mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-16 15:27:22 +00:00
Merge remote-tracking branch 'refs/remotes/origin/master' into rs3
This commit is contained in:
jdeckerMS
commit
7fb48088ff
@ -1443,6 +1443,11 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|
||||
<li>Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess</li>
|
||||
</ul>
|
||||
<p>Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).</p>
|
||||
<p>There were issues reported with the previous release of the following policies. These issues were fixed in Window 10, version 1709:</p>
|
||||
<ul>
|
||||
<li>Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</li>
|
||||
<li>Start/HideAppList</li>
|
||||
</ul>
|
||||
</td></tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -34,11 +34,11 @@ ms.date: 08/21/2017
|
||||
<th>Mobile Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
</tr>
|
||||
@ -48,6 +48,9 @@ ms.date: 08/21/2017
|
||||
<!--StartDescription-->
|
||||
<p style="margin-left: 20px">Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
|
||||
|
||||
> [!Note]
|
||||
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
|
||||
- 0 (default)– Not allowed.
|
||||
|
||||
@ -448,10 +448,10 @@ ms.date: 08/09/2017
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
@ -462,7 +462,10 @@ ms.date: 08/09/2017
|
||||
> [!NOTE]
|
||||
> This policy requires reboot to take effect.
|
||||
|
||||
<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by collapsing or removing the all apps list.
|
||||
<p style="margin-left: 20px">Allows IT Admins to configure Start by collapsing or removing the all apps list.
|
||||
|
||||
> [!Note]
|
||||
> There were issues reported with the previous release of this policy and a fix was added in Windows 10, version 1709.
|
||||
|
||||
<p style="margin-left: 20px">The following list shows the supported values:
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
|
||||
localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: mdt
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.localizationpriority: high
|
||||
ms.prod: w10
|
||||
ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -181,12 +181,12 @@ During the life of a device, it may be necessary or desirable to switch between
|
||||
<td align="left">Use media to upgrade to the latest Windows Insider Program build.</td>
|
||||
</tr>
|
||||
<tr class="odd">
|
||||
<td align="left">Long-Term Servicing Channel (Targeted)</td>
|
||||
<td align="left">Use media to upgrade to a later Long-Term Servicing Channel build. (Note that the Long-Term Servicing Channel build must be a later build.)</td>
|
||||
<td align="left">Semi-Annual Channel (Targeted)</td>
|
||||
<td align="left">Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.</td>
|
||||
</tr>
|
||||
<tr class="even">
|
||||
<td align="left">Long-Term Servicing Channel</td>
|
||||
<td align="left">Use media to upgrade to a later Long-Term Servicing Channel for Business build (Long-Term Servicing Channel build plus fixes). Note that it must be a later build.</td>
|
||||
<td align="left">Semi-Annual Channel</td>
|
||||
<td align="left">Use media to upgrade. Note that the Semi-Annual Channel build must be a later build.</td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
|
||||
localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: mdt
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
|
||||
ms.localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: mdt
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
|
||||
localizationpriority: high
|
||||
ms.sitesec: library
|
||||
ms.pagetype: mdt
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
keywords: deployment, automate, tools, configure, mdt
|
||||
ms.localizationpriority: high
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
keywords: deployment, automate, tools, configure, sccm
|
||||
ms.localizationpriority: high
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
|
||||
@ -7,6 +7,7 @@ ms.sitesec: library
|
||||
ms.pagetype: deploy
|
||||
keywords: deployment, automate, tools, configure, mdt, sccm
|
||||
ms.localizationpriority: high
|
||||
ms.date: 08/23/2017
|
||||
author: greg-lindsay
|
||||
---
|
||||
|
||||
@ -771,6 +772,27 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
|
||||
Add-DnsServerForwarder -IPAddress 192.168.0.2
|
||||
</pre>
|
||||
|
||||
**Configure service and user accounts**
|
||||
|
||||
Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
|
||||
|
||||
>To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
||||
|
||||
On DC1, open an elevated Windows PowerShell prompt and type the following commands:
|
||||
|
||||
<pre style="overflow-y: visible">
|
||||
New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name CM_NAA -UserPrincipalName CM_NAA -Description "Configuration Manager Network Access Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
Add-ADGroupMember "Domain Admins" MDT_BA,CM_JD,CM_NAA
|
||||
Set-ADUser -Identity user1 -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity administrator -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
|
||||
</pre>
|
||||
|
||||
12. Minimize the DC1 VM window but **do not stop** the VM.
|
||||
|
||||
Next, the client VM will be started and joined to the contoso.com domain. This is done before adding a gateway to the PoC network so that there is no danger of duplicate DNS registrations for the physical client and its cloned VM in the corporate domain.
|
||||
@ -984,27 +1006,6 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
|
||||
Restart-Computer
|
||||
</pre>
|
||||
|
||||
### Configure service and user accounts
|
||||
|
||||
Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
|
||||
|
||||
>To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
||||
|
||||
On DC1, open an elevated Windows PowerShell prompt and type the following commands:
|
||||
|
||||
<pre style="overflow-y: visible">
|
||||
New-ADUser -Name User1 -UserPrincipalName user1 -Description "User account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name MDT_BA -UserPrincipalName MDT_BA -Description "MDT Build Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name CM_JD -UserPrincipalName CM_JD -Description "Configuration Manager Join Domain Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
New-ADUser -Name CM_NAA -UserPrincipalName CM_NAA -Description "Configuration Manager Network Access Account" -AccountPassword (ConvertTo-SecureString "pass@word1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true
|
||||
Add-ADGroupMember "Domain Admins" MDT_BA,CM_JD,CM_NAA
|
||||
Set-ADUser -Identity user1 -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity administrator -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity MDT_BA -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity CM_JD -PasswordNeverExpires $true
|
||||
Set-ADUser -Identity CM_NAA -PasswordNeverExpires $true
|
||||
</pre>
|
||||
|
||||
This completes configuration of the starting PoC environment. Additional services and tools are installed in subsequent guides.
|
||||
|
||||
## Appendix A: Verify the configuration
|
||||
|
||||
@ -82,7 +82,7 @@ Reporting | Configure time out for detections in non-critical failed state | Not
|
||||
Reporting | Configure time out for detections in recently remediated state | Not used
|
||||
Reporting | Configure time out for detections requiring additional action | Not used
|
||||
Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
|
||||
Root | Turn off Windows Defender Antivirus | Not used
|
||||
Root | Turn off Windows Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly)
|
||||
Root | Define addresses to bypass proxy server | Not used
|
||||
Root | Define proxy auto-config (.pac) for connecting to the network | Not used
|
||||
Root | Define proxy server for connecting to the network | Not used
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user