deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #2149 from MicrosoftDocs/FromPrivateRepo

Browse Source 
From private repo
This commit is contained in:
huypub 2018-11-16 15:32:19 -08:00 committed by GitHub
commit 80ee57e2af
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 187 additions and 93 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/client-management/TOC.md
View File

@ -14,6 +14,7 @@
## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
## [Mobile device management for solution providers](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)

122
windows/client-management/advanced-troubleshooting-boot-problems → windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -1,31 +1,29 @@
---
title: Advanced Troubleshooting Windows boot problems
description: Learn how troubleshooting unable to boot Windows
title: Advanced troubleshooting for Windows boot problems
description: Learn how to troubleshoot when Windows is unable to boot
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
author: kaushika-msft
ms.localizationpriority: medium
ms.author: elizapo
ms.date:
ms.date: 11/16/2018
---
## Advanced Troubleshooting Windows boot problems
# Advanced troubleshooting for Windows boot problems
!>**Notice to home users**
>This article is intended for use by support agents and IT professionals. If
you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://internal.support.services.microsoft.com/en-us/help/12415).
>[!NOTE]
>This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
### Summary
## Summary
There are several reasons why a Windows-based computer may hang during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
| **No** | **Boot Process** | **BIOS** | **UEFI** |
|--------|----------------------|-----------------------------------------------------------------------------|
| **Phase** | **Boot Process** | **BIOS** | **UEFI** |
|--------|----------------------|------------------------------| |
| 1 | PreBoot | MBR/PBR (Bootstrap Code) | UEFI Firmware |
| 2 | Windows Boot Manager | %SystemDrive%\bootmgr | \EFI\Microsoft\Boot\bootmgfw.efi |
| 3 | Windows OS Loader | %SystemRoot%\system32\winload.exe | %SystemRoot%\system32\winload.efi |
| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe |
| 4 | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe | |
**1. PreBoot**
@ -43,30 +41,31 @@ Essential drivers required to start the Windows kernel are loaded and the kernel
**4. Windows NT OS Kernel**
The kernel load into memory the system registry hive and additional drivers that are marked as BOOT_START.
The kernel loads into memory the system registry hive and additional drivers that are marked as BOOT_START.
The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that are not marked BOOT_START.
Here is a summary of Boot Sequence vs Display and Typical NoBoot. Before starting troubleshooting, you have to understand the outline of boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
Here is a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
![thumbnail of boot sequence flowchart](images/boot-sequence-thumb.png)<br>
[Click to enlarge](img-boot-sequence.md)<br>
![](media/6ed145ee3760b545fcbe277ea7d5c88d.png)
Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
**Note**If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
>[!NOTE]
>If the computer repeatedly boots to the recovery options, run the following command at a command prompt to break the cycle:
>
>`Bcdedit /set {default} recoveryenabled no`
>
>If the F8 options don't work, run the following command:
>
>`Bcdedit /set {default} bootmenupolicy legacy`
```dos
Bcdedit /set {default} recoveryenabled no
```
If the F8 options don't work, run the following command:
```dos
Bcdedit /set {default} bootmenupolicy legacy
```
#### BIOS phase
## BIOS phase
To determine whether the system has passed the BIOS phase, follow these steps:
@ -76,7 +75,7 @@ To determine whether the system has passed the BIOS phase, follow these steps:
If the system is stuck at the BIOS phase, there may be a hardware problem.
#### Boot loader phase
## Boot loader phase
If the screen is completely black except for a blinking cursor, or if you receive one of the following error codes, this indicates that the boot process is stuck in the Boot Loader phase:
@ -90,14 +89,14 @@ If the screen is completely black except for a blinking cursor, or if you receiv
To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
##### Method 1: Startup Repair tool
### Method 1: Startup Repair tool
The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
To do this, follow these steps.
**Note** For additional methods to start WinRE, see [Entry points into
WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
>[!NOTE]
>For additional methods to start WinRE, see [Entry points into WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
1. Start the system to the installation media for the installed version of Windows.
**Note** For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
@ -106,19 +105,17 @@ WinRE](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-r
3. On the **System Recovery Options** screen, select **Next** > **Command Prompt**.
4. After Startup Repair, select Shutdown, then turn on your PC to see if OS can boot properly.
4. After Startup Repair, select **Shutdown**, then turn on your PC to see if Windows can boot properly.
The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
> %windir%\System32\LogFiles\Srt\Srttrail.txt
**%windir%\System32\LogFiles\Srt\Srttrail.txt**
For more information see, [A Stop error occurs, or the computer stops responding when you try to start
Windows Vista or Windows 7
](https://support.microsoft.com/en-us/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
For more information see, [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
##### Method 2: Repair Boot Codes
### Method 2: Repair Boot Codes
To repair boot codes, run the following command:
@ -132,9 +129,10 @@ To repair the boot sector, run the following command:
BOOTREC /FIXBOOT
```
**Note** Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
>[!NOTE]
>Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
##### Method 3: Fix BCD errors
### Method 3: Fix BCD errors
If you receive BCD-related errors, follow these steps:
@ -152,10 +150,10 @@ If you receive BCD-related errors, follow these steps:
4. You might receive one of the following outputs:
> Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
- Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 0
The operation completed successfully.
> Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
- Scanning all disks for Windows installations. Please wait, since this may take a while... Successfully scanned Windows installations. Total identified Windows installations: 1
D:\Windows
Add installation to boot list? Yes/No/All:
@ -173,12 +171,12 @@ bootrec /rebuildbcd
After you run the command, you receive the following output:
> Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows
Scanning all disks for Windows installations. Please wait, since this may take a while...Successfully scanned Windows installations. Total identified Windows installations: 1{D}:\Windows
Add installation to boot list? Yes/No/All: Y
5. Try again to start the system.
##### Method 4: Replace Bootmgr
### Method 4: Replace Bootmgr
If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C to the System Reserved partition. To do this, follow these steps:
@ -207,13 +205,14 @@ If methods 1 and 2 do not fix the problem, replace the Bootmgr file from drive C
8. Restart the computer.
##### Method 5: Restore System Hive
If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the
C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
### Method 5: Restore System Hive
If Windows cannot load the system registry hive into memory, you must restore the system hive. To do this, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
#### Kernel Phase
## Kernel Phase
If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These include, but are not limited to, the following:
@ -221,14 +220,15 @@ If the system gets stuck during the kernel phase, you experience multiple sympto
- Specific error code is displayed.
For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.
(To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)](https://internal.support.services.microsoft.com/en-us/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
(To troubleshoot the 0x0000007B error, see [Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)](https://internal.support.services.microsoft.com/help/4343769/troubleshooting-guide-for-windows-boot-problems#0x7bstoperror))
- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
- A black screen appears after the splash screen.
To troubleshoot these problems, try the following recovery boot options one at a time.
Scenario 1: [Try to start the computer in Safe mode or Last Known Good Configuration]()
**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
@ -252,29 +252,27 @@ On the **Advanced Boot Options** screen, try to start the computer in **Safe Mod
or next event.
#### Clean boot
### Clean boot
To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you cannot find the cause, try including system services. However, in most cases, the problematic service is third-party.
Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/en-us/help/929135/how-to-perform-a-clean-boot-in-windows).
For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
[Troubleshooting boot problem caused by missing driver signature
(x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
[Troubleshooting boot problem caused by missing driver signature (x64)](https://blogs.technet.microsoft.com/askcore/2012/04/15/troubleshooting-boot-issues-due-to-missing-driver-signature-x64/)
**Note**
- If the computer is a domain controller, try Directory Services Restore mode (DSRM).
- This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
>[!NOTE]
>If the computer is a domain controller, try Directory Services Restore mode (DSRM).
>
>This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
**Examples**
> Warning
>[!WARNING]
>Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
problems can be solved. Modify the registry at your own risk.
@ -300,11 +298,9 @@ To troubleshoot this Stop error, follow these steps to filter the drivers:
For additional troubleshooting steps, see the following articles:
- [Troubleshooting a Stop 0x7B in
Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)
- [Troubleshooting a Stop 0x7B in Windows](https://blogs.technet.microsoft.com/askcore/2013/08/05/troubleshooting-a-stop-0x7b-in-windows/)
- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows
XP](https://internal.support.services.microsoft.com/en-us/help/324103).
- [Advanced troubleshooting for "Stop error code 0x0000007B (INACCESSIBLE_BOOT_DEVICE)" errors in Windows XP](https://internal.support.services.microsoft.com/help/324103).
To fix problems that occur after you install Windows updates, check for pending updates by using these steps:

BIN
windows/client-management/images/boot-sequence-thumb.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

BIN
windows/client-management/images/boot-sequence.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 195 KiB

11
windows/client-management/img-boot-sequence.md Normal file
View File

@ -0,0 +1,11 @@
---
description: A full-sized view of the boot sequence flowchart.
title: Boot sequence flowchart
ms.date: 11/16/2018
---
Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
![Full-sized boot sequence flowchart](images/boot-sequence.png)

92
windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md Normal file
View File

@ -0,0 +1,92 @@
---
title: MICROSOFT WINDOWS DIAGNOSTIC DATA FOR POWERSHELL
description: MICROSOFT SOFTWARE LICENSE TERMS
keywords: privacy, license, terms
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: danihalfin
ms.author: daniha
ms.date: 11/16/2018
robots: noindex,nofollow
---
MICROSOFT SOFTWARE LICENSE TERMS
MICROSOFT WINDOWS DIAGNOSTIC DATA FOR POWERSHELL
These license terms are an agreement between you and Microsoft Corporation (or one of its affiliates). They apply to the software named above and any Microsoft services or software updates (except to the extent such services or updates are accompanied by new or additional terms, in which case those different terms apply prospectively and do not alter your or Microsofts rights relating to pre-updated software or services). IF YOU COMPLY WITH THESE LICENSE TERMS, YOU HAVE THE RIGHTS BELOW. BY USING THE SOFTWARE, YOU ACCEPT THESE TERMS.
1. INSTALLATION AND USE RIGHTS.
a) General. You may install and use any number of copies of the software.
b) Third Party Software. The software may include third party applications that Microsoft, not the third party, licenses to you under this agreement. Any included notices for third party applications are for your information only.
2. DATA COLLECTION. The software may collect information about you and your use of the software and send that to Microsoft. Microsoft may use this information to provide services and improve Microsofts products and services. Your opt-out rights, if any, are described in the product documentation. Some features in the software may enable collection of data from users of your applications that access or use the software. If you use these features to enable data collection in your applications, you must comply with applicable law, including getting any required user consent, and maintain a prominent privacy policy that accurately informs users about how you use, collect, and share their data. You can learn more about Microsofts data collection and use in the product documentation and the Microsoft Privacy Statement at https://go.microsoft.com/fwlink/?LinkId=512132. You agree to comply with all applicable provisions of the Microsoft Privacy Statement.
3. SCOPE OF LICENSE. The software is licensed, not sold. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you will not (and have no right to):
a) work around any technical limitations in the software that only allow you to use it in certain ways;
b) reverse engineer, decompile or disassemble the software;
c) remove, minimize, block, or modify any notices of Microsoft or its suppliers in the software;
d) use the software in any way that is against the law or to create or propagate malware; or
e) share, publish, distribute, or lend the software, provide the software as a stand-alone hosted solution for others to use, or transfer the software or this agreement to any third party.
4. EXPORT RESTRICTIONS. You must comply with all domestic and international export laws and regulations that apply to the software, which include restrictions on destinations, end users, and end use. For further information on export restrictions, visit http://aka.ms/exporting.
5. SUPPORT SERVICES. Microsoft is not obligated under this agreement to provide any support services for the software. Any support provided is “as is”, “with all faults”, and without warranty of any kind.
6. ENTIRE AGREEMENT. This agreement, and any other terms Microsoft may provide for supplements, updates, or third-party applications, is the entire agreement for the software.
7. APPLICABLE LAW AND PLACE TO RESOLVE DISPUTES. If you acquired the software in the United States or Canada, the laws of the state or province where you live (or, if a business, where your principal place of business is located) govern the interpretation of this agreement, claims for its breach, and all other claims (including consumer protection, unfair competition, and tort claims), regardless of conflict of laws principles. If you acquired the software in any other country, its laws apply. If U.S. federal jurisdiction exists, you and Microsoft consent to exclusive jurisdiction and venue in the federal court in King County, Washington for all disputes heard in court. If not, you and Microsoft consent to exclusive jurisdiction and venue in the Superior Court of King County, Washington for all disputes heard in court.
8. CONSUMER RIGHTS; REGIONAL VARIATIONS. This agreement describes certain legal rights. You may have other rights, including consumer rights, under the laws of your state, province, or country. Separate and apart from your relationship with Microsoft, you may also have rights with respect to the party from which you acquired the software. This agreement does not change those other rights if the laws of your state, province, or country do not permit it to do so. For example, if you acquired the software in one of the below regions, or mandatory country law applies, then the following provisions apply to you:
a) Australia. You have statutory guarantees under the Australian Consumer Law and nothing in this agreement is intended to affect those rights.
b) Canada. If you acquired this software in Canada, you may stop receiving updates by turning off the automatic update feature, disconnecting your device from the Internet (if and when you re-connect to the Internet, however, the software will resume checking for and installing updates), or uninstalling the software. The product documentation, if any, may also specify how to turn off updates for your specific device or software.
c) Germany and Austria.
i. Warranty. The properly licensed software will perform substantially as described in any Microsoft materials that accompany the software. However, Microsoft gives no contractual guarantee in relation to the licensed software.
ii. Limitation of Liability. In case of intentional conduct, gross negligence, claims based on the Product Liability Act, as well as, in case of death or personal or physical injury, Microsoft is liable according to the statutory law.
Subject to the foregoing clause ii., Microsoft will only be liable for slight negligence if Microsoft is in breach of such material contractual obligations, the fulfillment of which facilitate the due performance of this agreement, the breach of which would endanger the purpose of this agreement and the compliance with which a party may constantly trust in (so-called "cardinal obligations"). In other cases of slight negligence, Microsoft will not be liable for slight negligence.
9. DISCLAIMER OF WARRANTY. THE SOFTWARE IS LICENSED “AS IS.” YOU BEAR THE RISK OF USING IT. MICROSOFT GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. TO THE EXTENT PERMITTED UNDER APPLICABLE LAWS, MICROSOFT EXCLUDES ALL IMPLIED WARRANTIES, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.
10. LIMITATION ON AND EXCLUSION OF DAMAGES. IF YOU HAVE ANY BASIS FOR RECOVERING DAMAGES DESPITE THE PRECEDING DISCLAIMER OF WARRANTY, YOU CAN RECOVER FROM MICROSOFT AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO U.S. $5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to (a) anything related to the software, services, content (including code) on third party Internet sites, or third party applications; and (b) claims for breach of contract, warranty, guarantee, or condition; strict liability, negligence, or other tort; or any other claim; in each case to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your state, province, or country may not allow the exclusion or limitation of incidental, consequential, or other damages.
Please note: As this software is distributed in Canada, some of the clauses in this agreement are provided below in French.
Remarque: Ce logiciel étant distribué au Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le logiciel visé par une licence est offert « tel quel ». Toute utilisation de ce logiciel est à votre seule risque et péril. Microsoft naccorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection des consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, dadéquation à un usage particulier et dabsence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
• tout ce qui est relié au logiciel, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et
• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou dune autre faute dans la limite autorisée par la loi en vigueur.
Elle sapplique également, même si Microsoft connaissait ou devrait connaître léventualité dun tel dommage. Si votre pays nautorise pas lexclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera pas à votre égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir dautres droits prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

6
windows/privacy/manage-windows-1803-endpoints.md
View File

@ -147,11 +147,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | HTTP | ctldl.windowsupdate.com |
The following endpoints are used to download certificates that are publicly known to be fraudulent.
Additionally, it is used to download certificates that are publicly known to be fraudulent.
These settings are critical for both Windows security and the overall security of the Internet.
We do not recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.

6
windows/privacy/manage-windows-1809-endpoints.md
View File

@ -157,11 +157,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible to [turn off traffic to this endpoint](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update), but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses.
| Source process | Protocol | Destination |
|----------------|----------|------------|
| svchost | HTTP | ctldl.windowsupdate.com |
The following endpoints are used to download certificates that are publicly known to be fraudulent.
Additionally, it is used to download certificates that are publicly known to be fraudulent.
These settings are critical for both Windows security and the overall security of the Internet.
We do not recommend blocking this endpoint.
If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.

3
windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
View File

@ -301,11 +301,10 @@ This setting will help ensure protection for a VM that has been offline for some
### Exclusions
On Windows Server 2016, Windows Defender Antivirus will automatically deliver the right exclusions for servers running a VDI environment. However, if you are running an older Windows server version, you can refer to the exclusions that are applied on this page:
- [Automatic exclusions for Windows Server Antimalware](https://technet.microsoft.com/windows-server-docs/security/windows-defender/automatic-exclusions-for-windows-defender)
- [Configure Windows Defender Antivirus exclusions on Windows Server](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus)
## Additional resources
- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( http://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
- [Project VRC: Windows Defender Antivirus impact and best practices on VDI](https://blogs.technet.microsoft.com/privatecloud/2013/12/06/orchestrated-offline-vm-patching-using-service-management-automation/)
- [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS)
- [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript)

4
windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
View File

@ -11,7 +11,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 09/03/2018
ms.date: 11/16/2018
---
# Restore quarantined files in Windows Defender AV
@ -25,7 +25,7 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
1. Open **Windows Security**.
2. Click **Virus & threat protection** and then click **Threat History**.
3. Under **Quarantined threats**, click **See full history**.
4. Click **Restore** for any items you want to keep. (If you prefer to remove them, you can click **Remove**.)
4. Click an item you want to keep, then click **Restore**. (If you prefer to remove the item, you can click **Remove**.)
## Related topics

3
windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
View File

@ -71,6 +71,9 @@ This rule blocks the following file types from being run or launched from an ema
Office apps will not be allowed to create child processes. This includes Word, Excel, PowerPoint, OneNote, and Access.
>[!NOTE]
>This does not include Outlook. For Outlook, please see [Block Office communication applications from creating child processes](https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard#rule-block-office-communication-applications-from-creating-child-processes).
This is a typical malware behavior, especially for macro-based attacks that attempt to use Office apps to launch or download malicious executables.
### Rule: Block Office applications from creating executable content

14
windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
View File

@ -34,13 +34,13 @@ You can manually add the rules by using the GUIDs in the following table:
Rule description | GUID
-|-
Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
Block all Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
Block Office applications from creating executable content | 3B576869-A4EC-4529-8536-B80A7769E899
Block Office applications from injecting code into other processes | 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84
Block JavaScript or VBScript from launching downloaded executable content | D3E037E1-3EB8-44C8-A917-57927947596D
Block execution of potentially obfuscated scripts | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
Block Win32 API calls from Office macro | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
Block executable content from email client and webmail | be9ba2d9-53ea-4cdc-84e5-9B1eeee46550
Block all Office applications from creating child processes | d4f940ab-401b-4efc-aadc-ad5f3c50688a
Block Office applications from creating executable content | 3b576869-a4eC-4529-8536-b80a7769e899
Block Office applications from injecting code into other processes | 75668c1f-73b5-4Cf0-bb93-3ecf5cb7cc84
Block JavaScript or VBScript from launching downloaded executable content | d3e037e1-3eb8-44c8-a917-57927947596d
Block execution of potentially obfuscated scripts | 5beb7efe-fd9A-4556-801d-275e5ffc04cc
Block Win32 API calls from Office macro | 92e97fa1-2edf-4476-bdd6-9dd0B4dddc7b
Block executable files from running unless they meet a prevalence, age, or trusted list criteria | 01443614-cd74-433a-b99e-2ecdc07bfc25
Use advanced protection against ransomware | c1db55ab-c21a-4637-bb3f-a12568109d35
Block credential stealing from the Windows local security authority subsystem (lsass.exe) | 9e6c4e1f-7d60-472f-ba1a-a39ef669e4b2