to**; in the **Value** box, type **1**. Click **OK**.
10. Leave **Operator** set to **is equal to**; in the **Value** box, type **1**. Click **OK**.
![Example of UI](images/waas-sccm-fig6.png)
11. Now that the **OSBranch** attribute is correct, verify the operating system version.
11. Now that the **OSBranch** attribute is correct, verify the operating system version.
12. On the **Criteria** tab, click the **New** icon again to add criteria.
12. On the **Criteria** tab, click the **New** icon again to add criteria.
13. In the **Criterion Properties** dialog box, click **Select**.
13. In the **Criterion Properties** dialog box, click **Select**.
14. From the **Attribute class** list, select **System Resource**. From the **Attribute** list, select **Operating System Name and Version**, and then click **OK**.
14. From the **Attribute class** list, select **System Resource**. From the **Attribute** list, select **Operating System Name and Version**, and then click **OK**.
![Example of UI](images/waas-sccm-fig7.png)
15. In the **Value** box, type **Microsoft Windows NT Workstation 10.0**, and then click **OK**.
15. In the **Value** box, type **Microsoft Windows NT Workstation 10.0**, and then click **OK**.
![Example of UI](images/waas-sccm-fig8.png)
16. In the **Query Statement Properties** dialog box, you see two values. Click **OK**, and then click **OK** again to continue to the Create Device Collection Wizard.
16. In the **Query Statement Properties** dialog box, you see two values. Click **OK**, and then click **OK** again to continue to the Create Device Collection Wizard.
17. Click **Summary**, and then click **Next**.
17. Click **Summary**, and then click **Next**.
18. Close the wizard.
18. Close the wizard.
>[!IMPORTANT]
>Windows Insider PCs are discovered the same way as CB or CBB devices. If you have Windows Insider PCs that you use Configuration Manager to manage, then you should create a collection of those PCs and exclude them from this collection. You can create the membership for the Windows Insider collection either manually or by using a query where the operating system build doesnt equal any of the current CB or CBB build numbers. You would have to update each periodically to include new devices or new operating system builds.
After you have updated the membership, this new collection will contain all managed clients on the CBB servicing branch. You will use this collection as a limiting collection for future CBB-based collections and the **Ring 4 Broad broad business users** collection. Complete the following steps to create the **Ring 4 Broad business users** device collection, which youll use as a CBB deployment ring for servicing plans or task sequences.
1. In the Configuration Manager console, go to Assets and Compliance\Overview\Device Collections.
1. In the Configuration Manager console, go to Assets and Compliance\Overview\Device Collections.
2. On the Ribbon, in the **Create** group, click **Create Device Collection**.
2. On the Ribbon, in the **Create** group, click **Create Device Collection**.
3. In the Create Device Collection Wizard, in the **name** box, type **Ring 4 Broad business users**.
3. In the Create Device Collection Wizard, in the **name** box, type **Ring 4 Broad business users**.
4. Click **Browse** to select the limiting collection, and then click **Windows 10 All Current Branch for Business**.
4. Click **Browse** to select the limiting collection, and then click **Windows 10 All Current Branch for Business**.
5. In **Membership rules**, click **Add Rule**, and then click **Direct Rule**.
5. In **Membership rules**, click **Add Rule**, and then click **Direct Rule**.
6. In the **Create Direct Membership Rule Wizard** dialog box, click **Next**.
6. In the **Create Direct Membership Rule Wizard** dialog box, click **Next**.
7. In the **Value** field, type all or part of the name of a device to add, and then click **Next**.
7. In the **Value** field, type all or part of the name of a device to add, and then click **Next**.
8. Select the computer that will be part of the **Ring 4 Broad business users** deployment ring, and then click **Next**.
8. Select the computer that will be part of the **Ring 4 Broad business users** deployment ring, and then click **Next**.
9. Click **Next**, and then click **Close**.
9. Click **Next**, and then click **Close**.
10. In the **Create Device Collection Wizard** dialog box, click **Summary**.
10. In the **Create Device Collection Wizard** dialog box, click **Summary**.
11. Click **Next**, and then click **Close**.
11. Click **Next**, and then click **Close**.
## Use Windows 10 servicing plans to deploy Windows 10 feature updates
@ -148,13 +148,13 @@ There are two ways to deploy Windows 10 feature updates with System Center Confi
**To configure Windows feature updates for CBB clients in the Ring 4 Broad business users deployment ring using a servicing plan**
1. In the Configuration Manager console, go to Software Library\Overview\Windows 10 Servicing, and then click **Servicing Plans**.
1. In the Configuration Manager console, go to Software Library\Overview\Windows 10 Servicing, and then click **Servicing Plans**.
2. On the Ribbon, in the **Create** group, click **Create Servicing Plan**.
2. On the Ribbon, in the **Create** group, click **Create Servicing Plan**.
3. Name the plan **Ring 4 Broad business users Servicing Plan**, and then click **Next**.
3. Name the plan **Ring 4 Broad business users Servicing Plan**, and then click **Next**.
4. On the **Servicing Plan page**, click **Browse**. Select the **Ring 4 Broad business users** collection, which you created in the [Create collections for deployment rings](#create-collections-for-deployment-rings) section, click **OK**, and then click **Next**.
4. On the **Servicing Plan page**, click **Browse**. Select the **Ring 4 Broad business users** collection, which you created in the [Create collections for deployment rings](#create-collections-for-deployment-rings) section, click **OK**, and then click **Next**.
>[!IMPORTANT]
>Microsoft added a new protection feature to Configuration Manager that prevents accidental installation of high-risk deployments such as operating system upgrades on site systems. If you select a collection (All Systems in this example) that has a site system in it, you may receive the following message.
@ -163,33 +163,33 @@ There are two ways to deploy Windows 10 feature updates with System Center Confi
>
>For details about how to manage the settings for high-risk deployments in Configuration Manager, see [Settings to manage high-risk deployments for System Center Configuration Manager](https://technet.microsoft.com/library/mt621992.aspx).
5. On the **Deployment Ring** page, select the **Business Ready (Current Branch for Business)** readiness state, leave the delay at **0 days**, and then click **Next**.
5. On the **Deployment Ring** page, select the **Business Ready (Current Branch for Business)** readiness state, leave the delay at **0 days**, and then click **Next**.
Doing so deploys CBB feature updates to the broad business users deployment ring immediately after they are released to CBB.
On the Upgrades page, you specify filters for the feature updates to which this servicing plan is applicable. For example, if you wanted this plan to be only for Windows 10 Enterprise, you could select **Title**, and then type **Enterprise**.
6. For this example, on the **Upgrades** page, click **Next** to leave the criterion blank.
6. For this example, on the **Upgrades** page, click **Next** to leave the criterion blank.
7. On the **Deployment Schedule** page, click **Next** to keep the default values of making the content available immediately and requiring installation by the 7-day deadline.
7. On the **Deployment Schedule** page, click **Next** to keep the default values of making the content available immediately and requiring installation by the 7-day deadline.
8. On the **User Experience** page, from the **Deadline behavior** list, select **Software Installation and System restart (if necessary)**. From the **Device restart behavior** list, select **Workstations**, and then click **Next**.
8. On the **User Experience** page, from the **Deadline behavior** list, select **Software Installation and System restart (if necessary)**. From the **Device restart behavior** list, select **Workstations**, and then click **Next**.
Doing so allows installation and restarts after the 7-day deadline on workstations only.
9. On the **Deployment Package** page, select **Create a new deployment package**. In **Name**, type **CBB Upgrades**, select a share for your package source location, and then click **Next**.
9. On the **Deployment Package** page, select **Create a new deployment package**. In **Name**, type **CBB Upgrades**, select a share for your package source location, and then click **Next**.
In this example, \\contoso-cm01\Sources\Windows 10 Feature Upgrades is a share on the Configuration Manager server that contains all the Windows 10 feature updates.
![Example of UI](images/waas-sccm-fig10.png)
10. On the **Distribution Points** page, from the **Add** list, select **Distribution Point**.
10. On the **Distribution Points** page, from the **Add** list, select **Distribution Point**.
![Example of UI](images/waas-sccm-fig11.png)
Select the distribution points that serve the clients to which youre deploying this servicing plan, and then click **OK**.
11. Click **Summary**, click **Next** to complete the servicing plan, and then click **Close**.
11. Click **Summary**, click **Next** to complete the servicing plan, and then click **Close**.
You have now created a servicing plan for the **Ring 4 Broad business users** deployment ring. By default, this rule is evaluated each time the software update point is synchronized, but you can modify this schedule by viewing the service plans properties on the **Evaluation Schedule** tab.
@ -206,62 +206,62 @@ There are times when deploying a Windows 10 feature update requires the use of a
Each time Microsoft releases a new Windows 10 build, it releases a new .iso file containing the latest build, as well. Regardless of the scenario that requires a task sequence to deploy the Windows 10 upgrade, the base process is the same. Start by creating an Operating System Upgrade Package in the Configuration Manager console:
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Operating System Upgrade Packages.
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Operating System Upgrade Packages.
2. On the Ribbon, in the **Create** group, click **Add Operating System Upgrade Package**.
2. On the Ribbon, in the **Create** group, click **Add Operating System Upgrade Package**.
3. On the **Data Source** page, type the path of the extracted .iso file of the new version of Windows 10 youre deploying, and then click **Next**.
3. On the **Data Source** page, type the path of the extracted .iso file of the new version of Windows 10 youre deploying, and then click **Next**.
In this example, the Windows 10 Enterprise 1607 installation media is deployed to \\contoso-cm01\Sources\Operating Systems\Windows 10 Enterprise\Windows 10 Enterprise - Version 1607.
>[!NOTE]
>System Center Configuration Manager version 1606 is required to manage machines running Windows 10, version 1607.
4. On the **General** page, in the **Name** field, type the name of the folder (**Windows 10 Enterprise - Version 1607** in this example). Set the **Version** to **1607**, and then click **Next**.
4. On the **General** page, in the **Name** field, type the name of the folder (**Windows 10 Enterprise - Version 1607** in this example). Set the **Version** to **1607**, and then click **Next**.
5. On the **Summary** page, click **Next** to create the package.
5. On the **Summary** page, click **Next** to create the package.
6. On the **Completion** page, click **Close**.
6. On the **Completion** page, click **Close**.
Now that the operating system upgrade package has been created, the content in that package must be distributed to the correct distribution points so that the clients can access the content. Complete the following steps to distribute the package content to distribution points:
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Operating System Upgrade Packages, and then select the **Windows 10 Enterprise Version 1607** software upgrade package.
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Operating System Upgrade Packages, and then select the **Windows 10 Enterprise Version 1607** software upgrade package.
2. On the Ribbon, in the **Deployment group**, click **Distribute Content**.
2. On the Ribbon, in the **Deployment group**, click **Distribute Content**.
3. In the Distribute Content Wizard, on the **General** page, click **Next**.
3. In the Distribute Content Wizard, on the **General** page, click **Next**.
4. On the **Content Destination** page, click **Add**, and then click **Distribution Point**.
4. On the **Content Destination** page, click **Add**, and then click **Distribution Point**.
5. In the **Add Distribution Points** dialog box, select the distribution point that will serve the clients receiving this package, and then click **OK**.
5. In the **Add Distribution Points** dialog box, select the distribution point that will serve the clients receiving this package, and then click **OK**.
6. On the **Content Destination** page, click **Next**.
6. On the **Content Destination** page, click **Next**.
7. On the **Summary** page, click **Next** to distribute the content to the selected distribution point.
7. On the **Summary** page, click **Next** to distribute the content to the selected distribution point.
8. On the **Completion** page, click **Close**.
8. On the **Completion** page, click **Close**.
Now that the upgrade package has been created and its contents distributed, create the task sequence that will use it. Complete the following steps to create the task sequence, using the previously created deployment package:
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Task Sequences.
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Task Sequences.
2. On the Ribbon, in the **Create** group, click **Create Task Sequence**.
2. On the Ribbon, in the **Create** group, click **Create Task Sequence**.
3. In the Create Task Sequence Wizard, on the **Create a new task sequence** page, select **Upgrade an operating system from upgrade package**, and then click **Next**.
3. In the Create Task Sequence Wizard, on the **Create a new task sequence** page, select **Upgrade an operating system from upgrade package**, and then click **Next**.
4. On the **Task Sequence Information** page, in **Task sequence name**, type **Upgrade Windows 10 Enterprise Version 1607**, and then click **Next**.
4. On the **Task Sequence Information** page, in **Task sequence name**, type **Upgrade Windows 10 Enterprise Version 1607**, and then click **Next**.
5. On the **Upgrade the Windows Operating system** page, click **Browse**, select the deployment package you created in the previous steps, and then click **OK**.
5. On the **Upgrade the Windows Operating system** page, click **Browse**, select the deployment package you created in the previous steps, and then click **OK**.
6. Click **Next**.
6. Click **Next**.
7. On the **Include Updates** page, select **Available for installation All software updates**, and then click **Next**.
7. On the **Include Updates** page, select **Available for installation All software updates**, and then click **Next**.
8. On the **Install Applications** page, click **Next**.
8. On the **Install Applications** page, click **Next**.
9. On the **Summary** page, click **Next** to create the task sequence.
9. On the **Summary** page, click **Next** to create the task sequence.
10. On the **Completion** page, click **Close**.
10. On the **Completion** page, click **Close**.
With the task sequence created, youre ready to deploy it. If youre using this method to deploy most of your Windows 10 feature updates, you may want to create deployment rings to stage the deployment of this task sequence, with delays appropriate for the respective deployment ring. In this example, you deploy the task sequence to the **Ring 4 Broad business users collection**.
@ -270,29 +270,29 @@ With the task sequence created, youre ready to deploy it. If youre using t
**To deploy your task sequence**
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Task Sequences, and then select the **Upgrade Windows 10 Enterprise Version 1607** task sequence.
1. In the Configuration Manager console, go to Software Library\Overview\Operating Systems\Task Sequences, and then select the **Upgrade Windows 10 Enterprise Version 1607** task sequence.
2. On the Ribbon, in the **Deployment** group, click **Deploy**.
2. On the Ribbon, in the **Deployment** group, click **Deploy**.
3. In the Deploy Software Wizard, on the **General** page, click **Browse**. Select the target collection, click **OK**, and then click **Next**.
3. In the Deploy Software Wizard, on the **General** page, click **Browse**. Select the target collection, click **OK**, and then click **Next**.
4. On the **Deployment Settings** page, for **purpose**, select **Required**, and then click **Next**.
4. On the **Deployment Settings** page, for **purpose**, select **Required**, and then click **Next**.
5. On the **Scheduling** page, select the **Schedule when this deployment will become available** check box (it sets the current time by default). For **Assignment schedule**, click **New**.
5. On the **Scheduling** page, select the **Schedule when this deployment will become available** check box (it sets the current time by default). For **Assignment schedule**, click **New**.
6. In the **Assignment Schedule** dialog box, click **Schedule**.
6. In the **Assignment Schedule** dialog box, click **Schedule**.
7. In the **Custom Schedule** dialog box, select the desired deadline, and then click **OK**.
7. In the **Custom Schedule** dialog box, select the desired deadline, and then click **OK**.
8. In the **Assignment Schedule** dialog box, click **OK**, and then click **Next**.
8. In the **Assignment Schedule** dialog box, click **OK**, and then click **Next**.
9. On the **User Experience** page, in the **When the scheduled assignment time is reached, allow the following activities to be performed outside of the maintenance window** section, select **Software Installation** and **System restart** (if required to complete the installation), and then click **Next**.
9. On the **User Experience** page, in the **When the scheduled assignment time is reached, allow the following activities to be performed outside of the maintenance window** section, select **Software Installation** and **System restart** (if required to complete the installation), and then click **Next**.
10. Use the defaults for the remaining settings.
10. Use the defaults for the remaining settings.
11. Click **Summary**, and then click **Next** to deploy the task sequence.
11. Click **Summary**, and then click **Next** to deploy the task sequence.
12. Click **Close**.
12. Click **Close**.
## Steps to manage updates for Windows 10

88
windows/deployment/update/waas-manage-updates-wsus.md
View File

@ -50,11 +50,11 @@ With Windows 10, quality updates will be larger than traditional Windows Updates
**To configure WSUS to download Express Update Files**
1. Open the WSUS Administration Console.
1. Open the WSUS Administration Console.
2. In the navigation pane, go to *Your_Server*\\**Options**.
2. In the navigation pane, go to *Your_Server*\\**Options**.
3. In the **Options** section, click **Update Files and Languages**.
3. In the **Options** section, click **Update Files and Languages**.
![Example of UI](images/waas-wsus-fig1.png)
@ -126,15 +126,15 @@ You can use computer groups to target a subset of devices that have specific qua
**To create computer groups in the WSUS Administration Console**
1. Open the WSUS Administration Console.
1. Open the WSUS Administration Console.
2. Go to *Server_Name*\Computers\All Computers, and then click **Add Computer Group**.
2. Go to *Server_Name*\Computers\All Computers, and then click **Add Computer Group**.
![Example of UI](images/waas-wsus-fig7.png)
3. Type **Ring 2 Pilot Business Users** for the name, and then click **Add**.
4. Repeat these steps for the **Ring 3 Broad IT** and **Ring 4 Broad Business Users** groups. When youre finished, there should be three deployment ring groups.
4. Repeat these steps for the **Ring 3 Broad IT** and **Ring 4 Broad Business Users** groups. When youre finished, there should be three deployment ring groups.
Now that the groups have been created, add the computers to the computer groups that align with the desired deployment rings. You can do this through [Group Policy](#wsus-gp) or manually by using the [WSUS Administration Console](#wsus-admin).
@ -151,15 +151,15 @@ When new computers communicate with WSUS, they appear in the **Unassigned Comput
**To assign computers manually**
1. In the WSUS Administration Console, go to *Server_Name*\Computers\All Computers\Unassigned Computers.
1. In the WSUS Administration Console, go to *Server_Name*\Computers\All Computers\Unassigned Computers.
Here, you see the new computers that have received the GPO you created in the previous section and started communicating with WSUS. This example has only two computers; depending on how broadly you deployed your policy, you will likely have many computers here.
2. Select both computers, right-click the selection, and then click **Change Membership**.
2. Select both computers, right-click the selection, and then click **Change Membership**.
![Example of UI](images/waas-wsus-fig8.png)
3. In the **Set Computer Group Membership** dialog box, select the **Ring 2 Pilot Business Users** deployment ring, and then click **OK**.
3. In the **Set Computer Group Membership** dialog box, select the **Ring 2 Pilot Business Users** deployment ring, and then click **OK**.
Because they were assigned to a group, the computers are no longer in the **Unassigned Computers** group. If you select the **Ring 2 Pilot Business Users** computer group, you will see both computers there.
@ -177,7 +177,7 @@ Another way to add multiple computers to a deployment ring in the WSUS Administr
![Example of UI](images/waas-wsus-fig9.png)
4. Select the **Ring 3 Broad IT** deployment ring, and then click **OK**.
4. Select the **Ring 3 Broad IT** deployment ring, and then click **OK**.
You can now see these computers in the **Ring 3 Broad IT** computer group.
@ -189,11 +189,11 @@ The WSUS Administration Console provides a friendly interface from which you can
**To configure WSUS to allow client-side targeting from Group Policy**
1. Open the WSUS Administration Console, and go to *Server_Name*\Options, and then click **Computers**.
1. Open the WSUS Administration Console, and go to *Server_Name*\Options, and then click **Computers**.
![Example of UI](images/waas-wsus-fig10.png)
2. In the **Computers** dialog box, select **Use Group Policy or registry settings on computers**, and then click **OK**.
2. In the **Computers** dialog box, select **Use Group Policy or registry settings on computers**, and then click **OK**.
>[!NOTE]
>This option is exclusively either-or. When you enable WSUS to use Group Policy for group assignment, you can no longer manually add computers through the WSUS Administration Console until you change the option back.
@ -205,39 +205,39 @@ Now that WSUS is ready for client-side targeting, complete the following steps t
>[!TIP]
>When using client-side targeting, consider giving security groups the same names as your deployment rings. Doing so simplifies the policy-creation process and helps ensure that you dont add computers to the incorrect rings.
1. Open GPMC.
1. Open GPMC.
2. Expand Forest\Domains\\*Your_Domain*.
2. Expand Forest\Domains\\*Your_Domain*.
3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
3. Right-click *Your_Domain*, and then click **Create a GPO in this domain, and Link it here**.
4. In the **New GPO** dialog box, type **WSUS Client Targeting Ring 4 Broad Business Users** for the name of the new GPO.
4. In the **New GPO** dialog box, type **WSUS Client Targeting Ring 4 Broad Business Users** for the name of the new GPO.
5. Right-click the **WSUS Client Targeting Ring 4 Broad Business Users** GPO, and then click **Edit**.
5. Right-click the **WSUS Client Targeting Ring 4 Broad Business Users** GPO, and then click **Edit**.
![Example of UI](images/waas-wsus-fig11.png)
6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
6. In the Group Policy Management Editor, go to Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Update.
7. Right-click **Enable client-side targeting**, and then click **Edit**.
7. Right-click **Enable client-side targeting**, and then click **Edit**.
8. In the **Enable client-side targeting** dialog box, select **Enable**.
8. In the **Enable client-side targeting** dialog box, select **Enable**.
9. In the **Target group name for this computer** box, type **Ring 4 Broad Business Users**. This is the name of the deployment ring in WSUS to which these computers will be added.
9. In the **Target group name for this computer** box, type **Ring 4 Broad Business Users**. This is the name of the deployment ring in WSUS to which these computers will be added.
![Example of UI](images/waas-wsus-fig12.png)
10. Close the Group Policy Management Editor.
10. Close the Group Policy Management Editor.
Now youre ready to deploy this GPO to the correct computer security group for the **Ring 4 Broad Business Users** deployment ring.
**To scope the GPO to a group**
1. In GPMC, select the **WSUS Client Targeting Ring 4 Broad Business Users** policy.
1. In GPMC, select the **WSUS Client Targeting Ring 4 Broad Business Users** policy.
2. Click the **Scope** tab.
2. Click the **Scope** tab.
3. Under **Security Filtering**, remove the default **AUTHENTICATED USERS** security group, and then add the **Ring 4 Broad Business Users** group.
3. Under **Security Filtering**, remove the default **AUTHENTICATED USERS** security group, and then add the **Ring 4 Broad Business Users** group.
![Example of UI](images/waas-wsus-fig13.png)
@ -252,29 +252,29 @@ For clients that should have their feature updates approved as soon as theyre
**To configure an Automatic Approval rule for Windows 10 feature updates and approve them for the Ring 3 Broad IT deployment ring**
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Options, and then select **Automatic Approvals**.
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Options, and then select **Automatic Approvals**.
2. On the **Update Rules** tab, click **New Rule**.
2. On the **Update Rules** tab, click **New Rule**.
3. In the **Add Rule** dialog box, select the **When an update is in a specific classification**, **When an update is in a specific product**, and **Set a deadline for the approval** check boxes.
3. In the **Add Rule** dialog box, select the **When an update is in a specific classification**, **When an update is in a specific product**, and **Set a deadline for the approval** check boxes.
![Example of UI](images/waas-wsus-fig14.png)
4. In the **Edit the properties** area, select **any classification**. Clear everything except **Upgrades**, and then click **OK**.
4. In the **Edit the properties** area, select **any classification**. Clear everything except **Upgrades**, and then click **OK**.
5. In the **Edit the properties area**, click the **any product** link. Clear all check boxes except **Windows 10**, and then click **OK**.
5. In the **Edit the properties area**, click the **any product** link. Clear all check boxes except **Windows 10**, and then click **OK**.
Windows 10 is under All Products\Microsoft\Windows.
6. In the **Edit the properties** area, click the **all computers** link. Clear all the computer group check boxes except **Ring 3 Broad IT**, and then click **OK**.
6. In the **Edit the properties** area, click the **all computers** link. Clear all the computer group check boxes except **Ring 3 Broad IT**, and then click **OK**.
7. Leave the deadline set for **7 days after the approval at 3:00 AM**.
7. Leave the deadline set for **7 days after the approval at 3:00 AM**.
8. In the **Step 3: Specify a name** box, type **Windows 10 Upgrade Auto-approval for Ring 3 Broad IT**, and then click **OK**.
8. In the **Step 3: Specify a name** box, type **Windows 10 Upgrade Auto-approval for Ring 3 Broad IT**, and then click **OK**.
![Example of UI](images/waas-wsus-fig15.png)
9. In the **Automatic Approvals** dialog box, click **OK**.
9. In the **Automatic Approvals** dialog box, click **OK**.
>[!NOTE]
>WSUS does not honor any existing month/week/day deferral settings for CB or CBB. That said, if youre using Windows Update for Business for a computer for which WSUS is also managing updates, when WSUS approves the update, it will be installed on the computer regardless of whether you configured Group Policy to wait.
@ -289,41 +289,41 @@ You can manually approve updates and set deadlines for installation within the W
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates. In the **Action** pane, click **New Update View**.
2. In the **Add Update View** dialog box, select **Updates are in a specific classification** and **Updates are for a specific product**.
2. In the **Add Update View** dialog box, select **Updates are in a specific classification** and **Updates are for a specific product**.
3. Under **Step 2: Edit the properties**, click **any classification**. Clear all check boxes except **Upgrades**, and then click **OK**.
3. Under **Step 2: Edit the properties**, click **any classification**. Clear all check boxes except **Upgrades**, and then click **OK**.
4. Under **Step 2: Edit the properties**, click **any product**. Clear all check boxes except **Windows 10**, and then click **OK**.
4. Under **Step 2: Edit the properties**, click **any product**. Clear all check boxes except **Windows 10**, and then click **OK**.
Windows 10 is under All Products\Microsoft\Windows.
5. In the **Step 3: Specify a name** box, type **All Windows 10 Upgrades**, and then click **OK**.
5. In the **Step 3: Specify a name** box, type **All Windows 10 Upgrades**, and then click **OK**.
![Example of UI](images/waas-wsus-fig16.png)
Now that you have the All Windows 10 Upgrades view, complete the following steps to manually approve an update for the **Ring 4 Broad Business Users** deployment ring:
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates\All Windows 10 Upgrades.
1. In the WSUS Administration Console, go to Update Services\\*Server_Name*\Updates\All Windows 10 Upgrades.
2. Right-click the feature update you want to deploy, and then click **Approve**.
2. Right-click the feature update you want to deploy, and then click **Approve**.
![Example of UI](images/waas-wsus-fig17.png)
3. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, select **Approved for Install**.
3. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, select **Approved for Install**.
![Example of UI](images/waas-wsus-fig18.png)
4. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, click **Deadline**, click **One Week**, and then click **OK**.
4. In the **Approve Updates** dialog box, from the **Ring 4 Broad Business Users** list, click **Deadline**, click **One Week**, and then click **OK**.
![Example of UI](images/waas-wsus-fig19.png)
5. If the **Microsoft Software License Terms** dialog box opens, click **Accept**.
5. If the **Microsoft Software License Terms** dialog box opens, click **Accept**.
If the deployment is successful, you should receive a successful progress report.
![Example of UI](images/waas-wsus-fig20.png)
6. In the **Approval Progress** dialog box, click **Close**.
6. In the **Approval Progress** dialog box, click **Close**.
</br>

2
windows/deployment/update/waas-morenews.md
View File

@ -16,6 +16,8 @@ ms.topic: article
Here's more news about [Windows as a service](windows-as-a-service.md):
<ul>
<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-version-1809-designated-for-broad-deployment/ba-p/389540">Windows 10, version 1809 designated for broad deployment</a> - March 28, 2019</li>
<li><a href="https://blogs.windows.com/windowsexperience/2019/03/06/data-insights-and-listening-to-improve-the-customer-experience">Data, insights and listening to improve the customer experience</a> - March 6, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Getting-to-know-the-Windows-update-history-pages/ba-p/355079">Getting to know the Windows update history pages</a> - February 21, 2019</li>

6
windows/deployment/update/waas-wu-settings.md
View File

@ -173,7 +173,7 @@ If this setting is set to *Not Configured*, an administrator can still configure
#### Configuring Automatic Updates by editing the registry
> ![Note]
> [!NOTE]
> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require you to reinstall the operating system. Microsoft cannot guarantee that these problems can be resolved. Modify the registry at your own risk.
In an environment that does not have Active Directory deployed, you can edit registry settings to configure group policies for Automatic Update.
@ -224,14 +224,14 @@ To do this, follow these steps:
**m**, where **m** equals the time period to wait between the time Automatic Updates starts and the time that it begins installations where the scheduled times have passed. The time is set in minutes from 1 to 60, representing 1 minute to 60 minutes)
> ![Note]
> [!NOTE]
> This setting only affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
* NoAutoRebootWithLoggedOnUsers (REG_DWORD):
**0** (false) or **1** (true). If set to **1**, Automatic Updates does not automatically restart a computer while users are logged on.
> ![Note]
> [!NOTE]
> This setting affects client behavior after the clients have updated to the SUS SP1 client version or later versions.
To use Automatic Updates with a server that is running Software Update Services, see the Deploying Microsoft Windows Server Update Services 2.0 guidance.

2
windows/deployment/update/windows-analytics-get-started.md
View File

@ -141,7 +141,7 @@ You can use the Upgrade Readiness deployment script to automate and verify your
See the [Upgrade Readiness deployment script](../upgrade/upgrade-readiness-deployment-script.md) topic for information about obtaining and running the script, and for a description of the error codes that can be displayed. See ["Understanding connectivity scenarios and the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/03/10/understanding-connectivity-scenarios-and-the-deployment-script/) on the Windows Analytics blog for a summary of setting the ClientProxy for the script, which will enable the script properly check for diagnostic data endpoint connectivity.
After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics in about 1-2 weeks after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
After data is sent from devices to Microsoft, it generally takes 48-56 hours for the data to populate in Windows Analytics. The compatibility update takes several minutes to run. If the update does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Windows Analytics. For this reason, you can expect most of your devices to be populated in Windows Analytics within 1-2 days after deploying the update and configuration to user computers. As described in the Windows Analytics blog post ["You can now check on the status of your computers within hours of running the deployment script"](https://blogs.technet.microsoft.com/upgradeanalytics/2017/05/12/wheres-my-data/), you can verify that devices have successfully connected to the service within a few hours. Most of those devices should start to show up in the Windows Analytics console within a few days.
## Deploy additional optional settings

12
windows/deployment/update/windows-analytics-privacy.md
View File

@ -30,12 +30,12 @@ The following illustration shows how diagnostic data flows from individual devic
The data flow sequence is as follows:
1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
1. Diagnostic data is sent from devices to the Microsoft Diagnostic Data Management service, which is hosted in the US.
2. An IT administrator creates an Azure Log Analytics workspace. The administrator chooses the location, copies the Commercial ID (which identifies that workspace), and then pushes Commercial ID to devices they want to monitor. This is the mechanism that specifies which devices appear in which workspaces.
3. Each day Microsoft produces a "snapshot" of IT-focused insights for each workspace in the Diagnostic Data Management service.
4. These snapshots are copied to transient storage which is used only by Windows Analytics (also hosted in US data centers) where they are segregated by Commercial ID.
5. The snapshots are then copied to the appropriate Azure Log Analytics workspace.
6. If the IT administrator is using the Upgrade Readiness solution, user input from the IT administrator (specifically, the target operating system release and the importance and upgrade readiness per app) is stored in the Windows Analytics Azure Storage. (Upgrade Readiness is the only Windows Analytics solution that takes such user input.)
See these topics for additional background information about related privacy issues:

12
windows/deployment/update/windows-as-a-service.md
View File

@ -27,13 +27,13 @@ Everyone wins when transparency is a top priority. We want you to know when upda
The latest news:
<ul compact style="list-style: none">
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Upgrading-Windows-10-devices-with-installation-media-different/ba-p/746126">Upgrading Windows 10 devices with installation media different than the original OS install language</a> - July 9, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Moving-to-the-next-Windows-10-feature-update-for-commercial/ba-p/732968">Moving to the next Windows 10 feature update for commercial customers</a> - July 1, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Updating-Windows-10-version-1903-using-Configuration-Manager-or/ba-p/639100">Updating Windows 10, version 1903 using Configuration Manager or WSUS</a> - May 23, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-in-Windows-Update-for-Business-in-Windows-10-version/ba-p/622064">Whats new in Windows Update for Business in Windows 10, version 1903</a> - May 21, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/What-s-new-for-IT-pros-in-Windows-10-version-1903/ba-p/622024">Whats new for IT pros in Windows 10, version 1903</a> - May 21, 2019</li>
<li><a href="https://blogs.windows.com/windowsexperience/2019/05/21/how-to-get-the-windows-10-may-2019-update">How to get the Windows 10 May 2019 Update</a> - May 21, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
<li><a href="https://blogs.windows.com/windowsexperience/2019/04/04/improving-the-windows-10-update-experience-with-control-quality-and-transparency">Improving the Windows 10 update experience with control, quality and transparency</a> - April 4, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Call-to-action-review-your-Windows-Update-for-Business-deferral/ba-p/394244">Call to action: review your Windows Update for Business deferral values</a> - April 3, 2019</li>
<li><a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/The-benefits-of-Windows-10-Dynamic-Update/ba-p/467847">The benefits of Windows 10 Dynamic Update</a> - April 17, 2019</li>
</ul>
[See more news](waas-morenews.md). You can also check out the [Windows 10 blog](https://techcommunity.microsoft.com/t5/Windows-10-Blog/bg-p/Windows10Blog).
@ -43,7 +43,11 @@ Written by IT pros for IT pros, sharing real world examples and scenarios for Wi
<img src="images/champs-2.png" alt="" width="640" height="320">
<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622">**NEW** Deployment rings: The hidden [strategic] gem of Windows as a service</a>
<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Tactical-considerations-for-creating-Windows-deployment-rings/ba-p/746979">**NEW** Tactical considerations for creating Windows deployment rings</a>
<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-Enterprise-vs-Windows-10-Pro-Modern-management/ba-p/720445">**NEW** Windows 10 Enterprise vs. Windows 10 Pro: Modern management considerations for your organization</a>
<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Deployment-rings-The-hidden-strategic-gem-of-Windows-as-a/ba-p/659622">Deployment rings: The hidden [strategic] gem of Windows as a service</a>
<a href="https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Classifying-Windows-updates-in-common-deployment-tools/ba-p/331175">Classifying Windows updates in common deployment tools</a>

2
windows/deployment/update/windows-update-troubleshooting.md
View File

@ -138,7 +138,7 @@ Or
DownloadManager [0]12F4.1FE8::09/29/2017-13:45:08.530 [agent]DO job {C6E2F6DC-5B78-4608-B6F1-0678C23614BD} hit a transient error, updateId = 5537BD35-BB74-40B2-A8C3-B696D3C97CBA.201 <NULL>, error = 0x80D0000A
```
Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information , see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337\(v=ws.10\)) or [Windows Update stuck at 0 percent on Windows 10 or Windows Server 2016](https://support.microsoft.com/help/4039473/windows-update-stuck-at-0-percent-on-windows-10-and-windows-server-201).
Go to Services.msc and ensure that Windows Firewall Service is enabled. Stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft. For more information, see [I need to disable Windows Firewall](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc766337(v=ws.10)).
## Issues arising from configuration of conflicting policies
Windows Update provides a wide range configuration policies to control the behavior of WU service in a managed environment. While these policies let you configure the settings at a granular level, misconfiguration or setting conflicting polices may lead to unexpected behaviors.

2
windows/deployment/upgrade/manage-windows-upgrades-with-upgrade-readiness.md
View File

@ -44,4 +44,4 @@ The Upgrade Readiness workflow steps you through the discovery and rationalizati
[Upgrade Readiness requirements](upgrade-readiness-requirements.md)<br>
[Upgrade Readiness release notes](upgrade-readiness-requirements.md#important-information-about-this-release)<br>
[Get started with Upgrade Readiness](upgrade-readiness-get-started.md)<br>
[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)
[Use Upgrade Readiness to manage Windows upgrades](use-upgrade-readiness-to-manage-windows-upgrades.md)

80
windows/deployment/upgrade/setupdiag.md
View File

@ -193,71 +193,71 @@ When searching log files, SetupDiag uses a set of rules to match known issues. T
Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS.
1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
- This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
- This is a block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled.
3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
- This block happens when the host OS is booted to a VHD image. Upgrade is not supported when the host OS is booted from a VHD image.
4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
- This indicates that the host OS is booted from a Windows To-Go device (USB key). Upgrade is not supported in the Windows To-Go environment.
5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
- This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state. Upgrade is not supported from this state.
6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
- This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported.
7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
- This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process.
8. CompatBlockedApplicationAutoUninstall BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
8. CompatBlockedApplicationAutoUninstall BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
- This rule indicates there is an application that needs to be uninstalled before setup can continue.
9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
- When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing.
10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
- This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue.
11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
- This indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade.
12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
- This rule indicates the host OS and the target OS language editions do not match.
13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
- This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled. This will block the pre-release signed build from booting if installed on the machine.
14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
- This failure indicates the system ran out of disk space during the down-level operations of upgrade.
15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191
15. DiskSpaceFailure - 981DCBA5-B8D0-4BA7-A8AB-4030F7A10191
- This failure indicates the system drive ran out of available disk space at some point after the first reboot into the upgrade.
16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6
16. DeviceInstallHang - 37BB1C3A-4D79-40E8-A556-FDA126D40BC6
- This failure rule indicates the system hung or bug checked during the device installation phase of upgrade.
17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6
17. DebugSetupMemoryDump - C7C63D8A-C5F6-4255-8031-74597773C3C6
- This offline only rule indicates a bug check occurred during setup. If the debugger tools are available on the system, SetupDiag will debug the memory dump and provide details.
18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1
18. DebugSetupCrash - CEEBA202-6F04-4BC3-84B8-7B99AED924B1
- This offline only rule indicates that setup itself encountered a failure that resulted in a process memory dump. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C
19. DebugMemoryDump - 505ED489-329A-43F5-B467-FCAAF6A1264C
- This offline only rule is for any memory.dmp file that resulted during the setup/upgrade operation. If the debugger tools are installed on the system, SetupDiag will debug the memory dump and give further details.
20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7
20. BootFailureDetected - 4FB446C2-D4EC-40B4-97E2-67EB19D1CFB7
- This rule indicates a boot failure occurred during a specific phase of the update. The rule will indicate the failure code and phase for diagnostic purposes.
21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37
21. FindDebugInfoFromRollbackLog - 9600EB68-1120-4A87-9FE9-3A4A70ACFC37
- This rule will determine and give details when a bug check occurs during the setup/upgrade process that resulted in a memory dump, but without the requirement of the debugger package being on the executing machine.
22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
- Finds fatal advanced installer operations that cause setup failures.
23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781
23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781
- Detects a migration unit failure that caused the update to fail. This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes.
24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29
24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29
- Detects a migration gather unit failure that caused the update to fail. This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes.
25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043
25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043
- This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update. It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes.
26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14
26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14
- Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update. It will indicate the operation and error code associated with the failure for diagnostic purposes.
27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549
27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549
- This rule indicates the update failed to mount a wim file. It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes.
28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
- Determines if the given setup was a success or not based off the logs.
29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
- Gives information about failures surfaced early in the upgrade process by setuphost.exe
30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55
30. FindDownlevelFailure - 716334B7-F46A-4BAA-94F2-3E31BC9EFA55
- Gives failure information surfaced by SetupPlatform, later in the down-level phase.
31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD
31. FindAbruptDownlevelFailure - 55882B1A-DA3E-408A-9076-23B22A0472BD
- Gives last operation failure information when the system fails in the down-level, but the log just ends abruptly.
32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1
32. FindSetupPlatformFailedOperationInfo - 307A0133-F06B-4B75-AEA8-116C3B53C2D1
- Gives last phase and error information when SetupPlatform indicates a critical failure. This rule will indicate the operation and error associated with the failure for diagnostic purposes.
33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
- Gives last operation, failure phase and error information when a rollback occurs.
34. AdvancedInstallerGenericFailure 4019550D-4CAA-45B0-A222-349C48E86F71
- A rule to match AdvancedInstaller read/write failures in a generic sense. Will output the executable being called as well as the error code and exit code reported.
@ -299,19 +299,19 @@ Each rule name and its associated unique rule identifier are listed with a descr
- Indicates a sysPrep plug-in has failed in a critical operation. Indicates the plug-in name, operation name and error code.
53. UserProvidedDriverInjectionFailure - 2247C48A-7EE3-4037-AFAB-95B92DE1D980
- A driver provided to setup (via command line input) has failed in some way. Outputs the driver install function and error code.
54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
54. PlugInComplianceBlock - D912150B-1302-4860-91B5-527907D08960
- These are for server upgrades only, will output the compliance block and remediation required.
55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0
55. PreReleaseWimMountDriverFound - 31EC76CC-27EC-4ADC-9869-66AABEDB56F0
- Captures failures due to having an unrecognized wimmount.sys driver registered on the system.
56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C
56. WinSetupBootFilterFailure - C073BFC8-5810-4E19-B53B-4280B79E096C
- Detects failures in the kernel mode file operations.
57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE
57. WimMountDriverIssue - 565B60DD-5403-4797-AE3E-BC5CB972FBAE
- Detects failures in WimMount.sys registration on the system.
58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C
58. DISMImageSessionFailure - 61B7886B-10CD-4C98-A299-B987CB24A11C
- Captures failure information when DISM fails to start an image session successfully.
59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52
59. FindEarlyDownlevelError - A4CE4FC9-5E10-4BB1-8ECE-3B29EB9D7C52
- Detects failures in down-level phase before setup platform is invoked.
60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852
60. FindSPFatalError - A4028172-1B09-48F8-AD3B-86CDD7D55852
- Captures failure information when setup platform encounters a fatal error.

17
windows/deployment/upgrade/upgrade-readiness-deployment-script.md
View File

@ -20,9 +20,12 @@ To automate the steps provided in [Get started with Upgrade Readiness](upgrade-r
>[!IMPORTANT]
>Upgrade Readiness was previously called Upgrade Analytics. References to Upgrade Analytics in any scripts or online content pertain to the Upgrade Readiness solution.
>[!IMPORTANT]
>The latest version of the Upgrade Readiness Script is **2.4.4 - 10.10.2018**
For detailed information about using the Upgrade Readiness (also known as upgrade analytics) deployment script, see the [Upgrade Analytics blog](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/New-version-of-the-Upgrade-Analytics-Deployment-Script-available/ba-p/187164?advanced=false&collapse_discussion=true&q=new%20version%20of%20the%20upgrade%20analytics%20deployment%20script%20available&search_type=thread).
> The following guidance applies to version 11.11.16 or later of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
> The following guidance applies to version **2.4.4 - 10.10.2018** of the Upgrade Readiness deployment script. If you are using an older version, download the latest from the [Download Center](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409).
The Upgrade Readiness deployment script does the following:
@ -70,7 +73,7 @@ To run the Upgrade Readiness deployment script:
>
> *IEOptInLevel = 3 Data collection is enabled for all sites*
4. A recent version (03.02.17) of the deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
4. The deployment script is configured to collect and send diagnostic and debugging data to Microsoft. If you wish to disable sending diagnostic and debugging data to Microsoft, set **AppInsightsOptIn = false**. By default, **AppInsightsOptIn** is set to **true**.
The data that is sent is the same data that is collected in the text log file that captures the events and error codes while running the script. This file is named in the following format: **UA_yyyy_mm_dd_hh_mm_ss_machineID.txt**. Log files are created in the drive that is specified in the RunConfig.bat file. By default this is set to: **%SystemDrive%\UADiagnostics**.
@ -79,7 +82,7 @@ To run the Upgrade Readiness deployment script:
\*vortex\*.data.microsoft.com<BR>
\*settings\*.data.microsoft.com
5. The latest version (03.28.2018) of the deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**.
5. The deployment script configures insider builds to continue to send the device name to the diagnostic data management service and the analytics portal. If you do not want to have insider builds send the device name sent to analytics and be available in the analytics portal, set **DeviceNAmeOptIn = false**. By default it is true, which preserves the behavior on previous versions of Windows. This setting only applies to insider builds. Note that the device name is also sent to AppInsights, so to ensure the device name is not sent to either place you would need to also set **AppInsightsOptIn = false**.
6. After you finish editing the parameters in RunConfig.bat, you are ready to run the script. If you are using the Pilot version, run RunConfig.bat from an elevated command prompt. If you are using the Deployment version, use ConfigMgr or other software deployment service to run RunConfig.bat as system.
@ -147,8 +150,12 @@ Error creating or updating registry key: **CommercialId** at **HKLM:\SOFTWARE\Mi
| 59 - CleanupOneSettings failed to delete LastPersistedEventTimeOrFirstBoot property at registry key path: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Diagtrack** |The CleanupOneSettings function clears some of the cached values needed by the Appraiser which is the data collector on the monitored device. This helps in the download of the most recent for accurate running of the data collector. Verify that the account has the correct permissions to change or add registry keys. |
| 60 - CleanupOneSettings failed to delete registry key: **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\ Diagnostics\Diagtrack\SettingsRequests** | Verify that the account has the correct permissions to change or add registry keys. |
| 61 - CleanupOneSettings failed with an exception | CleanupOneSettings failed with an unexpected exception. |
| 63 - Diagnostic data is disabled for the device | If AllowTelemetry == 0, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. |
| 62 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at path **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection** is a REG_DWORD. |
| 63 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Policies\Microsoft\Windows\DataCollection**. |
| 64 - AllowTelemetry property value at registry key path **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is not of type REG_DWORD. It should be of type REG_DWORD. | Ensure that the **AllowTelemetry** property at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection** is a REG_DWORD. |
| 65 - Diagnostic data is disabled for the device | If AllowTelemetry equals **0**, devices cannot send diagnostic data. To resolve this, set the **AllowTelemetry** value at **HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\DataCollection**. |
| 66 - All recent data uploads for the Universal Telemetry Client failed. | Review the UtcConnectionReport in WMI in the namespace **root\cimv2\mdm\dmmap** under the **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** class. Only SYSTEM has access to this class. Use [PSExec](https://docs.microsoft.com/sysinternals/downloads/psexec) to execute your WMI utility as SYSTEM. |
| 67 - CheckUtcCsp failed with an exception | There was an error reading the WIM/CIM class **MDM_Win32CompatibilityAppraiser_UniversalTelemetryClient01** in the namespace **root\cimv2\mdm\dmmap**. Review system for WMI errors. |

41
windows/deployment/upgrade/windows-10-upgrade-paths.md
View File

@ -27,9 +27,9 @@ This topic provides a summary of available upgrade paths to Windows 10. You can
>
> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
>
> In-place upgrade from Windows 7, Windows 8.1, or Windows 10 semi-annual channel to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup).
> In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 semi-annual channel](https://docs.microsoft.com/windows/release-information/) to Windows 10 LTSC is not supported. **Note**: Windows 10 LTSC 2015 did not block this upgrade path. This was corrected in the Windows 10 LTSC 2016 release, which will now only allow data-only and clean install options. You can upgrade from Windows 10 LTSC to Windows 10 semi-annual channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup).
>
> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
> **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
>
> **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
@ -61,7 +61,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Home Basic</td>
@ -72,7 +71,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Home Premium</td>
@ -83,7 +81,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Professional</td>
@ -94,7 +91,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Ultimate</td>
@ -105,7 +101,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Enterprise</td>
@ -116,7 +111,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td rowspan="10" nowrap="nowrap">Windows 8.1</td>
@ -130,7 +124,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Connected</td>
@ -141,7 +134,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Pro</td>
@ -152,7 +144,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Pro Student</td>
@ -163,7 +154,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Pro WMC</td>
@ -174,7 +164,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Enterprise</td>
@ -185,7 +174,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Embedded Industry</td>
@ -196,7 +184,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Windows RT</td>
@ -207,7 +194,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Windows Phone 8.1</td>
@ -218,18 +204,16 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td rowspan="8" nowrap="nowrap">Windows 10</td>
</tr>
<tr>
<td>Home</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
@ -237,11 +221,10 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<tr>
<td>Pro</td>
<td>D</td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
@ -250,9 +233,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
<td>D</td>
<td></td>
<td>D</td>
<td></td>
<td></td>
</tr>
@ -262,7 +244,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
<td></td>
@ -276,7 +257,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
</tr>
<tr>
<td>Mobile Enterprise</td>
@ -285,9 +265,8 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
<td></td>
<td></td>
<td></td>
<td></td>
<td>D</td>
<td></td>
<td></td>
</tr>
</table>

2
windows/deployment/usmt/usmt-customize-xml-files.md
View File

@ -89,7 +89,7 @@ In addition, note the following functionality with the Config.xml file:
- If a parent component is removed from the migration in the Config.xml file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`.
- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no" `and the other line specifies `migrate="yes"`, the component will be migrated.
- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated.
- In USMT there are several migration policies that can be configured in the Config.xml file. For example, you can configure additional **&lt;ErrorControl&gt;**, **&lt;ProfileControl&gt;**, and **&lt;HardLinkStoreControl&gt;** options. For more information, see the [Config.xml File](usmt-configxml-file.md) topic.

2
windows/deployment/usmt/usmt-general-conventions.md
View File

@ -50,7 +50,7 @@ Before you modify the .xml files, become familiar with the following guidelines:
- **File names with brackets**
If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named File.txt, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern> `instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.
If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named File.txt, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.
- **Using quotation marks**

4
windows/deployment/usmt/usmt-xml-elements-library.md
View File

@ -1499,7 +1499,7 @@ For example:
- **MergeMultiSzContent**
The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent &lt;ObjectSet&gt; element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and` String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed.
The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent &lt;ObjectSet&gt; element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed.
Syntax: MergeMultiSzContent (*Instruction*,*String*,*Instruction*,*String*,…)
@ -3618,7 +3618,7 @@ The return value that is required by &lt;script&gt; depends on the parent elemen
Syntax: &lt;script&gt;MigXmlHelper.GetStringContent("*ObjectType*","*EncodedLocationPattern*", "*ExpandContent*")&lt;/script&gt;
Example:` <script>MigXMLHelper.GetStringContent("Registry","HKLM\Software\MyApp\Installer [EXEPATH]")</script>`
Example: `<script>MigXMLHelper.GetStringContent("Registry","HKLM\Software\MyApp\Installer [EXEPATH]")</script>`
- You can use [GenerateUserPatterns](#scriptfunctions) when &lt;script&gt; is within &lt;objectSet&gt;.

37
windows/deployment/volume-activation/monitor-activation-client.md
View File

@ -3,6 +3,7 @@ title: Monitor activation (Windows 10)
ms.assetid: 264a3e86-c880-4be4-8828-bf4c839dfa26
ms.reviewer:
manager: laurawi
audience: itpro
ms.author: greglin
description:
keywords: vamt, volume activation, activation, windows activation
@ -12,35 +13,33 @@ ms.sitesec: library
ms.pagetype: activation
author: greg-lindsay
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.topic: article
---
# Monitor activation
**Applies to**
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
- Windows 10
- Windows 8.1
- Windows 8
- Windows 7
- Windows Server 2012 R2
- Windows Server 2012
- Windows Server 2008 R2
**Looking for retail activation?**
- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
You can monitor the success of the activation process for a computer running Windows 8.1 in several ways. The most popular methods include:
- Using the Volume Licensing Service Center website to track use of MAK keys.
- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](https://technet.microsoft.com/library/ff793433.aspx).)
- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
- Most licensing actions and events are recorded in the Event log.
- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include:
- Using the Volume Licensing Service Center website to track use of MAK keys.
- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](https://technet.microsoft.com/library/ff793433.aspx).)
- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290).
- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
- See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
## See also
- [Volume Activation for Windows 10](volume-activation-windows-10.md)
 
 
[Volume Activation for Windows 10](volume-activation-windows-10.md)

6
windows/deployment/windows-10-pro-in-s-mode.md
View File

@ -67,9 +67,9 @@ You'll be prompted to save your files before the switch starts. Follow the promp
Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
1. Start Microsoft Intune.
2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**.
3. Follow the instructions to complete the switch.
1. Start Microsoft Intune.
2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**.
3. Follow the instructions to complete the switch.
## Block users from switching

13
windows/deployment/windows-10-subscription-activation.md
View File

@ -8,6 +8,7 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: mdt
author: greg-lindsay
manager: laurawi
ms.collection: M365-modern-desktop
search.appverid:
- MET150
@ -92,10 +93,10 @@ If devices are running Windows 7 or Windows 8.1, see [New Windows 10 upgrade ben
### Windows 10 Education requirements
1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security> Activation.
3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
1. Windows 10 Pro Education, version 1903 or later installed on the devices to be upgraded.
2. A device with a Windows 10 Pro Education digital license. You can confirm this information in Settings > Update & Security> Activation.
3. The Education tenant must have an active subscription to Microsoft 365 with a Windows 10 Enterprise license or a Windows 10 Enterprise or Education subscription.
4. Devices must be Azure AD-joined or Hybrid Azure AD joined. Workgroup-joined or Azure AD registered devices are not supported.
>If Windows 10 Pro is converted to Windows 10 Pro Education [using benefits available in Store for Education](https://docs.microsoft.com/education/windows/change-to-pro-education#change-using-microsoft-store-for-education), then the feature will not work. You will need to re-image the device using a Windows 10 Pro Education edition.
@ -136,8 +137,8 @@ After Windows 10, version 1903:<br>
![1903](images/after.png)
Note:
1. A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
2. A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
1. A Windows 10 Pro Education device will only step up to Windows 10 Education edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
2. A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when “Windows 10 Enterprise” license is assigned from M365 Admin center (as of May 2019).
### Scenarios

3
windows/deployment/windows-autopilot/TOC.md
View File

@ -25,4 +25,5 @@
## [FAQ](autopilot-faq.md)
## [Contacts](autopilot-support.md)
## [Registration authorization](registration-auth.md)
## [Device guidelines](autopilot-device-guidelines.md)
## [Device guidelines](autopilot-device-guidelines.md)
## [Motherboard replacement](autopilot-mbr.md)

4
windows/deployment/windows-autopilot/autopilot-device-guidelines.md
View File

@ -4,6 +4,7 @@ ms.reviewer:
manager: laurawi
description: Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
audience: itpro
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
@ -20,7 +21,7 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 10
## Hardware and firmware best practice guidelines for Windows Autopilot
@ -42,3 +43,4 @@ The following additional best practices ensure that devices can easily be provis
## Related topics
[Windows Autopilot customer consent](registration-auth.md)<br>
[Motherboard replacement scenario guidance](autopilot-mbr.md)<br>

421
windows/deployment/windows-autopilot/autopilot-mbr.md Normal file
View File

@ -0,0 +1,421 @@
---
title: Windows Autopilot motherboard replacement
ms.reviewer:
manager: laurawi
description: Windows Autopilot deployment MBR scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
audience: itpro
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article
---
# Windows Autopilot motherboard replacement scenario guidance
**Applies to**
- Windows 10
This document offers guidance for Windows Autopilot device repair scenarios that Microsoft partners can use in Motherboard Replacement (MBR) situations, and other servicing scenarios.
Repairing Autopilot enrolled devices is complex, as it tries to balance OEM requirements with Windows Autopilot requirements. Specifically, OEMs require strict uniqueness across motherboards, MAC addresses, etc., while Windows Autopilot requires strict uniqueness at the Hardware ID level for each device to enable successful registration. The Hardware ID does not always accommodate all the OEM hardware component requirements, thus these requirements are sometimes at odds, causing issues with some repair scenarios.
**Motherboard Replacement (MBR)**
If a motherboard replacement is needed on a Windows Autopilot device, the following process is recommended:
1. [Deregister the device](#deregister-the-autopilot-device-from-the-autopilot-program) from Windows Autopilot
2. [Replace the motherboard](#replace-the-motherboard)
3. [Capture a new device ID (4K HH)](#capture-a-new-autopilot-device-id-4k-hh-from-the-device)
4. [Reregister the device](#reregister-the-repaired-device-using-the-new-device-id) with Windows Autopilot
5. [Reset the device](#reset-the-device)
6. [Return the device](#return-the-repaired-device-to-the-customer)
Each of these steps is described below.
## Deregister the Autopilot device from the Autopilot program
Before the device arrives at the repair facility, it must be deregistered by the entity that registered it. Only the entity that registered the device can deregister it. This might be the customer IT Admin, the OEM, or the CSP partner. If the IT Admin registered the device, they likely did so via Intune (or possibly the Microsoft Store for Business). In that case, they should deregister the device from Intune (or MSfB). This is necessary because devices registered in Intune will not show up in MPC. However, if the OEM or CSP partner registered the device, they likely did so via the Microsoft Partner Center (MPC). In that case, they should deregister the device from MPC, which will also remove it from the customer IT Admins Intune account. Below, we describe the steps an IT Admin would go through to deregister a device from Intune, and the steps an OEM or CSP would go through to deregister a device from MPC.
**NOTE**: When possible, an OEM or CSP should register Autopilot devices, rather than having the customer do it. This will avoid problems where OEMs or CSPs may not be able to deregister a device if, for example, a customer leasing a device goes out of business before deregistering it themselves.
**EXCEPTION**: If a customer grants an OEM permission to register devices on their behalf via the automated consent process, then an OEM can use the API to deregister devices they didnt register themselves (instead, the customer registered the devices). But keep in mind that this would only remove those devices from the Autopilot program, it would not disenroll them from Intune or disjoin them from AAD. The customer must do those steps, if desired, through Intune.
### Deregister from Intune
To deregister an Autopilot device from Intune, an IT Admin would:
1. Sign in to their Intune account
2. Navigate to Intune > Groups > All groups
3. Remove the desired device from its group
4. Navigate to Intune > Devices > All devices
5. Select the checkbox next to the device you want to delete, then click the Delete button on the top menu
6. Navigate to Intune > Devices > Azure AD devices
7. Select the checkbox next to the device you want to delete, then click the Delete button along the top menu
8. Navigate to Intune > Device enrollment > Windows enrollment > Devices
9. Select the checkbox next to the device you want to deregister
10. Click the extended menu icon (“…”) on the far right end of the line containing the device you want to deregister in order to expose an additional menu with the option to “unassign user”
11. Click “Unassign user” if the device was previously assigned to a user; if not, this option will be grayed-out and can be ignored
12. With the unassigned device still selected, click the Delete button along the top menu to remove this device
**NOTE**: These steps deregister the device from Autopilot, but also unenroll the device from Intune, and disjoin the device from AAD. While it may appear that only deregistering the device from Autopilot is needed, there are certain barriers in place within Intune that necessitate all the steps above be done, which is best practice anyway in case the device gets lost or becomes unrecoverable, to eliminate the possibility of orphaned devices existing in the Autopilot database, or Intune, or AAD. If a device gets into an unrecoverable state, you can contact the appropriate [Microsoft support alias](autopilot-support.md) for assistance.
The deregistration process will take about 15 minutes. You can accelerate the process by clicking the “Sync” button, then “Refresh” the display until the device is no longer present.
More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
### Deregister from MPC
To deregister an Autopilot device from the Microsoft Partner Center (MPC), a CSP would:
1. Log into MPC
2. Navigate to Customer > Devices
3. Select the device to be deregistered and click the “Delete device” button
![devices](images/devices.png)
**NOTE**: Deregistering a device from Autopilot in MPC does only that; it does not also unenroll the device from the MDM (Intune), nor does it disjoin the device from AAD. Therefore, if possible, the OEM/CSP ideally should work with the customer IT Admin to have the device fully removed per the Intune steps in the previous section.
Alternatively, an OEM partner that has integrated the OEM Direct APIs can deregister a device by calling the AutopilotDeviceRegistration API with the TenantID and TenantDomain fields left blank in the request call.
Because the repair facility will not have access to the users login credentials, the repair facility will have to reimage the device as part of the repair process. This means that the customer should do three things before sending the device off for repair:
1. Copy all important data off the device.
2. Let the repair facility know which version of Windows they should reinstall after the repair.
3. If applicable, let the repair facility know which version of Office they should reinstall after the repair.
## Replace the motherboard
Technicians replace the motherboard (or other hardware) on the broken device. A replacement DPK is injected.
Repair and key replacement processes vary between facilities. Sometimes repair facilities receive motherboard spare parts from OEMs that have replacement DPKs already injected, but sometimes not. Sometimes repair facilities receive fully-functional BIOS tools from OEMs, but sometimes not. This means that the quality of the data in the BIOS after a MBR varies. To ensure the repaired device will still be Autopilot-capable following its repair, the new (post-repair) BIOS should be able to successfully gather and populate the following information at a minimum:
- DiskSerialNumber
- SmbiosSystemSerialNumber
- SmbiosSystemManufacturer
- SmbiosSystemProductName
- SmbiosUuid
- TPM EKPub
- MacAddress
- ProductKeyID
- OSType
**NOTE**: For simplicity, and because processes vary between repair facilities, we have excluded many of the additional steps often used in a MBR, such as:
- Verify that the device is still functional
- Disable BitLocker*
- Repair the Boot Configuration Data (BCD)
- Repair and verify the network driver operation
*BitLocker can be suspended rather than disbled if the technician has the ability to resume it after the repair.
## Capture a new Autopilot device ID (4K HH) from the device
Repair technicians must sign in to the repaired device to capture the new device ID. Assuming the repair technician does NOT have access to the customers login credentials, they will have to reimage the device in order to gain access, per the following steps:
1. The repair technician creates a [WinPE bootable USB drive](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#create-a-bootable-windows-pe-winpe-partition).
2. The repair technician boots the device to WinPE.
3. The repair technician [applies a new Windows image to the device](https://docs.microsoft.com/windows-hardware/manufacture/desktop/work-with-windows-images).
**NOTE**: Ideally, the same version of Windows should be reimaged onto the device that was originally on the device, so some coordination will be required between the repair facility and customer to capture this information at the time the device arrives for repair. This might include the customer sending the repair facility a customized image (.ppk file) via a USB stick, for example.
4. The repair technician boots the device into the new Windows image.
5. Once on the desktop, the repair technician captures the new device ID (4K HH) off the device using either the OA3 Tool or the PowerShell script, as described below.
Those repair facilities with access to the OA3 Tool (which is part of the ADK) can use the tool to capture the 4K Hardware Hash (4K HH).
Alternatively, the [WindowsAutoPilotInfo Powershell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) can be used to capture the 4K HH by following these steps:
1. Install the script from the [PowerShell Gallery](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) or from the command line (command line installation is shown below).
2. Navigate to the script directory and run it on the device when the device is either in Full OS or Audit Mode. See the following example.
```powershell
md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
Install-Script -Name Get-WindowsAutopilotInfo -Force
Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
```
>If you are prompted to install the NuGet package, choose **Yes**.<br>
>If, after installing the script you get an error that Get-WindowsAutopilotInfo.ps1 is not found, verify that C:\Program Files\WindowsPowerShell\Scripts is present in your PATH variable.<br>
>If the Install-Script cmdlet fails, verify that you have the default PowerShell repository registered (**Get-PSRepository**) or register the default repository with **Register-PSRepository -Default -Verbose**.
The script creates a .csv file that contains the device information, including the complete 4K HH. Save this file so that you can access it later. The service facility will use this 4K HH to reregister device as described below. Be sure to use the -OutputFile parameter when saving the file, which ensures that file formatting is correct. Do not attempt to pipe the command output to a file manually.
**NOTE**: If the repair facility does not have the ability to run the OA3 tool or PowerShell script to capture the new 4K HH, then the CSP (or OEM) partners must do this for them. Without some entity capturing the new 4K HH, there is no way to reregister this device as an Autopilot device.
## Reregister the repaired device using the new device ID
If an OEM is not able to reregister the device, then the repair facility or CSP should reregister the device using MPC, or the customer IT Admin should be advised to reregister the device via Intune (or MSfB). Both ways of reregistering a device are shown below.
### Reregister from Intune
To reregister an Autopilot device from Intune, an IT Admin would:
1. Sign in to Intune.
2. Navigate to Device enrollment > Windows enrollment > Devices > Import.
3. Click the **Import** button to upload a csv file containing the device ID of the device to be reregistered (the device ID was the 4K HH captured by the PowerShell script or OA3 tool described previously in this document).
The following video provides a good overview of how to (re)register devices via MSfB.<br>
> [!VIDEO https://www.youtube.com/embed/IpLIZU_j7Z0]
### Reregister from MPC
To reregister an Autopilot device from MPC, an OEM or CSP would:
1. Sign in to MPC.
2. Navigate to the Customer > Devices page and click the **Add devices** button to upload the csv file.
![device](images/device2.png)<br>
![device](images/device3.png)
In the case of reregistering a repaired device through MPC, the uploaded csv file must contain the 4K HH for the device, and not just the PKID or Tuple (SerialNumber + OEMName + ModelName). If only the PKID or Tuple were used, the Autopilot service would be unable to find a match in the Autopilot database, since no 4K HH info was ever previously submitted for this essentially “new” device, and the upload will fail, likely returning a ZtdDeviceNotFound error. So, again, only upload the 4K HH, not the Tuple or PKID.
**NOTE**: When including the 4K HH in the csv file, you do NOT also need to include the PKID or Tuple. Those columns may be left blank, as shown below:
![hash](images/hh.png)
## Reset the device
Since the device was required to be in Full OS or Audit Mode to capture the 4K HH, the repair facility must reset the image back to a pre-OOBE state before returning it to the customer. One way this can be accomplished is by using the built-in reset feature in Windows, as follows:
On the device, go to Settings > Update & Security > Recovery and click on Get started. Under Reset this PC, select Remove everything and Just remove my files. Finally, click on Reset.
![reset](images/reset.png)
However, its likely the repair facility wont have access to Windows because they lack the user credentials to login, in which case they need to use other means to reimage the device, such as the [Deployment Image Servicing and Management tool](https://docs.microsoft.com/windows-hardware/manufacture/desktop/oem-deployment-of-windows-10-for-desktop-editions#use-a-deployment-script-to-apply-your-image).
## Return the repaired device to the customer
After completing the previous steps, the repaired device can now be returned to the customer, and will be auto-enrolled into the Autopilot program on first boot-up during OOBE.
**NOTE**: If the repair facility did NOT reimage the device, they could be sending it back in a potentially broken state (e.g., theres no way to log into the device because its been dissociated from the only known user account), in which case they should tell the organization that they need to fix the registration and OS themselves.
**IMPORTANT**: A device can be “registered” for Autopilot prior to being powered-on, but the device isnt actually “deployed” to Autopilot (i.e., enabled as an Autopilot device) until it goes through OOBE, which is why resetting the device back to a pre-OOBE state is a required step.
## Specific repair scenarios
This section covers the most common repair scenarios, and their impact on Autopilot enablement.
NOTES ON TEST RESULTS:
- Scenarios below were tested using Intune only (no other MDMs were tested).
- In most test scenarios below, the repaired and reregistered device needed to go through OOBE again for Autopilot to be enabled.
- Motherboard replacement scenarios often result in lost data, so repair centers or customers should be reminded to backup data (if possible) prior to repair.
- In the cases where a repair facility does not have the ability to write device info into the BIOS of the repaired device, new processes need to be created to successfully enable Autopilot.
- Repaired device should have the Product Key (DPK) preinjected in the BIOS before capturing the new 4K HH (device ID)
In the following table:<br>
- Supported = **Yes**: the device can be reenabled for Autopilot
- Supported = **No**: the device cannot be reenabled for Autopilot
<table border="1">
<th>Scenario<th>Supported<th>Microsoft Recommendation
<tr><td>Motherboard Replacement (MBR) in general<td>Yes<td>The recommended course of action for MBR scenarios is:
1. Autopilot device is deregistered from the Autopilot program
2. The motherboard is replace
3. The device is reimaged (with BIOS info and DPK reinjected)*
4. A new Autopilot device ID (4K HH) is captured off the device
5. The repaired device is reregistered for the Autopilot program using the new device ID
6. The repaired device is reset to boot to OOBE
7. The repaired device is shipped back to the customer
*Its not necessary to reimage the device if the repair technician has access to the customers login credentials. Its technically possible to do a successful MBR and Autopilot re-enablement without keys or certain BIOS info (e.g., serial #, model name, etc.), but doing so is only recommended for testing/educational purposes.
<tr><td>MBR when motherboard has a TPM chip (enabled) and only one onboard network card (that also gets replaced)<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard
3. Reimage device (to gain access), unless have access to customers login credentials
4. Write device info into BIOS
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR when motherboard has a TPM chip (enabled) and a second network card (or network interface) that is not replaced along with the motherboard<td>No<td>This scenario is not recommended, as it breaks the Autopilot experience, because the resulting Device ID will not be stable until after TPM attestation has completed, and even then registration may give incorrect results because of ambiguity with MAC Address resolution.
<tr><td>MBR where the NIC card, HDD, and WLAN all remain the same after the repair<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage device (to gain access), unless have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)*
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
*Note that for this and subsequent scenarios, rewriting old device info would not include the TPM 2.0 endorsement key, as the associated private key is locked to the TPM device
<tr><td>MBR where the NIC card remains the same, but the HDD and WLAN are replaced<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Insert new HDD and WLAN
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where the NIC card and WLAN remains the same, but the HDD is replaced<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Insert new HDD
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that had NOT been Autopilot-enabled before.<td>Yes<td>
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage device (to gain access), unless have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>MBR where only the MB is replaced (all other parts remain same) but new MB was taken from a previously used device that HAD been Autopilot-enabled before.<td>Yes<td>
1. Deregister old device from which MB will be taken
2. Deregister damaged device (that you want to repair)
3. Replace motherboard in repair device with MB from other Autopilot device (with new RDPK preinjected in BIOS)
4. Reimage device (to gain access), unless have access to customers login credentials
5. Write old device info into BIOS (same s/n, model, etc.)
6. Capture new 4K HH
7. Reregister repaired device
8. Reset device back to OOBE
9. Go through Autopilot OOBE (customer)
10. Autopilot successfully enabled
<b>NOTE</b>: The repaired device can also be used successfully as a normal, non-Autopilot device.
<tr><td>BIOS info excluded from MBR device<td>No<td>Repair facility does not have BIOS tool to write device info into BIOS after MBR.
1. Deregister damaged device
2. Replace motherboard (BIOS does NOT contain device info)
3. Reimage and write DPK into image
4. Capture new 4K HH
5. Reregister repaired device
6. Create Autopilot profile for device
7. Go through Autopilot OOBE (customer)
8. Autopilot FAILS to recognize repaired device
<tr><td>MBR when there is no TPM chip<td>Yes<td>Though we do not recommend enabling an Autopilot devices without a TPM chip (which is recommended for BitLocker encryption), it is possible to enable an Autopilot devices in “standard user” mode (but NOT Self-deploying mode) that does not have a TPM chip. In this case, you would:
1. Deregister damaged device
2. Replace motherboard
3. Reimage device (to gain access), unless have access to customers login credentials
4. Write old device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reregister repaired device
7. Reset device back to OOBE
8. Go through Autopilot OOBE (customer)
9. Autopilot successfully enabled
<tr><td>New DPK written into image on repaired Autopilot device with a new MB<td>Yes<td>Repair facility replaces normal MB on damaged device. MB does not contain any DPK in the BIOS. Repair facility writes DPK into image after MBR.
1. Deregister damaged device
2. Replace motherboard BIOS does NOT contain DPK info
3. Reimage device (to gain access), unless have access to customers login credentials
4. Write device info into BIOS (same s/n, model, etc.)
5. Capture new 4K HH
6. Reset or reimage device to pre-OOBE and write DPK into image
7. Reregister repaired device
8. Go through Autopilot OOBE
9. Autopilot successfully enabled
<tr><td>New Repair Product Key (RDPK)<td>Yes<td>Using a MB with a new RDPK preinjected results in a successful Autopilot refurbishment scenario.
1. Deregister damaged device
2. Replace motherboard (with new RDPK preinjected in BIOS)
3. Reimage or rest image to pre-OOBE
4. Write device info into BIOS
5. Capture new 4K HH
6. Reregister repaired device
7. Reimage or reset image to pre-OOBE
8. Go through Autopilot OOBE
9. Autopilot successfully enabled
<tr><td>No Repair Product Key (RDPK) injected<td>No<td>This scenario violates Microsoft policy and breaks the Windows Autopilot experience.
<tr><td>Reimage damaged Autopilot device that was not deregistered prior to repair<td>Yes, but the device will still be associated with previous tenant ID, so should only be returned to same customer<td>
1. Reimage damaged device
2. Write DPK into image
3. Go through Autopilot OOBE
4. Autopilot successfully enabled (to previous tenant ID)
<tr><td>Disk replacement from a non-Autopilot device to an Autopilot device<td>Yes<td>
1. Do not deregister damaged device prior to repair
2. Replace HDD on damaged device
3. Reimage or reset image back to OOBE
4. Go through Autopilot OOBE (customer)
5. Autopilot successfully enabled (repaired device recognized as its previous self)
<tr><td>Disk replacement from one Autopilot device to another Autopilot device<td>Maybe<td>If the device from which the HDD is taken was itself previously deregistered from Autopilot, then that HDD can be used in a repair device. But if the HDD was never previously deregistered from Autopilot before being used in a repaired device, the newly repaired device will not have the proper Autopilot experience.
Assuming the used HDD was previously deregistered (before being used in this repair):
1. Deregister damaged device
2. Replace HDD on damaged device using a HDD from another deregistered Autopilot device
3. Reimage or rest the repaired device back to a pre-OOBE state
4. Go through Autopilot OOBE (customer)
5. Autopilot successfully enabled
<tr><td>Third party network card replacement <td>No<td>Whether from a non-Autopilot device to an Autopilot device, from one Autopilot device to another Autopilot device, or from an Autopilot device to a non-Autopilot device, any scenario where a 3rd party (not onboard) Network card is replaced will break the Autopilot experience, and is not recommended.
<tr><td>A device repaired more than 3 times<td>No<td>Autopilot is not supported when a device is repeatedly repaired, so that whatever parts NOT replaced become associated with too many parts that have been replaced, which would make it difficult to uniquely identify that device in the future.
<tr><td>Memory replacement<td>Yes<td>Replacing the memory on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the memory.
<tr><td>GPU replacement<td>Yes<td>Replacing the GPU(s) on a damaged device does not negatively affect the Autopilot experience on that device. No de/reregistration is needed. The repair technician simply needs to replace the GPU.
</table>
>When scavenging parts from another Autopilot device, we recommend unregistering the scavenged device from Autopilot, scavenging it, and then NEVER REGISTERING THE SCAVENGED DEVICE (AGAIN) FOR AUTOPILOT, because reusing parts this way may cause two active devices to end up with the same ID, with no possibility of distinguishing between the two.
**NOTE**: The following parts may be replaced without compromising Autopilot enablement or requiring special additional repair steps:
- Memory (RAM or ROM)
- Power Supply
- Video Card
- Card Reader
- Sound card
- Expansion card
- Microphone
- Webcam
- Fan
- Heat sink
- CMOS battery
Other repair scenarios not yet tested and verified include:
- Daughterboard replacement
- CPU replacement
- Wifi replacement
- Ethernet replacement
## FAQ
| Question | Answer |
| --- | --- |
| If we have a tool that programs product information into the BIOS after the MBR, do we still need to submit a CBR report for the device to be Autopilot-capable? | No. Not if the in-house tool writes the minimum necessary information into the BIOS that the Autopilot program looks for to identify the device, as described earlier in this document. |
| What if only some components are replaced rather than the full motherboard? | While its true that some limited repairs do not prevent the Autopilot algorithm from successfully matching the post-repair device with the pre-repair device, it is best to ensure 100% success by going through the MBR steps above even for devices that only needed limited repairs. |
| How does a repair technician gain access to a broken device if they dont have the customers login credentials? | The technician will have to reimage the device and use their own credentials during the repair process. |
## Related topics
[Device guidelines](autopilot-device-guidelines.md)<br>

8
windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
View File

@ -244,7 +244,7 @@ Click on the **WindowsAutopilot** VM in Hyper-V Manager and verify that you see
Follow these steps to run the PS script:
1. Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device:
1. Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same regardless of whether you are using a VM or a physical device:
```powershell
md c:\HWID
@ -647,9 +647,9 @@ Note: A 64-bit operating system is required to run Hyper-V.
Before we can pull an application into Intune to make it part of our AP profile, we need to “package” the application for delivery using the [IntuneWinAppUtil.exe command-line tool](https://github.com/Microsoft/Intune-Win32-App-Packaging-Tool). After downloading the tool, gather the following three bits of information to use the tool:
1. The source folder for your application
2. The name of the setup executable file
3. The output folder for the new file
1. The source folder for your application
2. The name of the setup executable file
3. The output folder for the new file
For the purposes of this lab, well use the Notepad++ tool as our Win32 app.

2
windows/deployment/windows-autopilot/existing-devices.md
View File

@ -212,7 +212,7 @@ See the following examples.
- Click **Next**.
>[!NOTE]
>The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined devices.
>The Autopilot for existing devices task sequence will result in an Azure Active Directory Domain (AAD) joined device. The User State Migration Toolkit (USMT) does not support AAD joined or hybrid AAD joined devices.
7. On the Include Updates page, choose one of the three available options. This selection is optional.
8. On the Install applications page, add applications if desired. This is optional.

BIN
windows/deployment/windows-autopilot/images/device2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 43 KiB

BIN
windows/deployment/windows-autopilot/images/device3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 18 KiB

BIN
windows/deployment/windows-autopilot/images/devices.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 45 KiB

BIN
windows/deployment/windows-autopilot/images/hh.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.8 KiB

BIN
windows/deployment/windows-autopilot/images/reset.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

1
windows/deployment/windows-autopilot/index.md
View File

@ -68,6 +68,7 @@ This guide is intended for use by an IT-specialist, system architect, or busines
<tr><td><a href="autopilot-faq.md">FAQ</a><td>Frequently asked questions on several topics are provided.
<tr><td><a href="autopilot-support.md">Support contacts</a><td>Support information is provided.
<tr><td><a href="registration-auth.md">Registration authorization</a><td>This article discusses how a CSP partner or OEM can obtain customer authorization to register Windows Autopilot devices.
<tr><td><a href="autopilot-mbr.md">Motherboard replacement</a><td>Information about how to deal with Autopilot registration and device repair issues is provided.
</table>
## Related topics

11
windows/deployment/windows-autopilot/known-issues.md
View File

@ -9,6 +9,7 @@ ms.mktglfcycl: deploy
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.collection: M365-modern-desktop
@ -20,10 +21,18 @@ ms.topic: article
**Applies to**
- Windows 10
- Windows 10
<table>
<th>Issue<th>More information
<tr><td>The following known issues are resolved by installing the July 26, 2019 KB4505903 update (OS Build 18362.267):
- Windows Autopilot white glove does not work for a non-English OS and you see a red screen that says "Success."
- Windows Autopilot reports an AUTOPILOTUPDATE error during OOBE after sysprep, reset or other variations. This typically happens if you reset the OS or used a custom sysprepped image.
- BitLocker encryption is not correctly configured. Ex: BitLocker didnt get an expected notification after policies were applied to begin encryption.
- You are unable to install UWP apps from the Microsoft Store, causing failures during Windows Autopilot. If you are deploying Company Portal as a blocking app during Windows Autopilot ESP, youve probably seen this error.
- A user is not granted administrator rights in the Windows Autopilot user-driven Hybrid Azure AD join scenario. This is another non-English OS issue.
<td>Download and install the <a href="https://support.microsoft.com/help/4505903">KB4505903 update</a>. <br><br>See the section: <b>How to get this update</b> for information on specific release channels you can use to obtain the update.
<tr><td>White glove gives a red screen and the <b>Microsoft-Windows-User Device Registration/Admin</b> event log displays <b>HResult error code 0x801C03F3</b><td>This can happen if Azure AD cant find an AAD device object for the device that you are trying to deploy. This will occur if you manually delete the object. To fix it, remove the device from AAD, Intune, and Autopilot, then re-register it with Autopilot, which will recreate the AAD device object.<br>
<br>To obtain troubleshooting logs use: <b>Mdmdiagnosticstool.exe -area Autopilot;TPM -cab c:\autopilot.cab</b>
<tr><td>White glove gives a red screen<td>White glove is not supported on a VM.

14
windows/deployment/windows-autopilot/registration-auth.md
View File

@ -36,7 +36,7 @@ CSP partners can get customer authorization to register Windows Autopilot device
For a CSP to register Windows Autopilot devices on behalf of a customer, the customer must first grant that CSP partner permission using the following process:
1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so:
1. CSP sends link to customer requesting authorization/consent to register/manage devices on their behalf. To do so:
- CSP logs into Microsoft Partner Center
- Click **Dashboard** on the top menu
- Click **Customer** on the side menu
@ -54,8 +54,8 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
![Not global admin](images/csp4.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSPs MPC account under their **customers** list, for example:
3. Customer selects the **Yes** checkbox, followed by the **Accept** button. Authorization happens instantaneously.
4. The CSP will know that this consent/authorization request has been completed because the customer will show up in the CSPs MPC account under their **customers** list, for example:
![Customers](images/csp5.png)
@ -63,17 +63,17 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
Each OEM has a unique link to provide to their respective customers, which the OEM can request from Microsoft via msoemops@microsoft.com.
1. OEM emails link to their customer.
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
1. OEM emails link to their customer.
2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link once they receive it from the OEM, which takes them directly to the following MSfB page:
![Global admin](images/csp6.png)
NOTE: A user without global admin privileges who clicks the link will see a message similar to the following:
![Not global admin](images/csp7.png)
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously.
3. Customer selects the **Yes** checkbox, followed by the **Accept** button, and theyre done. Authorization happens instantaneously.
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
4. The OEM can use the Validate Device Submission Data API to verify the consent has completed. This API is discussed in the latest version of the API Whitepaper, p. 14ff [https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx](https://devicepartner.microsoft.com/assets/detail/windows-autopilot-integration-with-oem-api-design-whitepaper-docx). **Note**: this link is only accessible by Microsoft Device Partners. As discussed in this whitepaper, its a best practice recommendation for OEM partners to run the API check to confirm theyve received customer consent before attempting to register devices, thus avoiding errors in the registration process.
## Summary

24
windows/deployment/windows-autopilot/troubleshooting.md
View File

@ -26,20 +26,20 @@ Windows Autopilot is designed to simplify all parts of the Windows device lifecy
Regardless of whether performing user-driven or self-deploying device deployments, the troubleshooting process is the mostly the same. It is useful to understand the flow for a specific device:
- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune).
- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
- Network connection established. This can be a wireless (Wi-fi) or wired (Ethernet) connection.
- Windows Autopilot profile downloaded. Whether using a wired connection or manually establishing a wireless connection, the Windows Autopilot profile will be downloaded from the Autopilot deployment service as soon as the network connection is in place.
- User authentication. When performing a user-driven deployment, the user will enter their Azure Active Directory credentials, which will be validated.
- Azure Active Directory join. For user-driven deployments, the device will be joined to Azure AD using the specified user credentials. For self-deploying scenarios, the device will be joined without specifying any user credentials.
- Automatic MDM enrollment. As part of the Azure AD join process, the device will enroll in the MDM service configured in Azure AD (e.g. Microsoft Intune).
- Settings are applied. If the [enrollment status page](enrollment-status.md) is configured, most settings will be applied while the enrollment status page is displayed. If not configured or available, settings will be applied after the user is signed in.
For troubleshooting, key activities to perform are:
- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues. Was the device able to join Azure Active Directory?
- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
- Configuration. Has Azure Active Directory and Microsoft Intune (or an equivalent MDM service) been configured as specified in [Windows Autopilot configuration requirements](windows-autopilot-requirements.md)?
- Network connectivity. Can the device access the services described in [Windows Autopilot networking requirements](windows-autopilot-requirements.md)?
- Autopilot OOBE behavior. Were only the expected out-of-box experience screens displayed? Was the Azure AD credentials page customized with organization-specific details as expected?
- Azure AD join issues. Was the device able to join Azure Active Directory?
- MDM enrollment issues. Was the device able to enroll in Microsoft Intune (or an equivalent MDM service)?
## Troubleshooting Autopilot OOBE issues
@ -109,7 +109,7 @@ When a profile is downloaded depends on the version of Windows 10 that is runnin
| 1803 | The profile is downloaded as soon as possible. If wired, it is downloaded at the start of OOBE. If wireless, it is downloaded after the network connection page. |
| 1809 | The profile is downloaded as soon as possible (same as 1803), and again after each reboot. |
If you need to reboot a computer during OOBE:
If you need to reboot a computer during OOBE:
- Press Shift-F10 to open a command prompt.
- Enter **shutdown /r /t 0** to restart immediately, or **shutdown /s /t 0** to shutdown immediately.

6
windows/deployment/windows-autopilot/white-glove.md
View File

@ -8,6 +8,7 @@ ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
manager: laurawi
ms.author: greg-lindsay
ms.collection: M365-modern-desktop
ms.topic: article
@ -38,6 +39,9 @@ In addition to [Windows Autopilot requirements](windows-autopilot-requirements.m
- Physical devices that support TPM 2.0 and device attestation; virtual machines are not supported. The white glove provisioning process leverages Windows Autopilot self-deploying capabilities, hence the TPM 2.0 requirements.
- Physical devices with Ethernet connectivity; Wi-fi connectivity is not supported due to the requirement to choose a language, locale, and keyboard to make that Wi-fi connection; doing that in a pre-provisioning process could prevent the user from choosing their own language, locale, and keyboard when they receive the device.
>[!IMPORTANT]
>Because the OEM or vendor performs the white glove process, this <u>doesnt require access to an end-user's on-prem domain infrastructure</u>. This is unlike a typical hybrid Azure AD-joined scenario because rebooting the device is postponed. The device is resealed prior to the time when connectivity to a domain controller is expected, and the domain network is contacted when the device is unboxed on-prem by the end-user.
## Preparation
Devices slated for WG provisioning are registered for Autopilot via the normal registration process.
@ -107,4 +111,4 @@ If the pre-provisioning process completed successfully and the device was reseal
## Related topics
[White glove video](https://youtu.be/nE5XSOBV0rI)
[White glove video](https://youtu.be/nE5XSOBV0rI)

18
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -28,19 +28,19 @@ Windows Autopilot depends on specific capabilities available in Windows 10, Azur
- Windows 10 version 1703 (semi-annual channel) or higher is required.
- The following editions are supported:
- Windows 10 Pro
- Windows 10 Pro Education
- Windows 10 Pro for Workstations
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Enterprise 2019 LTSC
- Windows 10 Pro
- Windows 10 Pro Education
- Windows 10 Pro for Workstations
- Windows 10 Enterprise
- Windows 10 Education
- Windows 10 Enterprise 2019 LTSC
## Networking requirements
Windows Autopilot depends on a variety of internet-based services. Access to these services must be provided for Autopilot to function properly. In the simplest case, enabling proper functionality can be achieved by ensuring the following:
- Ensure DNS name resolution for internet DNS names
- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
- Ensure DNS name resolution for internet DNS names
- Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details:
@ -60,7 +60,7 @@ If the Delivery Optimization Service is inaccessible, the AutoPilot process will
<tr><td><b>Network Time Protocol (NTP) Sync<b><td>When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is accurate. Ensure that UDP port 123 to time.windows.com is accessible.
<tr><td><b>Domain Name Services (DNS)<b><td>To resolve DNS names for all services, the device communicates with a DNS server, typically provided via DHCP.  This DNS server must be able to resolve internet names.
<tr><td><b>Diagnostics data<b><td>To enable Windows Analytics and related diagnostics capabilities, see <a href="https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization">Configure Windows diagnostic data in your organization</a>.<br>
<tr><td><b>Diagnostics data<b><td>Starting in Windows 10, 1903, diagnostic data collection will be enabled by default. To disable Windows Analytics and related diagnostics capabilities, see <a href="https://docs.microsoft.com/windows/privacy/configure-windows-diagnostic-data-in-your-organization#manage-enterprise-diagnostic-data-level">Manage enterprise diagnostic data level</a>.<br>
If diagnostic data cannot be sent, the Autopilot process will still continue, but services that depend on diagnostic data, such as Windows Analytics, will not work.
<tr><td><b>Network Connection Status Indicator (NCSI)<b><td>Windows must be able to tell that the device is able to access the internet. For more information, see <a href="https://docs.microsoft.com/windows/privacy/manage-windows-1709-endpoints#network-connection-status-indicator-ncsi">Network Connection Status Indicator (NCSI)</a>.

15
windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
View File

@ -26,14 +26,13 @@ Windows Autopilot includes support for a growing list of scenarios, designed to
The following Windows Autopilot scenarios are described in this guide:
<table>
<th>Scenario<th>More information
<tr><td>Deploy devices that will be set up by a member of the organization and configured for that person<td>[Windows Autopilot user-driven mode](user-driven.md)
<tr><td>Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.<td>[Windows Autopilot self-deploying mode](self-deploying.md)
<tr><td>Re-deploy a device in a business-ready state.<td>[Windows Autopilot Reset](windows-autopilot-reset.md)
<tr><td>Pre-provision a device with up-to-date applications, policies and settings.<td>[White glove](white-glove.md)
<tr><td>Deploy Windows 10 on an existing Windows 7 or 8.1 device<td>[Windows Autopilot for existing devices](existing-devices.md)
</table>
| Scenario | More information |
| --- | --- |
| Deploy devices that will be set up by a member of the organization and configured for that person | [Windows Autopilot user-driven mode](user-driven.md) |
| Deploy devices that will be automatically configured for shared use, as a kiosk, or as a digital signage device.| [Windows Autopilot self-deploying mode](self-deploying.md) |
| Re-deploy a device in a business-ready state.| [Windows Autopilot Reset](windows-autopilot-reset.md) |
| Pre-provision a device with up-to-date applications, policies and settings.| [White glove](white-glove.md) |
| Deploy Windows 10 on an existing Windows 7 or 8.1 device | [Windows Autopilot for existing devices](existing-devices.md) |
## Windows Autopilot capabilities

1
windows/deployment/windows-autopilot/windows-autopilot-whats-new.md
View File

@ -10,6 +10,7 @@ ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
audience: itpro
ms.author: greglin
ms.collection: M365-modern-desktop
ms.topic: article