From 632861146f7b94c2c7b5eb876e9de5df36fb74f5 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 09:18:53 +0530 Subject: [PATCH 01/74] Update system-guard-secure-launch-and-smm-protection.md To update Acrolinx score --- .../system-guard-secure-launch-and-smm-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index c234a83d1d..d3f0f8a972 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -60,7 +60,7 @@ Click **Start** > **Settings** > **Update & Security** > **Windows Security** > ![Secure Launch Registry.](images/secure-launch-registry.png) -## How to verify System Guard Secure Launch is configured and running +## How to verify System Guard Secure Launch is configured and running? To verify that Secure Launch is running, use System Information (MSInfo32). Click **Start**, search for **System Information**, and look under **Virtualization-based Security Services Running** and **Virtualization-based Security Services Configured**. From bca90875db7c1e2b4fbe7d05b252313665754e8c Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 10:03:32 +0530 Subject: [PATCH 02/74] Update system-guard-secure-launch-and-smm-protection.md To fix acrolinx score --- ...m-guard-secure-launch-and-smm-protection.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md index d3f0f8a972..ad8fa4ee12 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md +++ b/windows/security/threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md @@ -30,7 +30,7 @@ You can enable System Guard Secure Launch by using any of these options: ### Mobile Device Management -System Guard Secure Launch can be configured for Mobile Device Management (MDM) by using DeviceGuard policies in the Policy CSP, specifically [DeviceGuard/ConfigureSystemGuardLaunch](/windows/client-management/mdm/policy-csp-deviceguard#deviceguard-configuresystemguardlaunch). +System Guard Secure Launch can be configured for Mobile Device Management (MDM) by using DeviceGuard policies in the Policy CSP, [DeviceGuard/ConfigureSystemGuardLaunch](/windows/client-management/mdm/policy-csp-deviceguard#deviceguard-configuresystemguardlaunch). ### Group Policy @@ -73,24 +73,24 @@ To verify that Secure Launch is running, use System Information (MSInfo32). Clic |For Intel® vPro™ processors starting with Intel® Coffeelake, Whiskeylake, or later silicon|Description| |--------|-----------| -|64-bit CPU|A 64-bit computer with minimum 4 cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).| -|Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs are not supported, with the exception of Intel chips that support Platform Trust Technology (PTT), which is a type of integrated hardware TPM that meets the TPM 2.0 spec.| +|64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).| +|Trusted Platform Module (TPM) 2.0|Platforms must support a discrete TPM 2.0. Integrated/firmware TPMs aren't supported, except Intel chips that support Platform Trust Technology (PTT), which is a type of integrated hardware TPM that meets the TPM 2.0 spec.| |Windows DMA Protection|Platforms must meet the Windows DMA Protection Specification (all external DMA ports must be off by default until the OS explicitly powers them).| -|SMM communication buffers| All SMM communication buffers must be implemented in EfiRuntimeServicesData ,EfiRuntimeServicesCode , EfiACPIMemoryNVS, or EfiReservedMemoryType memory types. | -|SMM Page Tables| Must NOT contain any mappings to EfiConventionalMemory (e.g. no OS/VMM owned memory).
Must NOT contain any mappings to code sections within EfiRuntimeServicesCode.
Must NOT have execute and write permissions for the same page
Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType.
BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry. | +|SMM communication buffers| All SMM communication buffers must be implemented in EfiRuntimeServicesData , EfiRuntimeServicesCode , EfiACPIMemoryNVS, or EfiReservedMemoryType memory types. | +|SMM Page Tables| Must NOT contain any mappings to EfiConventionalMemory (for example no OS/VMM owned memory).
Must NOT contain any mappings to code sections within EfiRuntimeServicesCode.
Must NOT have execute and write permissions for the same page
Must allow ONLY that TSEG pages can be marked executable and the memory map must report TSEG EfiReservedMemoryType.
BIOS SMI handler must be implemented such that SMM page tables are locked on every SMM entry. | |Modern/Connected Standby|Platforms must support Modern/Connected Standby.| -|TPM AUX Index|Platform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256)
Platforms must set up a PS (Platform Supplier) index with: PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00 | +|TPM AUX Index|Platform must set up a AUX index with index, attributes, and policy that exactly corresponds to the AUX index specified in the TXT DG with a data size of exactly 104 bytes (for SHA256 AUX data). (NameAlg = SHA256)
Platforms must set up a PS (Platform Supplier) index with: PS index data DataRevocationCounters, SINITMinVersion, and PolicyControl must all be 0x00 | |AUX Policy|The required AUX policy must be as follows: | -|TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with: | +|TPM NV Index|Platform firmware must set up a TPM NV index for use by the OS with: | |Platform firmware|Platform firmware must carry all code required to execute an Intel® Trusted Execution Technology secure launch: | |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | |For Qualcomm® processors with SD850 or later chipsets|Description| |--------|-----------| |Monitor Mode Communication|All Monitor Mode communication buffers must be implemented in either EfiRuntimeServicesData (recommended), data sections of EfiRuntimeServicesCode as described by the Memory Attributes Table, EfiACPIMemoryNVS, or EfiReservedMemoryType memory types| -|Monitor Mode Page Tables|All Monitor Mode page tables must: | +|Monitor Mode Page Tables|All Monitor Mode page tables must: | |Modern/Connected Standby|Platforms must support Modern/Connected Standby.| -|Platform firmware|Platform firmware must carry all code required to perform a launch.| +|Platform firmware|Platform firmware must carry all code required to launch.| |Platform firmware update|System firmware is recommended to be updated via UpdateCapsule in Windows Update. | > [!NOTE] From ee4dc13c6fb044f5e66f1d7871a3adc8f7d86fd5 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 11:21:19 +0530 Subject: [PATCH 03/74] Update virus-information-alliance-criteria.md To fix acrolinx score --- .../virus-information-alliance-criteria.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index 7d7b790bde..20db9a6c33 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -17,7 +17,7 @@ ms.technology: windows-sec --- # Virus Information Alliance -The Virus Information Alliance (VIA) is a public antimalware collaboration program for security software providers, security service providers, antimalware testing organizations, and other organizations involved in fighting cybercrime. +The Virus Information Alliance (VIA) is a public anti-malware collaboration program for security software providers, security service providers, anti-malware testing organizations, and other organizations involved in fighting cyber crime. Members of the VIA program collaborate by exchanging technical information on malicious software with Microsoft. The goal is to improve protection for Microsoft customers. @@ -25,7 +25,7 @@ Members of the VIA program collaborate by exchanging technical information on ma The VIA program gives members access to information that will help them improve protection. For example, the program provides malware telemetry and samples to security teams so they can identify gaps and prioritize new threat coverage. -Malware prevalence data is provided to antimalware testers to assist them in selecting sample sets. The data also helps set scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity. +Malware prevalence data is provided to anti-malware testers to assist them in selecting sample sets. The data also helps set scoring criteria that represent the real-world threat landscape. Service organizations, such as a CERT, can leverage our data to help assess the impact of policy changes or to help shut down malicious activity. Microsoft is committed to continuous improvement to help reduce the impact of malware on customers. By sharing malware-related information, Microsoft enables members of this community to work towards better protection for customers. @@ -37,7 +37,7 @@ The criteria is designed to ensure that Microsoft can work with the following gr - Security software providers - Security service providers -- Antimalware testing organizations +- Anti-malware testing organizations - Other organizations involved in the fight against cybercrime Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable. @@ -52,9 +52,9 @@ To be eligible for VIA your organization must: 2. Fit into one of the following categories: - - Your organization develops antimalware technology that can run on Windows and your organization’s product is commercially available. + - Your organization develops anti-malware technology that can run on Windows and your organization’s product is commercially available. - Your organization provides security services to Microsoft customers or for Microsoft products. - - Your organization publishes antimalware testing reports on a regular basis. + - Your organization publishes anti-malware testing reports on a regular basis. - Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public. 3. Be willing to sign and adhere to the VIA membership agreement. From c61833a5eefda6604c9c4f1750ede46d1deecaf4 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 11:44:42 +0530 Subject: [PATCH 04/74] update-5542463 Acrolinx improvements --- .../identity-protection/access-control/service-accounts.md | 7 +++---- .../intelligence/virus-information-alliance-criteria.md | 4 ++-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/security/identity-protection/access-control/service-accounts.md b/windows/security/identity-protection/access-control/service-accounts.md index 11290388a1..b2c62d24e7 100644 --- a/windows/security/identity-protection/access-control/service-accounts.md +++ b/windows/security/identity-protection/access-control/service-accounts.md @@ -26,7 +26,6 @@ This topic for the IT professional explains group and standalone managed service ## Overview - A service account is a user account that is created explicitly to provide a security context for services running on Windows Server operating systems. The security context determines the service's ability to access local and network resources. The Windows operating systems rely on services to run various features. These services can be configured through the applications, the Services snap-in, or Task Manager, or by using Windows PowerShell. This topic contains information about the following types of service accounts: @@ -49,7 +48,7 @@ In addition to the enhanced security that is provided by having individual accou - Unlike domain accounts in which administrators must reset manually passwords, the network passwords for these accounts are automatically reset. -- You do not have to complete complex SPN management tasks to use managed service accounts. +- You don't have to complete complex SPN management tasks to use managed service accounts. - Administrative tasks for managed service accounts can be delegated to non-administrators. @@ -69,9 +68,9 @@ The Microsoft Key Distribution Service (kdssvc.dll) provides the mechanism to se Group managed service accounts provide a single identity solution for services running on a server farm, or on systems that use Network Load Balancing. By providing a group managed service account solution, services can be configured for the group managed service account principal, and the password management is handled by the operating system. -By using a group managed service account, services or service administrators do not need to manage password synchronization between service instances. The group managed service account supports hosts that are kept offline for an extended time period and the management of member hosts for all instances of a service. This means that you can deploy a server farm that supports a single identity to which existing client computers can authenticate without knowing the instance of the service to which they are connecting. +By using a group managed service account, services or service administrators don't need to manage password synchronization between service instances. The group managed service account supports hosts that are kept offline for an extended time period and the management of member hosts for all instances of a service. This means that you can deploy a server farm that supports a single identity to which existing client computers can authenticate without knowing the instance of the service to which they are connecting. -Failover clusters do not support group managed service account s. However, services that run on top of the Cluster service can use a group managed service account or a standalone managed service account if they are a Windows service, an App pool, a scheduled task, or if they natively support group managed service account or standalone managed service accounts. +Failover clusters don't support group managed service account s. However, services that run on top of the Cluster service can use a group managed service account or a standalone managed service account if they are a Windows service, an App pool, a scheduled task, or if they natively support group managed service account or standalone managed service accounts. ### Software requirements diff --git a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md index 20db9a6c33..0616554f60 100644 --- a/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md +++ b/windows/security/threat-protection/intelligence/virus-information-alliance-criteria.md @@ -40,7 +40,7 @@ The criteria is designed to ensure that Microsoft can work with the following gr - Anti-malware testing organizations - Other organizations involved in the fight against cybercrime -Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware as well as metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable. +Members will receive information to facilitate effective malware detection, deterrence, and eradication. This information includes technical information on malware and metadata on malicious activity. Information shared through VIA is governed by the VIA membership agreement and a Microsoft non-disclosure agreement, where applicable. VIA has an open enrollment for potential members. @@ -54,7 +54,7 @@ To be eligible for VIA your organization must: - Your organization develops anti-malware technology that can run on Windows and your organization’s product is commercially available. - Your organization provides security services to Microsoft customers or for Microsoft products. - - Your organization publishes anti-malware testing reports on a regular basis. + - Your organization publishes anti-malware testing reports regularly. - Your organization has a research or response team dedicated to fighting malware to protect your organization, your customers, or the general public. 3. Be willing to sign and adhere to the VIA membership agreement. From aa0dbb4b40db6a36e0069929edb23be4281abbb6 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 11:52:55 +0530 Subject: [PATCH 05/74] Update how-hardware-based-root-of-trust-helps-protect-windows.md acrolinx improvements --- ...w-hardware-based-root-of-trust-helps-protect-windows.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 128243e87c..c08a85e49b 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -19,9 +19,9 @@ ms.technology: windows-sec # Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10 -In order to protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy. +To protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy. -Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees: +Windows Defender System Guard re-organizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees: - Protect and maintain the integrity of the system as it starts up - Validate that system integrity has truly been maintained through local and remote attestation @@ -67,8 +67,7 @@ To defend against this, two techniques are used: - Paging protection to prevent inappropriate access to code and data - SMM hardware supervision and attestation -Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. -This prevents access to any memory that has not been specifically assigned. +Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been specifically assigned. A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it does not access any part of the address space that it is not supposed to. From b7dda4a560f54d373c7efdf8eee1d12d079ad6b3 Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 12:08:34 +0530 Subject: [PATCH 06/74] Update how-hardware-based-root-of-trust-helps-protect-windows.md acrolinx improvements --- ...re-based-root-of-trust-helps-protect-windows.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index c08a85e49b..1bf0d9e6b5 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -1,6 +1,6 @@ --- title: How a Windows Defender System Guard helps protect Windows 10 -description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works. +description: Windows Defender System Guard re-organizes the existing Windows 10 system integrity features under one roof. Learn how it works. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: dansimp @@ -37,13 +37,13 @@ With Windows 10 running on modern hardware (that is, Windows 8-certified or grea This hardware-based root of trust comes from the device’s Secure Boot feature, which is part of the Unified Extensible Firmware Interface (UEFI). This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM). -As there are thousands of PC vendors that produce numerous models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. +As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a block list), or a list of known 'good' SRTM measurements (also known as an allow list). Each option has a drawback: - A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust. - A list of known 'good' SRTM measurements requires each new BIOS/PC combination measurement to be carefully added, which is slow. -In addition, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy. +Also, a bug fix for UEFI code can take a long time to design, build, retest, validate, and redeploy. ### Secure Launch—the Dynamic Root of Trust for Measurement (DRTM) @@ -67,18 +67,18 @@ To defend against this, two techniques are used: - Paging protection to prevent inappropriate access to code and data - SMM hardware supervision and attestation -Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been specifically assigned. +Paging protection can be implemented to lock certain code tables to be read-only to prevent tampering. This prevents access to any memory that has not been assigned. -A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it does not access any part of the address space that it is not supposed to. +A hardware-enforced processor feature known as a supervisor SMI handler can monitor the SMM and make sure it doesn't access any part of the address space that it isn't supposed to. SMM protection is built on top of the Secure Launch technology and requires it to function. In the future, Windows 10 will also measure this SMI Handler’s behavior and attest that no OS-owned memory has been tampered with. ## Validating platform integrity after Windows is running (run time) -While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We should be able to trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. +While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. -As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch will not support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data is not subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. +As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. ![Boot time integrity.](images/windows-defender-system-guard-boot-time-integrity.png) From 2a25b5f8ba1eaecb6db343496138eb50836007ed Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 12:26:57 +0530 Subject: [PATCH 07/74] Update how-hardware-based-root-of-trust-helps-protect-windows.md to fix acrolinx score --- ...ow-hardware-based-root-of-trust-helps-protect-windows.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index 1bf0d9e6b5..e92a5559ad 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -1,6 +1,6 @@ --- title: How a Windows Defender System Guard helps protect Windows 10 -description: Windows Defender System Guard re-organizes the existing Windows 10 system integrity features under one roof. Learn how it works. +description: Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof. Learn how it works. ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb ms.reviewer: manager: dansimp @@ -21,7 +21,7 @@ ms.technology: windows-sec To protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy. -Windows Defender System Guard re-organizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees: +Windows Defender System Guard reorganizes the existing Windows 10 system integrity features under one roof and sets up the next set of investments in Windows security. It's designed to make these security guarantees: - Protect and maintain the integrity of the system as it starts up - Validate that system integrity has truly been maintained through local and remote attestation @@ -38,7 +38,7 @@ This hardware-based root of trust comes from the device’s Secure Boot feature, This technique of measuring the static early boot UEFI components is called the Static Root of Trust for Measurement (SRTM). As there are thousands of PC vendors that produce many models with different UEFI BIOS versions, there becomes an incredibly large number of SRTM measurements upon bootup. -Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a block list), or a list of known 'good' SRTM measurements (also known as an allow list). +Two techniques exist to establish trust here—either maintain a list of known 'bad' SRTM measurements (also known as a blocklist), or a list of known 'good' SRTM measurements (also known as an allowlist). Each option has a drawback: - A list of known 'bad' SRTM measurements allows a hacker to change just 1 bit in a component to create an entirely new SRTM hash that needs to be listed. This means that the SRTM flow is inherently brittle - a minor change can invalidate the entire chain of trust. From 0a1c195fc0743e25f55cfb8da351cb5f41acd33f Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 12:33:49 +0530 Subject: [PATCH 08/74] Update protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md To fix acrolinx score --- ...ets-by-controlling-the-health-of-windows-10-based-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 21a31de5bd..8ab2578325 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -26,7 +26,7 @@ This article details an end-to-end solution that helps you protect high-value as ## Introduction -In Bring Your Own Device (BYOD) scenarios, employees bring commercially available devices to access both work-related resources and their personal data. Users want to use the device of their choice to access the organization’s applications, data, and resources not only from the internal network but also from anywhere. This phenomenon is also known as the consumerization of IT. +For Bring Your Own Device (BYOD) scenarios, employees bring commercially available devices to access both work-related resources and their personal data. Users want to use the device of their choice to access the organization’s applications, data, and resources not only from the internal network but also from anywhere. This phenomenon is also known as the consumerization of IT. Users want to have the best productivity experience when accessing corporate applications and working on organization data from their devices. That means they will not tolerate being prompted to enter their work credentials each time they access an application or a file server. From a security perspective, it also means that users will manipulate corporate credentials and corporate data on unmanaged devices. From f492bb4826c2971031f12433272924fbf7df505b Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Fri, 5 Nov 2021 12:54:24 +0530 Subject: [PATCH 09/74] Update protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md To fix acrolinx score --- ...-the-health-of-windows-10-based-devices.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index 8ab2578325..76b6d0c4b1 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -72,7 +72,7 @@ A device health attestation module can communicate measured boot data that is pr Remote health attestation service performs a series of checks on the measurements. It validates security related data points, including boot state (Secure Boot, Debug Mode, and so on), and the state of components that manage security (BitLocker, Device Guard, and so on). It then conveys the health state of the device by sending a health encrypted blob back to the device. -An MDM solution typically applies configuration policies and deploys software to devices. MDM defines the security baseline and knows the level of compliance of the device with regular checks to see what software is installed and what configuration is enforced, as well as determining the health status of the device. +An MDM solution typically applies configuration policies and deploys software to devices. MDM defines the security baseline and knows the level of compliance of the device with regular checks to see what software is installed and what configuration is enforced, and determining the health status of the device. An MDM solution asks the device to send device health information and forward the health encrypted blob to the remote health attestation service. The remote health attestation service verifies device health data, checks that MDM is communicating to the same device, and then issues a device health report back to the MDM solution. @@ -86,7 +86,7 @@ Depending on the requirements and the sensitivity of the managed asset, device h In Windows 10, there are three pillars of investments: -- **Secure identities.** Microsoft is part of the FIDO Alliance which aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system as well as for services like on-premises resources and cloud resources. +- **Secure identities.** Microsoft is part of the FIDO alliance that aims to provide an interoperable method of secure authentication by moving away from the use of passwords for authentication, both on the local system and for services like on-premises resources and cloud resources. - **Information protection.** Microsoft is making investments to allow organizations to have better control over who has access to important data and what they can do with that data. With Windows 10, organizations can take advantage of policies that specify which applications are considered to be corporate applications and can be trusted to access secure data. - **Threat resistance.** Microsoft is helping organizations to better secure enterprise assets against the threats of malware and attacks by using security defenses relying on hardware. @@ -182,7 +182,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik The ELAM driver is a small driver with a small policy database that has a very narrow scope, focused on drivers that are loaded early at system launch. The policy database is stored in a registry hive that is also measured to the TPM, to record the operational parameters of the ELAM driver. An ELAM driver must be signed by Microsoft and the associated certificate must contain the complementary EKU (1.3.6.1.4.1.311.61.4.1). - **Virtualization-based security (Hyper-V + Secure Kernel).** Virtualization-based security is a completely new enforced security boundary that allows you to protect critical parts of Windows 10. - Virtualization-based security isolates sensitive code like Kernel Mode Code Integrity or sensitive corporate domain credentials from the rest of the Windows operating system. For more information, refer to the [Virtualization-based security](#virtual) section. + Virtualization-based security isolates sensitive code like Kernel Mode Code Integrity or sensitive corporate domain credentials from the rest of the Windows operating system. For more information, see [Virtualization-based security](#virtual) section. - **Hypervisor-protected Code Integrity (HVCI).** Hypervisor-protected Code Integrity is a feature of Device Guard that ensures only drivers, executables, and DLLs that comply with the Device Guard Code Integrity policy are allowed to run. @@ -208,7 +208,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware lik For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](/previous-versions/windows/hardware/design/dn653311(v=vs.85)). - During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For additional security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device. + During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For more security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device. Although Secure Boot is a proactive form of protection, health attestation is a reactive form of boot protection. Health attestation ships disabled in Windows and is enabled by an antimalware or an MDM vendor. Unlike Secure Boot, health attestation will not stop the boot process and enter remediation when a measurement does not work. But with conditional access control, health attestation will help to prevent access to high-value assets. @@ -255,14 +255,14 @@ Hyper-V Code Integrity is a feature that validates the integrity of a driver or > [!NOTE] > Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](https://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate. -With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, as well as traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts. +With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, and traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts. Device Guard is a built-in feature of Windows 10 Enterprise that prevents the execution of unwanted code and applications. Device Guard can be configured using two rule actions - allow and deny: - **Allow** limits execution of applications to an allowed list of code or trusted publisher and blocks everything else. - **Deny** completes the allow trusted publisher approach by blocking the execution of a specific application. -At the time of this writing, and according to Microsoft’s latest research, more than 90 percent of malware is unsigned completely. So implementing a basic Device Guard policy can simply and effectively help block the vast majority of malware. In fact, Device Guard has the potential to go further, and can also help block signed malware. +At the time of this writing, and according to Microsoft’s latest research, more than 90 percent of malware is unsigned completely. So implementing a basic Device Guard policy can simply and effectively help block malware. In fact, Device Guard has the potential to go further, and can also help block signed malware. Device Guard needs to be planned and configured to be truly effective. It is not just a protection that is enabled or disabled. Device Guard is a combination of hardware security features and software security features that, when configured together, can lock down a computer to help ensure the most secure and resistant system possible. @@ -278,16 +278,16 @@ For more information on how to deploy Device Guard in an enterprise, see the [De As previously described, Device Guard is a powerful way to lock down systems. Device Guard is not intended to be used broadly and it may not always be applicable, but there are some high-interest scenarios. -Device Guard is useful and applicable on fixed workloads systems like cash registers, kiosk machines, Secure Admin Workstations (SAWs), or well managed desktops. Device Guard is highly relevant on systems that have very well-defined software that are expected to run and don’t change too frequently. +Device Guard is useful and applicable on fixed workloads systems like cash registers, kiosk machines, Secure Admin Workstations (SAWs), or well managed desktops. Device Guard is highly relevant on systems that have a well-defined software that are expected to run and don’t change too frequently. It could also help protect Information Workers (IWs) beyond just SAWs, as long as what they need to run is known and the set of applications is not going to change on a daily basis. SAWs are computers that are built to help significantly reduce the risk of compromise from malware, phishing attacks, bogus websites, and PtH attacks, among other security risks. Although SAWs can’t be considered a “silver bullet” security solution to these attacks, these types of clients are helpful as part of a layered, defense-in-depth approach to security. To protect high-value assets, SAWs are used to make secure connections to those assets. -Similarly, on corporate fully-managed workstations, where applications are installed by using a distribution tool like Microsoft Endpoint Configuration Manager, Intune, or any third-party device management, then Device Guard is very applicable. In that type of scenario, the organization has a good idea of the software that an average user is running. +Similarly, on corporate fully-managed workstations, where applications are installed by using a distribution tool like Microsoft Endpoint Configuration Manager, Intune, or any third-party device management, then Device Guard is applicable. In that type of scenario, the organization has a good idea of the software that an average user is running. -It could be challenging to use Device Guard on corporate, lightly-managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it’s quite difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run. +It could be challenging to use Device Guard on corporate, lightly-managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it’s difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run. Before you can benefit from the protection included in Device Guard, Code Integrity policy must be created by using tools provided by Microsoft, but the policy can be deployed with common management tools, like Group Policy. The Code Integrity policy is a binary-encoded XML document that includes configuration settings for both the User and Kernel-modes of Windows 10, along with restrictions on Windows 10 script hosts. Device Guard Code Integrity policy restricts what code can run on a device. @@ -306,13 +306,13 @@ On computers with Device Guard, Microsoft proposes to move from a world where un With Windows 10, organizations will make line-of-business (LOB) apps available to members of the organization through the Microsoft Store infrastructure. More specifically, LOB apps will be available in a private store within the public Microsoft Store. Microsoft Store signs and distributes Universal Windows apps and Classic Windows apps. All apps downloaded from the Microsoft Store are signed. -In organizations today, the vast majority of LOB applications are unsigned. Code signing is frequently viewed as a tough problem to solve for a variety of reasons, like the lack of code signing expertise. Even if code signing is a best practice, a lot of internal applications are not signed. +In organizations today, many LOB applications are unsigned. Code signing is frequently viewed as a tough problem to solve for a variety of reasons, like the lack of code signing expertise. Even if code signing is a best practice, a lot of internal applications are not signed. Windows 10 includes tools that allow IT pros to take applications that have been already packaged and run them through a process to create additional signatures that can be distributed along with existing applications. ### Why are antimalware and device management solutions still necessary? -Although allow-list mechanisms are extremely efficient at ensuring that only trusted applications can be run, they cannot prevent the compromise of a trusted (but vulnerable) application by malicious content designed to exploit a known vulnerability. Device Guard doesn’t protect against user mode malicious code run by exploiting vulnerabilities. +Although allow-list mechanisms are efficient at ensuring that only trusted applications can be run, they cannot prevent the compromise of a trusted (but vulnerable) application by malicious content designed to exploit a known vulnerability. Device Guard doesn’t protect against user mode malicious code run by exploiting vulnerabilities. Vulnerabilities are weaknesses in software that could allow an attacker to compromise the integrity, availability, or confidentiality of the device. Some of the worst vulnerabilities allow attackers to exploit the compromised device by causing it to run malicious code without the user’s knowledge. @@ -779,7 +779,7 @@ The following process describes how Azure AD conditional access works: For more information about Azure AD join, see [Azure AD & Windows 10: Better Together for Work or School](https://go.microsoft.com/fwlink/p/?LinkId=691619), a white paper. -Conditional access control is a topic that many organizations and IT pros may not know as well as they should. The different attributes that describe a user, a device, compliance, and context of access are very powerful when used with a conditional access engine. Conditional access control is an essential step that helps organizations secure their environment. +Conditional access control is a topic that many organizations and IT pros may not know and they should. The different attributes that describe a user, a device, compliance, and context of access are very powerful when used with a conditional access engine. Conditional access control is an essential step that helps organizations secure their environment. ## Takeaways and summary From 51c7dc9506bf134f12453572d9e32b8ae3672fea Mon Sep 17 00:00:00 2001 From: Lovina Saldanha Date: Mon, 8 Nov 2021 09:56:26 +0530 Subject: [PATCH 10/74] Update how-hardware-based-root-of-trust-helps-protect-windows.md Acrolinx fix --- ...ow-hardware-based-root-of-trust-helps-protect-windows.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md index e92a5559ad..7648914cfb 100644 --- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md +++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md @@ -16,7 +16,6 @@ ms.date: 03/01/2019 ms.technology: windows-sec --- - # Windows Defender System Guard: How a hardware-based root of trust helps protect Windows 10 To protect critical resources such as the Windows authentication stack, single sign-on tokens, the Windows Hello biometric stack, and the Virtual Trusted Platform Module, a system's firmware and hardware must be trustworthy. @@ -76,10 +75,9 @@ In the future, Windows 10 will also measure this SMI Handler’s behavior and at ## Validating platform integrity after Windows is running (run time) -While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. When it comes to platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. - -As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. +While Windows Defender System Guard provides advanced protection that will help protect and maintain the integrity of the platform during boot and at run time, the reality is that we must apply an "assume breach" mentality to even our most sophisticated security technologies. We can trust that the technologies are successfully doing their jobs, but we also need the ability to verify that they were successful in achieving their goals. For platform integrity, we can’t just trust the platform, which potentially could be compromised, to self-attest to its security state. So Windows Defender System Guard includes a series of technologies that enable remote analysis of the device’s integrity. +As Windows 10 boots, a series of integrity measurements are taken by Windows Defender System Guard using the device’s Trusted Platform Module 2.0 (TPM 2.0). System Guard Secure Launch won't support earlier TPM versions, such as TPM 1.2. This process and data are hardware-isolated away from Windows to help ensure that the measurement data isn't subject to the type of tampering that could happen if the platform was compromised. From here, the measurements can be used to determine the integrity of the device’s firmware, hardware configuration state, and Windows boot-related components, just to name a few. ![Boot time integrity.](images/windows-defender-system-guard-boot-time-integrity.png) From 894a9b0fa71f0b3fd81bde13e6db554bba6f6011 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Tue, 23 Nov 2021 13:18:34 +0530 Subject: [PATCH 11/74] Html to md table update- batch 19 --- .../mdm/policy-csp-settings.md | 520 +--- .../mdm/policy-csp-smartscreen.md | 120 +- .../mdm/policy-csp-speech.md | 40 +- .../client-management/mdm/policy-csp-start.md | 1200 ++------ .../mdm/policy-csp-storage.md | 360 +-- .../mdm/policy-csp-system.md | 867 ++---- .../mdm/policy-csp-systemservices.md | 240 +- .../mdm/policy-csp-taskmanager.md | 40 +- .../mdm/policy-csp-taskscheduler.md | 40 +- .../mdm/policy-csp-textinput.md | 1000 ++----- .../mdm/policy-csp-timelanguagesettings.md | 40 +- .../mdm/policy-csp-troubleshooting.md | 80 +- .../mdm/policy-csp-update.md | 2571 ++++------------- .../mdm/policy-csp-userrights.md | 1160 ++------ .../client-management/mdm/policy-csp-wifi.md | 240 +- 15 files changed, 1688 insertions(+), 6830 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md index 69c7b52c83..9233d3ba59 100644 --- a/windows/client-management/mdm/policy-csp-settings.md +++ b/windows/client-management/mdm/policy-csp-settings.md @@ -68,38 +68,14 @@ manager: dansimp **Settings/AllowAutoPlay** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -139,38 +115,14 @@ The following list shows the supported values: **Settings/AllowDataSense** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -206,38 +158,14 @@ The following list shows the supported values: **Settings/AllowDateTime** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -270,38 +198,14 @@ The following list shows the supported values: **Settings/AllowLanguage** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -338,38 +242,14 @@ The following list shows the supported values: **Settings/AllowOnlineTips** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -406,38 +286,14 @@ ADMX Info: **Settings/AllowPowerSleep** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -474,38 +330,14 @@ The following list shows the supported values: **Settings/AllowRegion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -542,38 +374,14 @@ The following list shows the supported values: **Settings/AllowSignInOptions** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -610,38 +418,14 @@ The following list shows the supported values: **Settings/AllowVPN** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -674,38 +458,14 @@ The following list shows the supported values: **Settings/AllowWorkplace** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -742,38 +502,14 @@ The following list shows the supported values: **Settings/AllowYourAccount** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -806,38 +542,14 @@ The following list shows the supported values: **Settings/ConfigureTaskbarCalendar** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -880,38 +592,14 @@ The following list shows the supported values: **Settings/PageVisibilityList** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md index e7db6a71e2..3ed9fb87eb 100644 --- a/windows/client-management/mdm/policy-csp-smartscreen.md +++ b/windows/client-management/mdm/policy-csp-smartscreen.md @@ -39,38 +39,14 @@ manager: dansimp **SmartScreen/EnableAppInstallControl** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -114,38 +90,14 @@ The following list shows the supported values: **SmartScreen/EnableSmartScreenInShell** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -186,38 +138,14 @@ The following list shows the supported values: **SmartScreen/PreventOverrideForFilesInShell** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md index 40c0182de2..9ce8943851 100644 --- a/windows/client-management/mdm/policy-csp-speech.md +++ b/windows/client-management/mdm/policy-csp-speech.md @@ -33,38 +33,14 @@ manager: dansimp **Speech/AllowSpeechModelUpdate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md index 588586543f..a4659bf1ff 100644 --- a/windows/client-management/mdm/policy-csp-start.md +++ b/windows/client-management/mdm/policy-csp-start.md @@ -120,38 +120,14 @@ manager: dansimp **Start/AllowPinnedFolderDocuments** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -185,38 +161,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderDownloads** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -250,38 +202,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderFileExplorer** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -315,38 +243,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderHomeGroup** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -380,38 +284,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderMusic** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -445,38 +325,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -510,38 +366,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderPersonalFolder** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -575,38 +407,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderPictures** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -640,38 +448,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderSettings** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -705,38 +489,14 @@ The following list shows the supported values: **Start/AllowPinnedFolderVideos** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -770,38 +530,14 @@ The following list shows the supported values: **Start/DisableContextMenus** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -849,38 +585,14 @@ The following list shows the supported values: **Start/ForceStartSize** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -922,38 +634,14 @@ The following list shows the supported values: **Start/HideAppList** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1003,38 +691,14 @@ The following list shows the supported values: **Start/HideChangeAccountSettings** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1074,38 +738,14 @@ To validate on Desktop, do the following: **Start/HideFrequentlyUsedApps** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1153,38 +793,14 @@ To validate on Desktop, do the following: **Start/HideHibernate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1228,38 +844,14 @@ To validate on Laptop, do the following: **Start/HideLock** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1299,38 +891,14 @@ To validate on Desktop, do the following: **Start/HidePeopleBar** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1373,38 +941,14 @@ The following list shows the supported values: **Start/HidePowerButton** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1447,38 +991,14 @@ To validate on Desktop, do the following: **Start/HideRecentJumplists** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1528,38 +1048,14 @@ To validate on Desktop, do the following: **Start/HideRecentlyAddedApps** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1615,38 +1111,14 @@ To validate on Desktop, do the following: **Start/HideRestart** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1686,38 +1158,14 @@ To validate on Desktop, do the following: **Start/HideShutDown** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1757,38 +1205,14 @@ To validate on Desktop, do the following: **Start/HideSignOut** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1828,38 +1252,14 @@ To validate on Desktop, do the following: **Start/HideSleep** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1899,38 +1299,14 @@ To validate on Desktop, do the following: **Start/HideSwitchAccount** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1970,38 +1346,14 @@ To validate on Desktop, do the following: **Start/HideUserTile** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2045,38 +1397,14 @@ To validate on Desktop, do the following: **Start/ImportEdgeAssets** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2127,38 +1455,14 @@ To validate on Desktop, do the following: **Start/NoPinningToTaskbar** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2201,38 +1505,14 @@ To validate on Desktop, do the following: **Start/StartLayout** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesNo
BusinessYesNo
EnterpriseYesNo
EducationYesNo
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|No| +|Business|Yes|No| +|Enterprise|Yes|No| +|Education|Yes|No|
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md index d470d7977b..e0164a6227 100644 --- a/windows/client-management/mdm/policy-csp-storage.md +++ b/windows/client-management/mdm/policy-csp-storage.md @@ -57,38 +57,14 @@ manager: dansimp **Storage/AllowDiskHealthModelUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -131,38 +107,14 @@ The following list shows the supported values: **Storage/AllowStorageSenseGlobal** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -210,38 +162,14 @@ ADMX Info: **Storage/AllowStorageSenseTemporaryFilesCleanup** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -292,38 +220,14 @@ ADMX Info: **Storage/ConfigStorageSenseCloudContentDehydrationThreshold** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -374,38 +278,14 @@ ADMX Info: **Storage/ConfigStorageSenseDownloadsCleanupThreshold** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -456,38 +336,14 @@ ADMX Info: **Storage/ConfigStorageSenseGlobalCadence** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -544,38 +400,14 @@ ADMX Info: **Storage/ConfigStorageSenseRecycleBinCleanupThreshold** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
Home
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home||| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -626,38 +458,14 @@ ADMX Info: **Storage/EnhancedStorageDevices** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -702,38 +510,14 @@ ADMX Info: **Storage/RemovableDiskDenyWriteAccess** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 04cccacbb5..6141fdcf82 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -112,33 +112,13 @@ manager: dansimp **System/AllowBuildPreview** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -185,33 +165,13 @@ The following list shows the supported values: **System/AllowCommercialDataPipeline** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -302,33 +262,13 @@ The following list shows the supported values: **System/AllowDeviceNameInDiagnosticData** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -376,33 +316,13 @@ The following list shows the supported values: **System/AllowEmbeddedMode** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -437,33 +357,13 @@ The following list shows the supported values: **System/AllowExperimentation** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -503,33 +403,13 @@ The following list shows the supported values: **System/AllowFontProviders** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -583,33 +463,13 @@ To verify if System/AllowFontProviders is set to true: **System/AllowLocation** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -680,33 +540,13 @@ If you disable this policy setting, devices may not appear in Microsoft Managed **System/AllowStorageCard** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -741,33 +581,13 @@ The following list shows the supported values: **System/AllowTelemetry** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -792,28 +612,6 @@ The following list shows the supported values for Windows 8.1: - 1 – Allowed, except for Secondary Data Requests. - 2 (default) – Allowed. - In Windows 10, you can configure this policy setting to decide what level of diagnostic data to send to Microsoft. @@ -835,35 +633,6 @@ The following list shows the supported values for Windows 10 version 1809 and ol Most restrictive value is 0. - - ADMX Info: @@ -882,33 +651,13 @@ ADMX Info: **System/AllowUpdateComplianceProcessing** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -961,33 +710,13 @@ The following list shows the supported values: **System/AllowUserToResetPhone** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1053,33 +782,13 @@ The following list shows the supported values: **System/BootStartDriverInitialization** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1130,33 +839,13 @@ ADMX Info: **System/ConfigureMicrosoft365UploadEndpoint** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1205,33 +894,13 @@ ADMX Info: **System/ConfigureTelemetryOptInChangeNotification** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1273,33 +942,13 @@ The following list shows the supported values: **System/ConfigureTelemetryOptInSettingsUx** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1346,33 +995,13 @@ The following list shows the supported values: **System/DisableDeviceDelete** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1418,33 +1047,13 @@ ADMX Info: **System/DisableDiagnosticDataViewer** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1490,33 +1099,13 @@ ADMX Info: **System/DisableEnterpriseAuthProxy** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1551,33 +1140,13 @@ ADMX Info: **System/DisableOneDriveFileSync** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1634,33 +1203,13 @@ To validate on Desktop, do the following: **System/DisableSystemRestore** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1711,33 +1260,13 @@ ADMX Info: **System/FeedbackHubAlwaysSaveDiagnosticsLocally** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeYesYes
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1770,33 +1299,13 @@ The following list shows the supported values: **System/LimitEnhancedDiagnosticDataWindowsAnalytics** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1851,33 +1360,13 @@ ADMX Info: **System/TelemetryProxy** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1914,33 +1403,13 @@ ADMX Info: **System/TurnOffFileHistory** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md index 016911d154..76aaf84d71 100644 --- a/windows/client-management/mdm/policy-csp-systemservices.md +++ b/windows/client-management/mdm/policy-csp-systemservices.md @@ -49,38 +49,14 @@ manager: dansimp **SystemServices/ConfigureHomeGroupListenerServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -112,38 +88,14 @@ GP Info: **SystemServices/ConfigureHomeGroupProviderServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -175,38 +127,14 @@ GP Info: **SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -238,38 +166,14 @@ GP Info: **SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -301,38 +205,14 @@ GP Info: **SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -364,38 +244,14 @@ GP Info: **SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md index 2ad2b1c6d6..f671d306e6 100644 --- a/windows/client-management/mdm/policy-csp-taskmanager.md +++ b/windows/client-management/mdm/policy-csp-taskmanager.md @@ -33,38 +33,14 @@ manager: dansimp **TaskManager/AllowEndTask** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|No|No| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md index b76c0948ac..ec272ae750 100644 --- a/windows/client-management/mdm/policy-csp-taskscheduler.md +++ b/windows/client-management/mdm/policy-csp-taskscheduler.md @@ -34,38 +34,14 @@ manager: dansimp **TaskScheduler/EnableXboxGameSaveTask** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md index 77bf576304..d4bc93e500 100644 --- a/windows/client-management/mdm/policy-csp-textinput.md +++ b/windows/client-management/mdm/policy-csp-textinput.md @@ -134,38 +134,14 @@ Placeholder only. Do not use in production environment. **TextInput/AllowIMELogging** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -204,38 +180,14 @@ The following list shows the supported values: **TextInput/AllowIMENetworkAccess** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -272,38 +224,14 @@ The following list shows the supported values: **TextInput/AllowInputPanel** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -342,38 +270,14 @@ The following list shows the supported values: **TextInput/AllowJapaneseIMESurrogatePairCharacters** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -413,38 +317,14 @@ The following list shows the supported values: **TextInput/AllowJapaneseIVSCharacters** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -483,38 +363,14 @@ The following list shows the supported values: **TextInput/AllowJapaneseNonPublishingStandardGlyph** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -553,38 +409,14 @@ The following list shows the supported values: **TextInput/AllowJapaneseUserDictionary** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -623,38 +455,14 @@ The following list shows the supported values: **TextInput/AllowKeyboardTextSuggestions** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -713,38 +521,14 @@ This policy has been deprecated. **TextInput/AllowLanguageFeaturesUninstall** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -791,38 +575,14 @@ The following list shows the supported values: **TextInput/AllowLinguisticDataCollection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -860,38 +620,14 @@ This setting supports a range of values between 0 and 1. **TextInput/ConfigureJapaneseIMEVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -929,38 +665,14 @@ The following list shows the supported values: **TextInput/ConfigureSimplifiedChineseIMEVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -998,38 +710,14 @@ The following list shows the supported values: **TextInput/ConfigureTraditionalChineseIMEVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1066,38 +754,14 @@ The following list shows the supported values: **TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1136,38 +800,14 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1204,38 +844,14 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1272,38 +888,14 @@ The following list shows the supported values: **TextInput/ExcludeJapaneseIMEExceptShiftJIS** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1340,38 +932,14 @@ The following list shows the supported values: **TextInput/ForceTouchKeyboardDockedState** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1405,38 +973,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardDictationButtonAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1470,38 +1014,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardEmojiButtonAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1535,38 +1055,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardFullModeAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1600,38 +1096,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardHandwritingModeAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1665,38 +1137,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardNarrowModeAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1730,38 +1178,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardSplitModeAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1795,38 +1219,14 @@ The following list shows the supported values: **TextInput/TouchKeyboardWideModeAvailability** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md index 9d490b2202..4493a8a087 100644 --- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md +++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md @@ -34,38 +34,14 @@ manager: dansimp **TimeLanguageSettings/ConfigureTimeZone** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md index 41deff6293..d04526eee3 100644 --- a/windows/client-management/mdm/policy-csp-troubleshooting.md +++ b/windows/client-management/mdm/policy-csp-troubleshooting.md @@ -32,38 +32,14 @@ ms.date: 09/27/2019 **Troubleshooting/AllowRecommendations** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -101,38 +77,14 @@ Supported values: - 5 - Allow the user to choose their own recommended troubleshooting settings. By default, this policy is not configured and the SKU based defaults are used for managed devices. Current policy values for SKU's are as follows: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
SKUUnmanaged DefaultManaged Default
HomePrompt (OOBE)Off
ProPrompt (OOBE)Off
EducationOn (auto)Off
EnterpriseOffOff
GovernmentOffOff
+ +|SKU|Unmanaged Default|Managed Default| +|--- |--- |--- | +|Home|Prompt (OOBE)|Off| +|Pro|Prompt (OOBE)|Off| +|Education|On (auto)|Off| +|Enterprise|Off|Off| +|Government|Off|Off| diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index c38caf5830..f04057f070 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -222,38 +222,14 @@ manager: dansimp **Update/ActiveHoursEnd** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -295,38 +271,14 @@ ADMX Info: **Update/ActiveHoursMaxRange** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -365,38 +317,14 @@ ADMX Info: **Update/ActiveHoursStart** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -438,38 +366,14 @@ ADMX Info: **Update/AllowAutoUpdate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -524,38 +428,14 @@ The following list shows the supported values: **Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -600,38 +480,14 @@ The following list shows the supported values: **Update/AllowMUUpdateService** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -673,38 +529,14 @@ The following list shows the supported values: **Update/AllowNonMicrosoftSignedUpdate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -741,38 +573,14 @@ The following list shows the supported values: **Update/AllowUpdateService** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -820,38 +628,14 @@ The following list shows the supported values: **Update/AutoRestartDeadlinePeriodInDays** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -902,38 +686,14 @@ ADMX Info: **Update/AutoRestartDeadlinePeriodInDaysForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -984,38 +744,14 @@ ADMX Info: **Update/AutoRestartNotificationSchedule** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1056,38 +792,14 @@ Supported values are 15, 30, 60, 120, and 240 (minutes). **Update/AutoRestartRequiredNotificationDismissal** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1129,38 +841,14 @@ The following list shows the supported values: **Update/AutomaticMaintenanceWakeUp** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1211,38 +899,14 @@ Supported values: **Update/BranchReadinessLevel** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1287,38 +951,14 @@ The following list shows the supported values: **Update/ConfigureDeadlineForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1364,38 +1004,14 @@ Default value is 7. **Update/ConfigureDeadlineForQualityUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1441,38 +1057,14 @@ Default value is 7. **Update/ConfigureDeadlineGracePeriod** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1519,38 +1111,14 @@ Default value is 2. **Update/ConfigureDeadlineNoAutoReboot** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1598,38 +1166,14 @@ Supported values: **Update/ConfigureFeatureUpdateUninstallPeriod** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1655,38 +1199,14 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6 **Update/DeferFeatureUpdatesPeriodInDays** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1728,38 +1248,14 @@ ADMX Info: **Update/DeferQualityUpdatesPeriodInDays** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1796,38 +1292,14 @@ ADMX Info: **Update/DeferUpdatePeriod** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1882,57 +1354,6 @@ Other/cannot defer: Any update category not specifically enumerated above falls into this category. - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B - - ADMX Info: @@ -1949,38 +1370,14 @@ ADMX Info: **Update/DeferUpgradePeriod** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2025,38 +1422,14 @@ ADMX Info: **Update/DetectionFrequency** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2091,38 +1464,14 @@ ADMX Info: **Update/DisableDualScan** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2169,38 +1518,14 @@ The following list shows the supported values: **Update/DisableWUfBSafeguards** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2254,38 +1579,14 @@ The following list shows the supported values: **Update/EngagedRestartDeadline** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2338,38 +1639,14 @@ ADMX Info: **Update/EngagedRestartDeadlineForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2417,38 +1694,14 @@ ADMX Info: **Update/EngagedRestartSnoozeSchedule** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2494,38 +1747,14 @@ ADMX Info: **Update/EngagedRestartSnoozeScheduleForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2571,38 +1800,14 @@ ADMX Info: **Update/EngagedRestartTransitionSchedule** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2648,38 +1853,14 @@ ADMX Info: **Update/EngagedRestartTransitionScheduleForFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2725,38 +1906,14 @@ ADMX Info: **Update/ExcludeWUDriversInQualityUpdate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2800,38 +1957,14 @@ The following list shows the supported values: **Update/FillEmptyContentUrls** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2876,38 +2009,14 @@ The following list shows the supported values: **Update/IgnoreMOAppDownloadLimit** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2953,38 +2062,14 @@ To validate this policy: **Update/IgnoreMOUpdateDownloadLimit** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3030,38 +2115,14 @@ To validate this policy: **Update/ManagePreviewBuilds** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3104,38 +2165,14 @@ The following list shows the supported values: **Update/PauseDeferrals** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3184,38 +2221,14 @@ The following list shows the supported values: **Update/PauseFeatureUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3260,38 +2273,14 @@ The following list shows the supported values: **Update/PauseFeatureUpdatesStartTime** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3328,38 +2317,14 @@ ADMX Info: **Update/PauseQualityUpdates** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3401,38 +2366,14 @@ The following list shows the supported values: **Update/PauseQualityUpdatesStartTime** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3480,38 +2421,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd **Update/RequireDeferUpgrade** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesNo
BusinessYesNo
EnterpriseYesNo
EducationYesNo
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|No| +|Business|Yes|No| +|Enterprise|Yes|No| +|Education|Yes|No|
@@ -3555,38 +2472,14 @@ The following list shows the supported values: **Update/RequireUpdateApproval** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesNo
BusinessYesNo
EnterpriseYesNo
EducationYesNo
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|No| +|Business|Yes|No| +|Enterprise|Yes|No| +|Education|Yes|No|
@@ -3625,38 +2518,14 @@ The following list shows the supported values: **Update/ScheduleImminentRestartWarning** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3697,38 +2566,14 @@ Supported values are 15, 30, or 60 (minutes). **Update/ScheduleRestartWarning** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3773,38 +2618,14 @@ Supported values are 2, 4, 8, 12, or 24 (hours). **Update/ScheduledInstallDay** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3856,38 +2677,14 @@ The following list shows the supported values: **Update/ScheduledInstallEveryWeek** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3926,38 +2723,14 @@ ADMX Info: **Update/ScheduledInstallFirstWeek** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -3996,38 +2769,14 @@ ADMX Info: **Update/ScheduledInstallFourthWeek** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4066,38 +2815,14 @@ ADMX Info: **Update/ScheduledInstallSecondWeek** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4136,38 +2861,14 @@ ADMX Info: **Update/ScheduledInstallThirdWeek** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4206,38 +2907,14 @@ ADMX Info: **Update/ScheduledInstallTime** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4284,38 +2961,14 @@ ADMX Info: **Update/SetAutoRestartNotificationDisable** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4357,38 +3010,14 @@ The following list shows the supported values: **Update/SetDisablePauseUXAccess** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4422,38 +3051,14 @@ ADMX Info: **Update/SetDisableUXWUAccess** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4487,38 +3092,14 @@ ADMX Info: **Update/SetEDURestart** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4562,38 +3143,14 @@ The following list shows the supported values: **Update/SetProxyBehaviorForUpdateDetection** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4639,38 +3196,14 @@ The following list shows the supported values: **Update/TargetProductVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4719,38 +3252,14 @@ By using this Windows Update for Business policy to upgrade devices to a new pro **Update/TargetReleaseVersion** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4793,38 +3302,14 @@ Value type is a string containing Windows 10 version number. For example, 1809, **Update/UpdateNotificationLevel** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4876,38 +3361,14 @@ ADMX Info: **Update/UpdateServiceUrl** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -4974,38 +3435,14 @@ Example **Update/UpdateServiceUrlAlternate** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index be84a95bca..8d81fa62ec 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -197,38 +197,14 @@ For example, the following syntax grants user rights to a specific user or group **UserRights/AccessCredentialManagerAsTrustedCaller** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -260,38 +236,14 @@ GP Info: **UserRights/AccessFromNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -325,38 +277,14 @@ GP Info: **UserRights/ActAsPartOfTheOperatingSystem** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -390,38 +318,14 @@ GP Info: **UserRights/AllowLocalLogOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -455,38 +359,14 @@ GP Info: **UserRights/BackupFilesAndDirectories** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -520,38 +400,14 @@ GP Info: **UserRights/ChangeSystemTime** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -583,38 +439,14 @@ GP Info: **UserRights/CreateGlobalObjects** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -648,38 +480,14 @@ GP Info: **UserRights/CreatePageFile** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -711,38 +519,14 @@ GP Info: **UserRights/CreatePermanentSharedObjects** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -774,38 +558,14 @@ GP Info: **UserRights/CreateSymbolicLinks** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -841,38 +601,14 @@ GP Info: **UserRights/CreateToken** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -906,38 +642,14 @@ GP Info: **UserRights/DebugPrograms** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -971,38 +683,14 @@ GP Info: **UserRights/DenyAccessFromNetwork** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1034,38 +722,14 @@ GP Info: **UserRights/DenyLocalLogOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1100,38 +764,14 @@ GP Info: **UserRights/DenyRemoteDesktopServicesLogOn** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1163,38 +803,14 @@ GP Info: **UserRights/EnableDelegation** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1228,38 +844,14 @@ GP Info: **UserRights/GenerateSecurityAudits** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1291,38 +883,14 @@ GP Info: **UserRights/ImpersonateClient** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1364,38 +932,14 @@ GP Info: **UserRights/IncreaseSchedulingPriority** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1432,38 +976,14 @@ GP Info: **UserRights/LoadUnloadDeviceDrivers** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1497,38 +1017,14 @@ GP Info: **UserRights/LockMemory** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1560,38 +1056,14 @@ GP Info: **UserRights/ManageAuditingAndSecurityLog** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1623,38 +1095,14 @@ GP Info: **UserRights/ManageVolume** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1686,38 +1134,14 @@ GP Info: **UserRights/ModifyFirmwareEnvironment** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1751,38 +1175,14 @@ GP Info: **UserRights/ModifyObjectLabel** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1814,38 +1214,14 @@ GP Info: **UserRights/ProfileSingleProcess** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1877,38 +1253,14 @@ GP Info: **UserRights/RemoteShutdown** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1940,38 +1292,14 @@ GP Info: **UserRights/RestoreFilesAndDirectories** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -2005,38 +1333,14 @@ GP Info: **UserRights/TakeOwnership** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md index 77728974a0..7c694ce087 100644 --- a/windows/client-management/mdm/policy-csp-wifi.md +++ b/windows/client-management/mdm/policy-csp-wifi.md @@ -64,38 +64,14 @@ This policy has been deprecated. **Wifi/AllowAutoConnectToWiFiSenseHotspots** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -138,38 +114,14 @@ The following list shows the supported values: **Wifi/AllowInternetSharing** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -212,38 +164,14 @@ The following list shows the supported values: **Wifi/AllowManualWiFiConfiguration** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -281,38 +209,14 @@ The following list shows the supported values: **Wifi/AllowWiFi** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -347,38 +251,14 @@ The following list shows the supported values: **Wifi/AllowWiFiDirect** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -411,38 +291,14 @@ The following list shows the supported values: **Wifi/WLANScanMode** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
From b7aee8df4e569dcb7b68ebaee12c5b1217bd6ba1 Mon Sep 17 00:00:00 2001 From: Benzy Dharmanayagam Date: Wed, 24 Nov 2021 18:29:52 +0530 Subject: [PATCH 12/74] Updated-5548201 Converted HTML tables to Markdown tables in the following topics Offline Migration Reference Understanding Migration XML Files Choose a Migration Store Type User State Migration Tool (USMT) Command-line Syntax Config.xml File Conflicts and Precedence Custom XML Examples Determine What to Migrate Hard-Link Migration Store LoadState Syntax Log Files Migration Store Encryption Plan Your Migration Recognized Environment Variables User State Migration Toolkit (USMT) Reference --- .../usmt/offline-migration-reference.md | 116 +-- .../usmt/understanding-migration-xml-files.md | 136 +--- .../usmt/usmt-choose-migration-store-type.md | 44 +- .../usmt/usmt-command-line-syntax.md | 38 +- .../deployment/usmt/usmt-configxml-file.md | 151 +--- .../usmt/usmt-conflicts-and-precedence.md | 286 +------- .../usmt/usmt-custom-xml-examples.md | 88 +-- .../usmt/usmt-determine-what-to-migrate.md | 30 +- .../usmt/usmt-hard-link-migration-store.md | 64 +- .../deployment/usmt/usmt-loadstate-syntax.md | 669 ++---------------- windows/deployment/usmt/usmt-log-files.md | 202 +----- .../usmt/usmt-migration-store-encryption.md | 46 +- .../usmt/usmt-plan-your-migration.md | 49 +- .../usmt-recognized-environment-variables.md | 529 +++----------- windows/deployment/usmt/usmt-reference.md | 59 +- 15 files changed, 324 insertions(+), 2183 deletions(-) diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md index 3406fdc071..25d44a98a8 100644 --- a/windows/deployment/usmt/offline-migration-reference.md +++ b/windows/deployment/usmt/offline-migration-reference.md @@ -16,7 +16,6 @@ ms.topic: article # Offline Migration Reference - Offline migration enables the ScanState tool to run inside a different Windows® operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios: - **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine. @@ -33,7 +32,6 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user s ## In This topic - - [What Will Migrate Offline?](#bkmk-whatwillmigrate) - [What Offline Environments are Supported?](#bkmk-offlineenvironments) @@ -48,7 +46,6 @@ When you use User State Migration Tool (USMT) 10.0 to gather and restore user s ## What Will Migrate Offline? - The following user data and settings migrate offline, similar to an online migration: - Data and registry keys specified in MigXML @@ -67,42 +64,18 @@ For exceptions to what you can migrate offline, see [What Does USMT Migrate?](us ## What Offline Environments are Supported? - The following table defines the supported combination of online and offline operating systems in USMT. - ---- - - - - - - - - - - - - - - - - -
Running Operating SystemOffline Operating System

WinPE 5.0 or greater, with the MSXML library

Windows Vista, Windows 7, Windows 8, Windows 10

Windows 7, Windows 8, Windows 10

Windows.old directory

- - +|Running Operating System|Offline Operating System| +|--- |--- | +|WinPE 5.0 or greater, with the MSXML library|Windows Vista, Windows 7, Windows 8, Windows 10| +|Windows 7, Windows 8, Windows 10|Windows.old directory| **Note**   It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)). - - ## User-Group Membership and Profile Control - User-group membership is not preserved during offline migrations. You must configure a **<ProfileControl>** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group: ``` xml @@ -125,84 +98,27 @@ For information about the format of a Config.xml file, see [Config.xml File](usm ## Command-Line Options - An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options: - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ComponentOptionDescription

ScanState.exe

/offline:<path to offline.xml>

This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.

ScanState.exe

/offlineWinDir:<Windows directory>

This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.

ScanState.exe

/OfflineWinOld:<Windows.old directory>

This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.

+|Component|Option|Description| +|--- |--- |--- | +|ScanState.exe|**/offline:***<path to offline.xml>*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.| +|ScanState.exe|**/offlineWinDir:***<Windows directory>*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.| +|ScanState.exe|**/OfflineWinOld:***<Windows.old directory>*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| - - -You can use only one of the **/offline**,**/offlineWinDir** , or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. +You can use only one of the **/offline**, **/offlineWinDir**, or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together. ## Environment Variables - The following system environment variables are necessary in the scenarios outlined below. - ----- - - - - - - - - - - - - - - - - - - - -
VariableValueScenario

USMT_WORKING_DIR

Full path to a working directory

Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following:

-
Set USMT_WORKING_DIR=[path to working directory]

MIG_OFFLINE_PLATFORM_ARCH

32 or 64

While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn't function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following:

-
Set MIG_OFFLINE_PLATFORM_ARCH=32
- - +|Variable|Value|Scenario| +|--- |--- |--- | +|USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following: 
Set USMT_WORKING_DIR=[path to working directory]
| +|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn't function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following: 
Set MIG_OFFLINE_PLATFORM_ARCH=32
| ## Offline.xml Elements - Use an offline.xml file when running the ScanState tool on a computer that has multiple Windows directories. The offline.xml file specifies which directories to scan for windows files. An offline.xml file can be used with the /offline option as an alternative to specifying a single Windows directory path with the /offlineDir option. ### <offline> @@ -256,8 +172,4 @@ The following XML example illustrates some of the elements discussed earlier in ## Related topics - [Plan Your Migration](usmt-plan-your-migration.md) - - - diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index e59e727ee5..22512f33e0 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -16,14 +16,12 @@ ms.topic: article # Understanding Migration XML Files - You can modify the behavior of a basic User State Migration Tool (USMT)10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. ## In This topic - [Overview of the Config.xml file](#bkmk-config) [Overview of the MigApp.xml file](#bkmk-migapp) @@ -50,27 +48,20 @@ This topic provides an overview of the default and custom migration XML files an ## Overview of the Config.xml file - The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used in conjunction with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). **Note**   When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. - - ## Overview of the MigApp.xml file - The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). **Important**   The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. See the [Sample migration rules for customized versions of XML files](#bkmk-samples) section of this document for more information about migrating .pst files that are not linked to Outlook. - - ## Overview of the MigDocs.xml file - The MigDocs.xml file uses the new **GenerateDocPatterns** helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the MigDocs.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The default MigDocs.xml file migrates the following: @@ -141,7 +132,6 @@ You can also use the **/genmigxml** option with the ScanState tool to review and ## Overview of the MigUser.xml file - The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, as well as any files on the computer with the specified file name extensions. The default MigUser.xml file migrates the following: @@ -190,39 +180,12 @@ Each file name extension you include in the rules within the MigUser.xml file in You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with additional migration rules. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
XML migration fileModifies the following components:

Config.xml file

Operating-system components such as desktop wallpaper and background theme.

-

You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see Customize USMT XML Files and Config.xml File.

MigApps.xml file

Applications settings.

MigUser.xml or MigDocs.xml files

User files and profile settings.

Custom XML files

Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.

- - +|XML migration file|Modifies the following components:| +|--- |--- | +|Config.xml file|Operating-system components such as desktop wallpaper and background theme.
You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).| +|MigApps.xml file|Applications settings.| +|MigUser.xml or MigDocs.xml files|User files and profile settings.| +|Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.| For example, you can use all of the XML migration file types for a single migration, as in the following example: @@ -235,22 +198,17 @@ Scanstate /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml / **Important**   You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer. - - If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions. If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document. ## Creating and editing a custom XML file - You can use the **/genmigxml** command-line option to determine which files will be included in your migration. The **/genmigxml** option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary. **Note**   If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location. - - To generate the XML migration rules file for a source computer: 1. Click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as**. @@ -275,42 +233,11 @@ To generate the XML migration rules file for a source computer: The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes three Boolean values. You can change the settings to modify the way the MigDocs.xml file generates the XML rules for migration. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
SettingValueDefault Value

ScanProgramFiles

The ScanProgramFiles argument is valid only when the GenerateDocPatterns function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.

-

For example, when set to TRUE, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The GenerateDocPatterns function generates this inclusion pattern for .doc files:

-
<pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>
-

If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.

False

IncludePatterns

The IncludePatterns argument determines whether to generate exclude or include patterns in the XML. When this argument is set to TRUE, the GenerateDocPatterns function generates include patterns and the function must be added under the <include> element. Changing this argument to FALSE generates exclude patterns and the function must be added under the <exclude> element.

True

SystemDrive

The SystemDrive argument determines whether to generate patterns for all fixed drives or only for the system drive. Changing this argument to TRUE restricts all patterns to the system drive.

False

- - +|Setting|Value|Default Value| +|--- |--- |--- | +|ScanProgramFiles|The *ScanProgramFiles* argument is valid only when the **GenerateDocPatterns** function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.
For example, when set to **TRUE**, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The **GenerateDocPatterns** function generates this inclusion pattern for .doc files: 
<pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>

If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.|False| +|IncludePatterns|The *IncludePatterns* argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the **GenerateDocPatterns** function generates include patterns and the function must be added under the <include> element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the <exclude> element.|True| +|SystemDrive|The *SystemDrive* argument determines whether to generate patterns for all fixed drives or only for the system drive. Changing this argument to **TRUE** restricts all patterns to the system drive.|False| **Usage:** @@ -403,37 +330,19 @@ The user context includes rules for data in the User Profiles directory. When ca **Note**   Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable. - - -### Sample migration rules for customized versions of XML files + ### Sample migration rules for customized versions of XML files **Note**   For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md). - - ### Exclude rules usage examples In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: - ---- - - - - - - - - - - -

Rule 1

<pattern type="File">d:\new folder[new text document.txt]</pattern>

Rule 2

<pattern type="File">d:\new folder[]</pattern>
- - +||| +|--- |--- | +|Rule 1|
<pattern type="File">d:\new folder[new text document.txt]</pattern>
| +|Rule 2|
<pattern type="File">d:\new folder[]</pattern>
| To exclude the new text document.txt file as well as any .txt files in "new folder", you can do the following: @@ -516,27 +425,14 @@ For more examples of include rules that you can use in custom migration XML file **Note**   For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md). - - ## Next steps - You can include additional rules for the migration in the MigDocs.xml file or other XML migration files. For example, you can use the <locationModify> element to move files from the folder where they were gathered to a different folder, when they are applied to the destination computer. You can use an XML schema (MigXML.xsd) file to validate the syntax of your customized XML files. For more information, see [USMT Resources](usmt-resources.md). ## Related topics - [Exclude Files and Settings](usmt-exclude-files-and-settings.md) [Include Files and Settings](usmt-include-files-and-settings.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md index 6985683c08..871da5bf3b 100644 --- a/windows/deployment/usmt/usmt-choose-migration-store-type.md +++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md @@ -16,51 +16,19 @@ ms.topic: article # Choose a Migration Store Type - One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you are using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store. ## In This Section - - ---- - - - - - - - - - - - - - - - - - - -

Migration Store Types Overview

Choose the migration store type that works best for your needs and migration scenario.

Estimate Migration Store Size

Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.

Hard-Link Migration Store

Learn about hard-link migration stores and the scenarios in which they are used.

Migration Store Encryption

Learn about the using migration store encryption to protect user data integrity during a migration.

- - +| Link | Description | +|--- |--- | +|[Migration Store Types Overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.| +|[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.| +|[Hard-Link Migration Store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they are used.| +|[Migration Store Encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.| ## Related topics - [Plan Your Migration](usmt-plan-your-migration.md) [User State Migration Tool (USMT) How-to topics](usmt-how-to.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md index 85adbc467d..0631a98022 100644 --- a/windows/deployment/usmt/usmt-command-line-syntax.md +++ b/windows/deployment/usmt/usmt-command-line-syntax.md @@ -16,40 +16,12 @@ ms.topic: article # User State Migration Tool (USMT) Command-line Syntax - The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation. ## In This Section - - ---- - - - - - - - - - - - - - - -

ScanState Syntax

Lists the command-line options for using the ScanState tool.

LoadState Syntax

Lists the command-line options for using the LoadState tool.

UsmtUtils Syntax

Lists the command-line options for using the UsmtUtils tool.

- - - - - - - - - - - +| Link | Description | +|--- |--- | +|[ScanState Syntax](usmt-scanstate-syntax.md)|Lists the command-line options for using the ScanState tool.| +|[LoadState Syntax](usmt-loadstate-syntax.md)|Lists the command-line options for using the LoadState tool.| +|[UsmtUtils Syntax](usmt-utilities.md)|Lists the command-line options for using the UsmtUtils tool.| diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md index 084c869c9a..3d3bc1abf3 100644 --- a/windows/deployment/usmt/usmt-configxml-file.md +++ b/windows/deployment/usmt/usmt-configxml-file.md @@ -16,10 +16,8 @@ ms.topic: article # Config.xml File - ## Config.xml File - The Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the **/genconfig** option with the ScanState.exe tool. If you want to include all of the default components, and do not want to change the default store-creation or profile-migration behavior, you do not need to create a Config.xml file. However, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigUser.xml and MigDocs.xml files, but you want to exclude certain components, you can create and modify a Config.xml file and leave the other .xml files unchanged. For example, you must create and modify the Config.xml file if you want to exclude any of the operating-system settings that are migrated. It is necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior. @@ -31,11 +29,8 @@ For more information about using the Config.xml file with other migration files, **Note**   To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration. - - ## In this topic - In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only. [<Policies>](#bkmk-policies) @@ -74,14 +69,12 @@ In USMT there are new migration policies that can be configured in the Config.xm ## <Policies> - The **<Policies>** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **<Policies>** element are **<ErrorControl>** and **<HardLinkStoreControl>**. The **<Policies>** element is a child of **<Configuration>**. Syntax: ` ` ## <ErrorControl> - The **<ErrorControl>** element is an optional element you can configure in the Config.xml file. The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. - **Number of occurrences**: Once for each component @@ -111,8 +104,6 @@ Additionally, the order in the **<ErrorControl>** section implies priority **Important**   The configurable **<ErrorControl>** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character. - - ### <fatal> The **<fatal>** element is not required. @@ -125,35 +116,14 @@ The **<fatal>** element is not required. Syntax: ``*<pattern>*`` - ----- - - - - - - - - - - - - - - -
ParameterRequiredValue

errorCode

No

"any" or "specify system error message here"

- - +|Parameter|Required|Value| +|--- |--- |--- | +|errorCode|No|"any" or "*specify system error message here*"| You use the **<fatal>** element to specify that errors matching a specific pattern should cause USMT to halt the migration. ## <fileError> - The **<fileError>** element is not required. - **Number of occurrences**: Once for each component @@ -168,7 +138,6 @@ You use the **<fileError>** element to represent the behavior associated w ## <nonFatal> - The **<nonFatal>** element is not required. - **Number of occurrences**: Once for each component @@ -179,35 +148,14 @@ The **<nonFatal>** element is not required. Syntax: ``*<pattern>*`` - ----- - - - - - - - - - - - - - - -
ParameterRequiredValue

<errorCode>

No

"any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

- - +|Parameter|Required|Value| +|--- |--- |--- | +|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.| You use the **<nonFatal>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. ## <registryError> - The <registryError>element is not required. - **Number of occurrences**: Once for each component @@ -218,35 +166,14 @@ The <registryError>element is not required. Syntax: `` - ----- - - - - - - - - - - - - - - -
ParameterRequiredValue

<errorCode>

No

"any" or "specify system error message here". If system error messages are not specified, the default behavior applies the parameter to all system error messages.

- - +|Parameter|Required|Value| +|--- |--- |--- | +|**<errorCode>**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.| You use the **<registryError>** element to specify that errors matching a specific pattern should not cause USMT to halt the migration. ## <HardLinkStoreControl> - The **<HardLinkStoreControl>** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **<fileLocked>**. Syntax: ` ` @@ -264,8 +191,6 @@ The **<HardLinkStoreControl>** sample code below specifies that hard links **Important**   The **<ErrorControl>** section can be configured to conditionally ignore file access errors, based on the file’s location. - - ``` xml @@ -282,84 +207,49 @@ The **<ErrorControl>** section can be configured to conditionally ignore f ## <fileLocked> - The **<fileLocked>** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **<fileLocked>** element are processed in the order in which they appear in the XML file. Syntax: `` ## <createHardLink> - The **<createHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. Syntax: ``*<pattern>*`` ## <errorHardLink> - The **<errorHardLink>** element defines a standard MigXML pattern that describes file paths where hard links should not be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that is not possible, **Error\_Locked** is thrown. This is a standard Windows application programming interface (API) error that can be captured by the **<ErrorControl>** section to either cause USMT to skip the file or abort the migration. Syntax: ``*<pattern>*`` ## <ProfileControl> - This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **<ProfileMigration>** is a child of **<Configuration>**. Syntax: <`ProfileControl> ` ## <localGroups> - This element is used to contain other elements that establish rules for how to migrate local groups. **<localGroups>** is a child of **<ProfileControl>**. Syntax: ` ` ## <mappings> - This element is used to contain other elements that establish mappings between groups. Syntax: ` ` ## <changeGroup> - This element describes the source and destination groups for a local group membership change during the migration. It is a child of **<localGroups>**. The following parameters are defined: - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
ParameterRequiredValue

From

Yes

A valid local group on the source machine that contains users selected for migration on the command line.

To

Yes

A local group that the users are to be moved to during the migration.

appliesTo

Yes

nonmigratedUsers, migratedUsers, AllUsers. This value defines which users the change group operation should apply to.

- - +|Parameter|Required|Value| +|--- |--- |--- | +|From|Yes|A valid local group on the source machine that contains users selected for migration on the command line.| +|To|Yes|A local group that the users are to be moved to during the migration.| +|appliesTo|Yes|nonmigratedUsers, migratedUsers, AllUsers. This value defines which users the change group operation should apply to.| The valid and required children of **<changeGroup>** are **<include>** and **<exclude>**. Although both can be children at the same time, only one is required. @@ -367,21 +257,18 @@ Syntax: ` ` ## <include> - This element specifies that its required child, *<pattern>*, should be included in the migration. Syntax: ```` ## <exclude> - This element specifies that its required child, *<pattern>*, should be excluded from the migration. Syntax: ``` ` ## Sample Config.xml File - Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration. ```xml @@ -577,14 +464,4 @@ Refer to the following sample Config.xml file for additional details about items ## Related topics - [USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md index c7dc4a18ce..48ebaa0719 100644 --- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md +++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md @@ -16,7 +16,6 @@ ms.topic: article # Conflicts and Precedence - When you include, exclude, and reroute files and settings, it is important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind. - **If there are conflicting rules within a component, the most specific rule is applied.** However, the <unconditionalExclude> rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples)****later in this topic. @@ -33,7 +32,6 @@ When you include, exclude, and reroute files and settings, it is important to kn ## In this topic - **General** - [What is the relationship between rules that are located within different components?](#bkmk2) @@ -60,7 +58,6 @@ When you include, exclude, and reroute files and settings, it is important to kn ## General - ### What is the relationship between rules that are located within different components? Only rules inside the same component can affect each other, depending on specificity, except for the <unconditionalExclude> rule. Rules that are in different components do not affect each other. If there is an <include> rule in one component and an identical <exclude> rule in another component, the data will be migrated because the two rules are independent of each other. @@ -129,7 +126,6 @@ USMT does not distinguish the .xml files based on their name or content. It proc ## The <include> and <exclude> rules - ### What happens when there are conflicting <include> and <exclude> rules? If there are conflicting rules within a component, the most specific rule is applied, except with the <unconditionalExclude> rule, which takes precedence over all other rules. If the rules are equally specific, then the data will be not be migrated. For example if you exclude a file, and include the same file, the file will not be migrated. If there are conflicting rules within different components, the rules do not affect each other because each component is processed independently. @@ -159,212 +155,35 @@ These examples explain how USMT deals with <include> and <exclude> r ### Including and excluding files - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you have the following code in the same componentResulting behaviorExplanation
    -

  • Include rule: <pattern type="File">C:\Dir1* []</pattern>

    • -

  • Exclude rule: <pattern type="File">C:* [.txt]</pattern>

    • -

Migrates all files and subfolders in Dir1 (including all .txt files in C:).

The <exclude> rule does not affect the migration because the <include> rule is more specific.

    -

  • Include rule: <pattern type="File">C:\Dir1* []</pattern>

    • -

  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

    • -

Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders.

Both rules are processed as intended.

    -

  • Include rule: <pattern type="File">C:\Dir1* []</pattern>

    • -

  • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>

    • -

Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders.

Both rules are processed as intended.

    -

  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

    • -

  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

    • -

Nothing will be migrated.

The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

    -

  • Include rule: C:\Dir1* [.txt]

    • -

  • Exclude rule: C:\Dir1\Dir2* []

    • -

Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.

-

No files are migrated from Dir2 or its subfolders.

Both rules are processed as intended.

    -

  • Include rule: C:\Dir1\Dir2* []

    • -

  • Exclude rule: C:\Dir1* [.txt]

    • -

Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2).

Both rules are processed as intended.

+| If you have the following code in the same component | Resulting behavior | Explanation | +|-----|-----|-----| +|
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:* [.txt]</pattern>
| Migrates all files and subfolders in Dir1 (including all .txt files in C:). | The <exclude> rule does not affect the migration because the <include> rule is more specific. | +|
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
| Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders. | Both rules are processed as intended. | +|
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\ * [.txt]</pattern>
| Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | +|
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
| Nothing will be migrated. | The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule. | +|
  • Include rule: C:\Dir1* [.txt]
  • Exclude rule: C:\Dir1\Dir2* []
| Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2.
No files are migrated from Dir2 or its subfolders. | Both rules are processed as intended. | +|
  • Include rule: C:\Dir1\Dir2* []
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2). | Both rules are processed as intended. | - - - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
If you have the following code in different componentsResulting behaviorExplanation

Component 1:

-
    -

  • Include rule: <pattern type="File">C:\Dir1* []</pattern>

    • -

  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

    • -
-

Component 2:

-
    -

  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

    • -

  • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>

    • -

Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2).

Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed.

Component 1:

-
    -

  • Include rule: C:\Dir1\Dir2* []

    • -
-

Component 2:

-
    -

  • Exclude rule: C:\Dir1* [.txt]

    • -

Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders.

Both rules are processed as intended.

Component 1:

-
    -

  • Exclude rule: C:\Dir1\Dir2* []

    • -
-

Component 2:

-
    -

  • Include rule: C:\Dir1* [.txt]

    • -

Migrates all .txt files in Dir1 and any subfolders.

Component 1 does not contain an <include> rule, so the <exclude> rule is not processed.

- - +| If you have the following code in different components | Resulting behavior | Explanation | +|-----|----|----| +| Component 1:
  • Include rule: <pattern type="File">C:\Dir1* []</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>

Component 2:
  • Include rule: <pattern type="File">C:\Dir1\Dir2* [.txt]</pattern>
  • Exclude rule: <pattern type="File">C:\Dir1* []</pattern>
| Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2). | Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed. | +| Component 1:
  • Include rule: C:\Dir1\Dir2* []

Component 2:
  • Exclude rule: C:\Dir1* [.txt]
| Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. | +| Component 1:
  • Exclude rule: C:\Dir1\Dir2* []

Component 2:
  • Include rule: C:\Dir1* [.txt]
| Migrates all .txt files in Dir1 and any subfolders. | Component 1 does not contain an <include> rule, so the <exclude> rule is not processed. | ### Including and excluding registry objects - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
If you have the following code in the same componentResulting behaviorExplanation
    -

  • Include rule: HKLM\Software\Microsoft\Command Processor* []

    • -

  • Exclude Rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor.

Both rules are processed as intended.

    -

  • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

  • Exclude Rule: HKLM\Software\Microsoft\Command Processor* []

    • -

Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor.

DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule.

    -

  • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

  • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

Does not migrate DefaultColor.

The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule.

+| If you have the following code in the same component | Resulting behavior | Explanation | +|-----|-----|-----| +|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor* []
  • Exclude Rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor. | Both rules are processed as intended. | +|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude Rule:
    HKLM\Software\Microsoft\Command Processor* []
| Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor. | DefaultColor is migrated because the <include> rule is more specific than the <exclude> rule. | +|
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Does not migrate DefaultColor. | The rules are equally specific, so the <exclude> rule takes precedence over the <include> rule. | - - - ----- - - - - - - - - - - - - - - -
If you have the following code in different componentsResulting behaviorExplanation

Component 1:

-
    -

  • Include rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

  • Exclude rule: HKLM\Software\Microsoft\Command Processor* []

    • -
-

Component 2:

-
    -

  • Include rule: HKLM\Software\Microsoft\Command Processor* []

    • -

  • Exclude rule: HKLM\Software\Microsoft\Command Processor [DefaultColor]

    • -

Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor.

Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed.

- - +| If you have the following code in different components | Resulting behavior | Explanation | +|-----|-----|-----| +| Component 1:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor* []

Component 2:
  • Include rule:
    HKLM\Software\Microsoft\Command Processor* []
  • Exclude rule:
    HKLM\Software\Microsoft\Command Processor [DefaultColor]
| Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor. | Rules that are in different components do not affect each other, except for the <unconditionalExclude> rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed. | ## File collisions - ### What is the default behavior when there are file collisions? If there is not a <merge> rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on. @@ -401,65 +220,12 @@ You have a custom .xml file that contains the following code: For this example, the following table describes the resulting behavior if you add the code in the first column to your custom .xml file. - ---- - - - - - - - - - - - - - - - - - - - - -
If you specify the following codeResulting behavior
<merge script="MigXmlHelper.DestinationPriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data* []</pattern> 
-   </objectSet> 
-</merge>

During ScanState, all the files will be added to the store.

-

During LoadState, only C:\Data\SampleA.txt will be restored.

<merge script="MigXmlHelper.SourcePriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data* []</pattern> 
-   </objectSet> 
-</merge>

During ScanState, all the files will be added to the store.

-

During LoadState, all the files will be restored, overwriting the existing files on the destination computer.

<merge script="MigXmlHelper.SourcePriority()"> 
-   <objectSet> 
-      <pattern type="File">c:\data\ [*]</pattern> 
-   </objectSet> 
-</merge>

During ScanState, all the files will be added to the store.

-

During LoadState, the following will occur:

-
    -

  • C:\Data\SampleA.txt will be restored.

    • -

  • C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer.

    • -

  • C:\Data\Folder\SampleB.txt will not be restored.

    • -
- - +| If you specify the following code | Resulting behavior | +|-----|-----| +| 
<merge script="MigXmlHelper.DestinationPriority()"> 
   <objectSet> 
      <pattern type="File">c:\data* []</pattern> 
   </objectSet> 
</merge>
| During ScanState, all the files will be added to the store.
During LoadState, only C:\Data\SampleA.txt will be restored. | +| 
<merge script="MigXmlHelper.SourcePriority()"> 
   <objectSet> 
      <pattern type="File">c:\data* []</pattern> 
   </objectSet> 
</merge>
| During ScanState, all the files will be added to the store.
During LoadState, all the files will be restored, overwriting the existing files on the destination computer. | +| 
<merge script="MigXmlHelper.SourcePriority()"> 
   <objectSet> 
      <pattern type="File">c:\data\ [*]</pattern> 
   </objectSet> 
</merge>
| During ScanState, all the files will be added to the store.
During LoadState, the following will occur:
  • C:\Data\SampleA.txt will be restored.
  • C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer.
  • C:\Data\Folder\SampleB.txt will not be restored.
| ## Related topics - [USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md index 5096af5a77..f36bfa0d02 100644 --- a/windows/deployment/usmt/usmt-custom-xml-examples.md +++ b/windows/deployment/usmt/usmt-custom-xml-examples.md @@ -15,15 +15,11 @@ ms.topic: article # Custom XML Examples - **Note**   Because the tables in this topic are wide, you may need to adjust the width of its window. - - ## In This Topic: - - [Example 1: Migrating an Unsupported Application](#example) - [Example 2: Migrating the My Videos Folder](#example2) @@ -34,7 +30,6 @@ Because the tables in this topic are wide, you may need to adjust the width of i ## Example 1: Migrating an Unsupported Application - The following is a template for the sections that you need to migrate your application. The template is not functional on its own, but you can use it to write your own .xml file. ``` xml @@ -103,37 +98,13 @@ The following is a template for the sections that you need to migrate your appli ## Example 2: Migrating the My Videos Folder - The following is a custom .xml file named CustomFile.xml that migrates My Videos for all users, if the folder exists on the source computer. - ---- - - - - - - - - - - - - - - - - - - - - -
CodeBehavior
<condition>MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")</condition>

Verifies that My Videos exists on the source computer.

<include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>

Filters out the shortcuts in My Videos that do not resolve on the destination computer. This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.

<pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>

Migrates My Videos for all users.

- - +| Code | Behavior | +|------|----------| +| 
<condition>MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")</condition>
| Verifies that My Videos exists on the source computer. | +| 
<include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
| Filters out the shortcuts in My Videos that do not resolve on the destination computer. This has no effect on files that are not shortcuts. For example, if there is a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering. | +| 
<pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>
| Migrates My Videos for all users. | ```xml @@ -160,41 +131,14 @@ The following is a custom .xml file named CustomFile.xml that migrates My Videos ## Example 3: Migrating Files and Registry Keys - This table describes the behavior in the following example .xml file. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
CodeBehavior
<pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>

Migrates all instances of the file Usmttestfile.txt from all sub-directories under %ProgramFiles%\USMTTestFolder.

<pattern type="File">%ProgramFiles%\USMTDIRTestFolder* []</pattern>

Migrates the whole directory under %ProgramFiles%\USMTDIRTestFolder.

<pattern type="Registry">HKCU\Software\USMTTESTKEY* [MyKey]</pattern>

Migrates all instances of MyKey under HKCU\Software\USMTTESTKEY.

<pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>

Migrates the entire registry hive under HKLM\Software\USMTTESTKEY.

- - +| Code | Behavior | +|------|----------| +| 
<pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>
| Migrates all instances of the file Usmttestfile.txt from all sub-directories under %ProgramFiles%\USMTTestFolder. | +| 
<pattern type="File">%ProgramFiles%\USMTDIRTestFolder* []</pattern>
| Migrates the whole directory under %ProgramFiles%\USMTDIRTestFolder. | +| 
<pattern type="Registry">HKCU\Software\USMTTESTKEY* [MyKey]</pattern>
| Migrates all instances of MyKey under HKCU\Software\USMTTESTKEY. | +| 
<pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>
| Migrates the entire registry hive under HKLM\Software\USMTTESTKEY. | ``` xml @@ -303,16 +247,6 @@ The behavior for this custom .xml file is described within the <`displayName` ## Related topics - [USMT XML Reference](usmt-xml-reference.md) [Customize USMT XML Files](usmt-customize-xml-files.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md index 418f73f68c..608624844a 100644 --- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md +++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md @@ -24,30 +24,12 @@ To reduce complexity and increase standardization, your organization should cons ## In This Section - ---- - - - - - - - - - - - - - - - - - - -

Identify Users

Use command-line options to specify which users to migrate and how they should be migrated.

Identify Applications Settings

Determine which applications you want to migrate and prepare a list of application settings to be migrated.

Identify Operating System Settings

Use migration to create a new standard environment on each of the destination computers.

Identify File Types, Files, and Folders

Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.

+| Link | Description | +|--- |--- | +|[Identify Users](usmt-identify-users.md)|Use command-line options to specify which users to migrate and how they should be migrated.| +|[Identify Applications Settings](usmt-identify-application-settings.md)|Determine which applications you want to migrate and prepare a list of application settings to be migrated.| +|[Identify Operating System Settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.| +|[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.| ## Related topics diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 45c699be37..3da4429962 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -16,12 +16,10 @@ ms.topic: article # Hard-Link Migration Store - A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs and enables entirely new migration scenarios. ## In this topic - [When to Use a Hard-Link Migration](#bkmk-when) [Understanding a Hard-Link Migration](#bkmk-understandhardlinkmig) @@ -46,7 +44,6 @@ A *hard-link migration store* enables you to perform an in-place migration where ## When to Use a Hard-Link Migration - You can use a hard-link migration store when your planned migration meets both of the following criteria: - You are upgrading the operating system on existing hardware rather than migrating to new computers. @@ -63,7 +60,6 @@ You cannot use a hard-link migration store if your planned migration includes an ## Understanding a Hard-Link Migration - The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. When you create a hard link, you give an existing file an additional path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These are two paths to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. @@ -71,8 +67,6 @@ When you create a hard link, you give an existing file an additional path. For i **Note**   A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. - - For more information about hard links, please see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions) In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place. @@ -82,8 +76,6 @@ As a best practice, we recommend that you delete the hard-link migration store a **Important**   Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. - - Keeping the hard-link migration store can result in additional disk space being consumed or problems with some applications for the following reasons: - Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. @@ -95,11 +87,8 @@ Keeping the hard-link migration store can result in additional disk space being **Important**   The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links. - - ## Hard-Link Migration Scenario - For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated. 1. An administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink** command-line option. The ScanState tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances. @@ -107,17 +96,14 @@ For example, a company has decided to deploy Windows 10 on all of their compute **Note**   As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate. - - 2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses. 3. An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer. > [!NOTE] > During the update of a domain-joined computer, the profiles of users whose SID cannot be resolved will not be migrated. When using a hard-link migration store, it could cause a data loss. - -## Hard-Link Migration Store Details +## Hard-Link Migration Store Details This section provides details about hard-link migration stores. @@ -166,51 +152,21 @@ Files that are locked by an application are treated the same in hard-link migrat **Important**   There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. - - ## XML Elements in the Config.xml File - A new section in the Config.xml file allows optional configuration of some of the hard-link migration behavior introduced with the **/HardLink** option. - ---- - - - - - - - - - - - - - - - - - - - - - - -

<Policies>

This element contains elements that describe the policies that USMT follows while creating a migration store.

<HardLinkStoreControl>

This element contains elements that describe how to handle files during the creation of a hard link migration store.

<fileLocked>

This element contains elements that describe how to handle files that are locked for editing.

<createHardLink>

This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

-

Syntax: <createHardLink> [pattern] </createHardLink>

<errorHardLink>

This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application.

-

<errorHardLink> [pattern] </errorHardLink>

- - +| Element | Description | +|--- |--- | +| **<Policies>** | This element contains elements that describe the policies that USMT follows while creating a migration store. | +| **<HardLinkStoreControl>** | This element contains elements that describe how to handle files during the creation of a hard link migration store. | +| **<fileLocked>** | This element contains elements that describe how to handle files that are locked for editing. | +| **<createHardLink>** | This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.

Syntax: <createHardLink> [pattern] </createHardLink> | +| **<errorHardLink>** | This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application.

<errorHardLink> [pattern] </errorHardLink> | **Important**   You must use the **/nocompress** option with the **/HardLink** option. - - The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use<createhardlink>** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete. ``` xml @@ -226,8 +182,4 @@ The following XML sample specifies that files locked by an application under the ## Related topics - [Plan Your Migration](usmt-plan-your-migration.md) - - - diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md index 77e214976c..a6e69b6432 100644 --- a/windows/deployment/usmt/usmt-loadstate-syntax.md +++ b/windows/deployment/usmt/usmt-loadstate-syntax.md @@ -16,12 +16,10 @@ ms.topic: article # LoadState Syntax - This topic discusses the **LoadState** command syntax and options available with it. ## In this topic - [Before You Begin](#before) [Syntax](#bkmk-s) @@ -38,7 +36,6 @@ This topic discusses the **LoadState** command syntax and options available with ## Before You Begin - Before you run the **LoadState** command, note the following: - To ensure that all operating system settings migrate, we recommend that you run the **LoadState** commands in administrator mode from an account with administrative credentials. @@ -55,7 +52,6 @@ Before you run the **LoadState** command, note the following: ## Syntax - This section explains the syntax and usage of the command-line options available when you use the **LoadState** command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator. The **LoadState** command's syntax is: @@ -71,390 +67,66 @@ For example, to decrypt the store and migrate the files and settings to a comput USMT provides the following options that you can use to specify how and where the migrated data is stored. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

StorePath

Indicates the folder where the files and settings data are stored. You must specify StorePath when using the LoadState command. You cannot specify more than one StorePath.

/decrypt /key:KeyString

-

or

-

/decrypt /key:"Key String"

-

or

-

/decrypt /keyfile:[Path</em>]FileName

Decrypts the store with the specified key. With this option, you will need to specify the encryption key in one of the following ways:

-
    -

  • /key:KeyString specifies the encryption key. If there is a space in KeyString, you must surround the argument with quotation marks.

    • -

  • /keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key

    • -
-

KeyString cannot exceed 256 characters.

-

The /key and /keyfile options cannot be used on the same command line.

-

The /decrypt and /nocompress options cannot be used on the same command line.

-
-Important

Use caution with this option, because anyone who has access to the LoadState command-line script will also have access to the encryption key.

-
-
- -
-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey

/decrypt:"encryption strength"

The /decrypt option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see Migration Store Encryption.

/hardlink

Enables user-state data to be restored from a hard-link migration store. The /nocompress parameter must be specified with /hardlink option.

/nocompress

Specifies that the store is not compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option cannot be used with the /decrypt option.

-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress

- - +| Command-Line Option | Description | +|--- |--- | +| *StorePath* | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the **LoadState** command. You cannot specify more than one *StorePath*. | +| **/decrypt** **/key**:*KeyString*
or
**/decrypt** **/key**:"*Key String*"
or
**/decrypt** **/keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you will need to specify the encryption key in one of the following ways:
  • **/key:***KeyString* specifies the encryption key. If there is a space in *KeyString*, you must surround the argument with quotation marks.
  • **/keyfile:***FilePathAndName* specifies a text (.txt) file that contains the encryption key

*KeyString* cannot exceed 256 characters.
The **/key** and **/keyfile** options cannot be used on the same command line.
The **/decrypt** and **/nocompress** options cannot be used on the same command line.
**Important**
Use caution with this option, because anyone who has access to the **LoadState** command-line script will also have access to the encryption key.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` | +| **/decrypt:***"encryption strength"* | The **/decrypt** option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | +| **/hardlink** | Enables user-state data to be restored from a hard-link migration store. The **/nocompress** parameter must be specified with **/hardlink** option. | +| **/nocompress** | Specifies that the store is not compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option cannot be used with the **/decrypt** option.
For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` | ## Migration Rule Options - USMT provides the following options to specify what files you want to migrate. - ---- - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/i:[Path]FileName

(include)

-

Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.

-

For more information about which files to specify, see the "XML files" section of the Frequently Asked Questions topic.

/config:[Path]FileName

Specifies the Config.xml file that the LoadState command should use. You cannot specify this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then the FileName must be located in the current directory.

-

This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

-

loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log

/auto:"path to script files"

This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The /auto option has the same effect as using the following options: /i:MigDocs.xml /i:MigApp.xml /v:5.

- - +| Command-Line Option | Description | +|--- |--- | +| **/i**:[*Path*]*FileName* | **(include)**
Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory.

For more information about which files to specify, see the "XML files" section of the [Frequently Asked Questions](usmt-faq.yml) topic. | +| **/config:**[*Path*]*FileName* | Specifies the Config.xml file that the **LoadState** command should use. You cannot specify this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the *FileName* must be located in the current directory.

This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files:

`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` | +| **/auto:***"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The **/auto** option has the same effect as using the following options: **/i:MigDocs.xml** **/i:MigApp.xml /v:5**. | ## Monitoring Options - USMT provides several command-line options that you can use to analyze problems that occur during migration. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/l:[Path]FileName

Specifies the location and name of the LoadState log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can specify the /v option to adjust the amount of output.

-

If you run the LoadState command from a shared network resource, you must specify this option or USMT will fail with the error: "USMT was unable to create the log file(s)". To fix this issue, use the /l:load.log option.

/v:<VerbosityLevel>

(Verbosity)

-

Enables verbose output in the LoadState log file. The default value is 0.

-

You can set the VerbosityLevel to one of the following levels:

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LevelExplanation

0

Only the default errors and warnings are enabled.

1

Enables verbose output.

4

Enables error and status output.

5

Enables verbose and status output.

8

Enables error output to a debugger.

9

Enables verbose output to a debugger.

12

Enables error and status output to a debugger.

13

Enables verbose, status, and debugger output.

-

-

For example:

-

loadstate \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml

/progress:[Path</em>]FileName

Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.

-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log

/c

When this option is specified, the LoadState command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit on the computer, the LoadState command will log an error and continue with the migration. Without the /c option, the LoadState command will exit on the first error. You can use the new <ErrorControl> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /c command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /genconfig option now generates a sample <ErrorControl> section that is enabled by specifying error messages and desired behaviors in the Config.xml file.

/r:<TimesToRetry>

(Retry)

-

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

-

While restoring the user state, the /r option will not recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem.

/w:<SecondsBeforeRetry>

(Wait)

-

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

/? or /help

Displays Help on the command line.

- - +| Command-Line Option | Description | +|--- |--- | +| **/l:**[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can specify the **/v** option to adjust the amount of output.

If you run the **LoadState** command from a shared network resource, you must specify this option or USMT will fail with the error: "USMT was unable to create the log file(s)". To fix this issue, use the **/l:load.log** option. | +| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the LoadState log file. The default value is 0.
You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`loadstate \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` | +| **/progress:**[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` | +| **/c** | When this option is specified, the **LoadState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit on the computer, the **LoadState** command will log an error and continue with the migration. Without the **/c** option, the **LoadState** command will exit on the first error. You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the **/c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the **/genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | +| **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

While restoring the user state, the **/r** option will not recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | +| **/w:***<SecondsBeforeRetry>* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | +| **/?** or **/help** | Displays Help on the command line. | ## User Options - By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or by using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md). - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/all

Migrates all of the users on the computer.

-

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to use the /all option, you cannot also use the /ui, /ue or /uel options.

/ui:DomainName<em>UserName

-

or

-

/ui:"DomainName<em>User Name"

-

or

-

/ui:ComputerName<em>LocalUserName

(User include)

-

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue option. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks.

-

For example:

-
    -

  • To include only User2 from the Corporate domain, type:

    -

    /ue:* /ui:corporate\user2

    • -
-
-Note

If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

-
-
- -
-

For more examples, see the descriptions of the /uel, /ue, and /ui options in this table.

/uel:<NumberOfDays>

-

or

-

/uel:<YYYY/MM/DD>

-

or

-

/uel:0

(User exclude based on last logon)

-

Migrates only the users that logged onto the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.

-
-Note

The /uel option is not valid in offline migrations.

-
-
- -
-

Examples:

-
    -

  • /uel:0 migrates accounts that were logged on to the source computer when the ScanState command was run.

    • -

  • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

    • -

  • /uel:1 migrates users whose accounts have been modified within the last 24 hours.

    • -

  • /uel:2002/1/15 migrates users who have logged on or whose accounts have been modified since January 15, 2002.

    • -
-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0

/ue:DomainName<em>UserName

-

or

-

/ue:"DomainName<em>User Name"

-

or

-

/ue:ComputerName<em>LocalUserName

(User exclude)

-

Excludes the specified users from the migration. You can specify multiple /ue options but you cannot use the /ue option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1

-

For more examples, see the descriptions of the /uel, /ue, and /ui options in this table.

/md:OldDomain:NewDomain

-

or

-

/md:LocalComputerName:NewDomain

(move domain)

-

Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. OldDomain may contain the asterisk () wildcard character.

-

You can specify this option more than once. You may want to specify multiple /md options if you are consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: /md:corporate:fabrikam and /md:farnorth:fabrikam.

-

If there are conflicts between two /md commands, the first rule that you specify is applied. For example, if you specify the /md:corporate:fabrikam and /md:corporate:farnorth commands, then Corporate users would be mapped to the Fabrikam domain.

-
-Note

If you specify an OldDomain that did not exist on the source computer, the LoadState command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to NewDomain but will remain in their original domain. For example, if you misspell "contoso" and you specify "/md:contso:fabrikam", the users will remain in contoso on the destination computer.

-
-
- -
-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

-

/progress:prog.log /l:load.log /md:contoso:fabrikam

/mu:OldDomain<em>OldUserName:[NewDomain]NewUserName

-

or

-

/mu:OldLocalUserName:NewDomain<em>NewUserName

Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple /mu options. You cannot use wildcard characters with this option.

-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

-

/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1

/lac:[Password]

(local account create)

-

Specifies that if a user account is a local (non-domain) account, and it does not exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the /lae option.

-

If the /lac option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated.

-

Password is the password for the newly created account. An empty password is used by default.

-
-Caution

Use the Password variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the LoadState command.

-

Also, if the computer has multiple users, all migrated users will have the same password.

-
-
- -
-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

-

For instructions, see Migrate User Accounts.

/lae

(local account enable)

-

Enables the account that was created with the /lac option. You must specify the /lac option with this option.

-

For example:

-

loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore

-

/progress:prog.log /l:load.log /lac:password /lae

-

For instructions, see Migrate User Accounts.

- +| Command-Line Option | Description | +|--- |--- | +| **/all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with the **/ue** or **/uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to use the **/all** option, you cannot also use the **/ui**, **/ue** or **/uel** options. | +| **/ui:***DomainName UserName*
or
**/ui:**"*DomainName User Name*"
or
**/ui:***ComputerName LocalUserName* | **(User include)**

Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the **/ue** option. You can specify multiple **/ui** options, but you cannot use the **/ui** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks.
For example:
  • To include only User2 from the Corporate domain, type:
    `/ue:* /ui:corporate\user2`
**Note**
If a user is specified for inclusion with the **/ui** option, and also is specified to be excluded with either the **/ue** or **/uel** options, the user will be included in the migration.

For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. | +| **/uel**:*<NumberOfDays>*
or
**/uel**:*<YYYY/MM/DD>*
or
**/uel**:0 | **(User exclude based on last logon)**

Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The **/uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the **/all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT.
**Note**
The **/uel** option is not valid in offline migrations.

Examples:
  • `/uel:0` migrates accounts that were logged on to the source computer when the **ScanState** command was run.
  • `/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • `/uel:1` migrates users whose accounts have been modified within the last 24 hours.
  • `/uel:2002/1/15` migrates users who have logged on or whose accounts have been modified since January 15, 2002.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` | +| **/ue**:*DomainName UserName*
or
**/ue**:"*DomainName User Name*"
or
**/ue**:*ComputerName LocalUserName* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple **/ue** options but you cannot use the **/ue** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1`
For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. | +| **/md:***OldDomain*:*NewDomain*
or
**/md:***LocalComputerName:NewDomain* | **(move domain)**
Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character.

You can specify this option more than once. You may want to specify multiple **/md** options if you are consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`.

If there are conflicts between two **/md** commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain.
**Note**
If you specify an *OldDomain* that did not exist on the source computer, the **LoadState** command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to *NewDomain* but will remain in their original domain. For example, if you misspell "contoso" and you specify "/md:contso:fabrikam", the users will remain in contoso on the destination computer.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
` /progress:prog.log /l:load.log /md:contoso:fabrikam` | +| **/mu:***OldDomain OldUserName*:[*NewDomain*]*NewUserName*
or
**/mu:***OldLocalUserName*:*NewDomain NewUserName* | Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple **/mu** options. You cannot use wildcard characters with this option.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` | +| **/lac:**[*Password*] | **(local account create)**

Specifies that if a user account is a local (non-domain) account, and it does not exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the **/lae** option.

If the **/lac** option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated.

*Password* is the password for the newly created account. An empty password is used by default.
**Caution**
Use the *Password* variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the **LoadState** command.
Also, if the computer has multiple users, all migrated users will have the same password.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). | +| **/lae** | **(local account enable)**

Enables the account that was created with the **/lac** option. You must specify the **/lac** option with this option.

For example:
`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore`
`/progress:prog.log /l:load.log /lac:password /lae`

For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). | ### Examples for the /ui and /ue options The following examples apply to both the **/ui** and **/ue** options. You can replace the **/ue** option with the **/ui** option to include, rather than exclude, the specified users. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
BehaviorCommand

Exclude the user named User One in the Corporate domain.

/ue:"corporate\user one"

Exclude the user named User1 in the Corporate domain.

/ue:corporate\user1

Exclude the local user named User1.

/ue:%computername%\user1

Exclude all domain users.

/ue:Domain

Exclude all local users.

/ue:%computername%

Exclude users in all domains named User1, User2, and so on.

/ue:\user

- - +| Behavior | Command | +|--- |--- | +| Exclude the user named User One in the Corporate domain. | `/ue:"corporate\user one"` | +| Exclude the user named User1 in the Corporate domain. | `/ue:corporate\user1` | +| Exclude the local user named User1. | `/ue:%computername%\user1` | +| Exclude all domain users. | `/ue:Domain` | +| Exclude all local users. | `/ue:%computername%` | +| Exclude users in all domains named User1, User2, and so on. | `/ue:\user` | ### Using the Options Together @@ -464,247 +136,46 @@ You can use the **/uel**, **/ue** and **/ui** options together to migrate only t **The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the **/uel** option, that user's profile will be migrated even if they are excluded by using the **/ue** option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
BehaviorCommand

Include only User2 from the Fabrikam domain and exclude all other users.

/ue:* /ui:fabrikam\user2

Include only the local user named User1 and exclude all other users.

/ue:* /ui:user1

Include only the domain users from Contoso, except Contoso\User1.

This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:

-
    -

  • Using the ScanState command-line tool, type: /ue:* /ui:contoso

    • -

  • Using the LoadState command-line tool, type: /ue:contoso\user1

    • -

Include only local (non-domain) users.

/ue: /ui:%computername%*

- - +| Behavior | Command | +|--- |--- | +| Include only User2 from the Fabrikam domain and exclude all other users. | `/ue:* /ui:fabrikam\user2` | +| Include only the local user named User1 and exclude all other users. | `/ue:* /ui:user1` | +| Include only the domain users from Contoso, except Contoso\User1. | This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
  • Using the **ScanState** command-line tool, type: `/ue:* /ui:contoso`
  • Using the **LoadState** command-line tool, type: `/ue:contoso\user1`
| +| Include only local (non-domain) users. | `/ue: /ui:%computername%*` | ## Incompatible Command-Line Options - The following table indicates which command-line options are not compatible with the **LoadState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line Option/keyfile/nocompress/genconfig/all

/i

/v

/nocompress

N/A

X

/key

X

X

/decrypt

Required*

X

X

/keyfile

N/A

X

/l

/progress

X

/r

X

/w

X

/c

X

/p

X

N/A

/all

X

/ui

X

X

/ue

X

X

/uel

X

X

/genconfig

N/A

/config

X

StorePath

/md

/mu

/lae

/lac

- - +| Command-Line Option | /keyfile | /nocompress | /genconfig | /all | +|--- |--- |--- |--- |--- | +| **/i** | | | | | +| **/v** | | | | | +| **/nocompress** | | N/A | X | | +| **/key** | X | | X | | +| **/decrypt** | Required* | X | X | | +| **/keyfile** | N/A | | X | | +| **/l** | | | | | +| **/progress** | | | X | | +| **/r** | | | X | | +| **/w** | | | X | | +| **/c** | | | X | | +| **/p** | | | X | N/A | +| **/all** | | | X | | +| **/ui** | | | X | X | +| **/ue** | | | X | X | +| **/uel** | | | X | X | +| **/genconfig** | | | N/A | | +| **/config** | | | X | | +| *StorePath* | | | | | +| **/md** | | | | | +| **/mu** | | | | | +| **/lae** | | | | | +| **/lac** | | | | | **Note** You must specify either the **/key** or **/keyfile** option with the **/encrypt** option. - - ## Related topics - [XML Elements Library](usmt-xml-elements-library.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md index 63fcf4af6f..6d04172e2d 100644 --- a/windows/deployment/usmt/usmt-log-files.md +++ b/windows/deployment/usmt/usmt-log-files.md @@ -16,7 +16,6 @@ ms.topic: article # Log Files - You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue. [Log Command-Line Options](#bkmk-commandlineoptions) @@ -31,66 +30,25 @@ You can use User State Migration Tool (USMT) 10.0 logs to monitor your migratio ## Log Command-Line Options - The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command line OptionFile NameDescription

/l[Path]FileName

Scanstate.log or LoadState.log

Specifies the path and file name of the ScanState.log or LoadState log.

/progress[Path]FileName

Specifies the path and file name of the Progress log.

Provides information about the status of the migration, by percentage complete.

/v[VerbosityLevel]

Not applicable

See the "Monitoring Options" section in ScanState Syntax.

/listfiles[Path]FileName

Specifies the path and file name of the Listfiles log.

Provides a list of the files that were migrated.

Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.

USMTDiag.xml

The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.

- - +|Command line Option|File Name|Description| +|--- |--- |--- | +|**/l** *[Path]FileName*|Scanstate.log or LoadState.log|Specifies the path and file name of the ScanState.log or LoadState log.| +|**/progress** *[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.| +|**/v** *[VerbosityLevel]*|Not applicable|See the "Monitoring Options" section in [ScanState Syntax](usmt-scanstate-syntax.md).| +|**/listfiles** *[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.| +|Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.|USMTDiag.xml|The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.| **Note**   You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run. - - ## ScanState and LoadState Logs - ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in [ScanState Syntax](usmt-scanstate-syntax.md). ## Progress Log - You can create a progress log using the **/progress** option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows: - **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006. @@ -101,137 +59,34 @@ You can create a progress log using the **/progress** option. External tools, su The remaining fields are key/value pairs as indicated in the following table. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
KeyValue

program

ScanState.exe or LoadState.exe.

productVersion

The full product version number of USMT.

computerName

The name of the source or destination computer on which USMT was run.

commandLine

The full command used to run USMT.

PHASE

Reports that a new phase in the migration is starting. This can be one of the following:

-
    -

  • Initializing

    • -

  • Scanning

    • -

  • Collecting

    • -

  • Saving

    • -

  • Estimating

    • -

  • Applying

    • -

detectedUser

    -

  • For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.

    • -

  • For the LoadState tool, these are the users USMT detected in the store that can be migrated.

    • -

includedInMigration

Defines whether the user profile/component is included for migration. Valid values are Yes or No.

forUser

Specifies either of the following:

-
    -

  • The user state being migrated.

    • -

  • This Computer, meaning files and settings that are not associated with a user.

    • -

detectedComponent

Specifies a component detected by USMT.

-
    -

  • For ScanState, this is a component or application that is installed on the source computer.

    • -

  • For LoadState, this is a component or application that was detected in the store.

    • -

totalSizeInMBToTransfer

Total size of the files and settings to migrate in megabytes (MB).

totalPercentageCompleted

Total percentage of the migration that has been completed by either ScanState or LoadState.

collectingUser

Specifies which user ScanState is collecting files and settings for.

totalMinutesRemaining

Time estimate, in minutes, for the migration to complete.

error

Type of non-fatal error that occurred. This can be one of the following:

-
    -

  • UnableToCopy: Unable to copy to store because the disk on which the store is located is full.

    • -

  • UnableToOpen: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.

    • -

  • UnableToCopyCatalog: Unable to copy because the store is corrupted.

    • -

  • UnableToAccessDevice: Unable to access the device.

    • -

  • UnableToApply: Unable to apply the setting to the destination computer.

    • -

objectName

The name of the file or setting that caused the non-fatal error.

action

Action taken by USMT for the non-fatal error. The values are:

-
    -

  • Ignore: Non-fatal error ignored and the migration continued because the /c option was specified on the command line.

    • -

  • Abort: Stopped the migration because the /c option was not specified.

    • -

errorCode

The errorCode or return value.

numberOfIgnoredErrors

The total number of non-fatal errors that USMT ignored.

message

The message corresponding to the errorCode.

- - +| Key | Value | +|-----|-------| +| program | ScanState.exe or LoadState.exe. | +| productVersion | The full product version number of USMT. | +| computerName | The name of the source or destination computer on which USMT was run. | +| commandLine | The full command used to run USMT. | +| PHASE | Reports that a new phase in the migration is starting. This can be one of the following:
  • Initializing
  • Scanning
  • Collecting
  • Saving
  • Estimating
  • Applying
| +| detectedUser |
  • For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.
  • For the LoadState tool, these are the users USMT detected in the store that can be migrated.
| +| includedInMigration | Defines whether the user profile/component is included for migration. Valid values are Yes or No. | +| forUser | Specifies either of the following:
  • The user state being migrated.
  • *This Computer*, meaning files and settings that are not associated with a user.
| +| detectedComponent | Specifies a component detected by USMT.
  • For ScanState, this is a component or application that is installed on the source computer.
  • For LoadState, this is a component or application that was detected in the store.
| +| totalSizeInMBToTransfer | Total size of the files and settings to migrate in megabytes (MB). | +| totalPercentageCompleted | Total percentage of the migration that has been completed by either ScanState or LoadState. | +| collectingUser | Specifies which user ScanState is collecting files and settings for. | +| totalMinutesRemaining | Time estimate, in minutes, for the migration to complete. | +| error | Type of non-fatal error that occurred. This can be one of the following:
  • **UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.
  • **UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.
  • **UnableToCopyCatalog**: Unable to copy because the store is corrupted.
  • **UnableToAccessDevice**: Unable to access the device.
  • **UnableToApply**: Unable to apply the setting to the destination computer.
| +| objectName | The name of the file or setting that caused the non-fatal error. | +| action | Action taken by USMT for the non-fatal error. The values are:
  • **Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.
  • **Abort**: Stopped the migration because the **/c** option was not specified.
| +| errorCode | The errorCode or return value. | +| numberOfIgnoredErrors | The total number of non-fatal errors that USMT ignored. | +| message | The message corresponding to the errorCode. | ## List Files Log - The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe. ## Diagnostic Log - You can obtain the diagnostic log by setting the environment variable MIG\_ENABLE\_DIAG to a path to an XML file. The diagnostic log contains: @@ -244,7 +99,6 @@ The diagnostic log contains: ## Using the Diagnostic Log - The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files. The following examples describe common scenarios in which you can use the diagnostic log. diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md index c10a7ba4f3..6ba4824bdc 100644 --- a/windows/deployment/usmt/usmt-migration-store-encryption.md +++ b/windows/deployment/usmt/usmt-migration-store-encryption.md @@ -16,62 +16,24 @@ ms.topic: article # Migration Store Encryption - This topic discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration. ## USMT Encryption Options - USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data. The encryption algorithm you choose must be specified for both the **ScanState** and the **LoadState** commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the **ScanState** and the **LoadState** command lines by using the **/encrypt**:*"encryptionstrength"* and the **/decrypt**:*"encryptionstrength"* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the Usmtutils.exe file to determine which encryption algorithms are available to the computers' locales before you begin the migration. The following table describes the command-line encryption options in USMT. - ----- - - - - - - - - - - - - - - - - - - - -
ComponentOptionDescription

ScanState

/encrypt<AES, AES_128, AES_192, AES_256, 3DES, 3DES_112>

This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the ScanState tool employs the 3DES algorithm.

LoadState

/decrypt<AES, AES_128, AES_192, AES_256, 3DES, 3DES_112>

This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the LoadState tool employs the 3DES algorithm.

- - +|Component|Option|Description| +|--- |--- |--- | +|**ScanState**|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the **ScanState** tool employs the 3DES algorithm.| +|**LoadState**|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the **LoadState** tool employs the 3DES algorithm.| **Important**   Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md) - - ## Related topics - [Plan Your Migration](usmt-plan-your-migration.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md index 7ea0c4d341..3090fc7efd 100644 --- a/windows/deployment/usmt/usmt-plan-your-migration.md +++ b/windows/deployment/usmt/usmt-plan-your-migration.md @@ -16,7 +16,6 @@ ms.topic: article # Plan Your Migration - Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure. In migration planning, both organizations and individuals must first identify what to migrate, including user settings, applications and application settings, and personal data files and folders. Identifying the applications to migrate is especially important so that you can avoid capturing data about applications that may be phased out. @@ -25,48 +24,14 @@ One of the most important requirements for migrating settings and data is restor ## In This Section - - ---- - - - - - - - - - - - - - - - - - - - - - - -

Common Migration Scenarios

Determine whether you will perform a refresh migration or a replace migration.

What Does USMT Migrate?

Learn which applications, user data, and operating system components USMT migrates.

Choose a Migration Store Type

Choose an uncompressed, compressed, or hard-link migration store.

Determine What to Migrate

Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.

Test Your Migration

Test your migration before you deploy Windows to all users.

- - +| Link | Description | +|--- |--- | +|[Common Migration Scenarios](usmt-common-migration-scenarios.md)|Determine whether you will perform a refresh migration or a replace migration.| +|[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)|Learn which applications, user data, and operating system components USMT migrates.| +|[Choose a Migration Store Type](usmt-choose-migration-store-type.md)|Choose an uncompressed, compressed, or hard-link migration store.| +|[Determine What to Migrate](usmt-determine-what-to-migrate.md)|Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.| +|[Test Your Migration](usmt-test-your-migration.md)|Test your migration before you deploy Windows to all users.| ## Related topics - [USMT XML Reference](usmt-xml-reference.md) - - - - - - - - - diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md index dfb923bbd4..a1d7c3eed7 100644 --- a/windows/deployment/usmt/usmt-recognized-environment-variables.md +++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md @@ -31,441 +31,112 @@ When using the XML files MigDocs.xml, MigApp.xml, and MigUser.xml, you can use e You can use these variables within sections in the .xml files with `context=UserAndSystem`, `context=User`, and `context=System`. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VariableExplanation

ALLUSERSAPPDATA

Same as CSIDL_COMMON_APPDATA.

ALLUSERSPROFILE

Refers to %PROFILESFOLDER%\Public or %PROFILESFOLDER%\all users.

COMMONPROGRAMFILES

Same as CSIDL_PROGRAM_FILES_COMMON.

COMMONPROGRAMFILES(X86)

Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.

CSIDL_COMMON_ADMINTOOLS

Version 10.0. The file-system directory that contains administrative tools for all users of the computer.

CSIDL_COMMON_ALTSTARTUP

The file-system directory that corresponds to the non-localized Startup program group for all users.

CSIDL_COMMON_APPDATA

The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.

CSIDL_COMMON_DESKTOPDIRECTORY

The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.

CSIDL_COMMON_DOCUMENTS

The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.

CSIDL_COMMON_FAVORITES

The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.

CSIDL_COMMON_MUSIC

The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.

CSIDL_COMMON_PICTURES

The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.

CSIDL_COMMON_PROGRAMS

The file-system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.

CSIDL_COMMON_STARTMENU

The file-system directory that contains the programs and folders which appear on the Start menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.

CSIDL_COMMON_STARTUP

The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.

CSIDL_COMMON_TEMPLATES

The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.

CSIDL_COMMON_VIDEO

The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.

CSIDL_DEFAULT_APPDATA

Refers to the Appdata folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_LOCAL_APPDATA

Refers to the local Appdata folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_COOKIES

Refers to the Cookies folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_CONTACTS

Refers to the Contacts folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_DESKTOP

Refers to the Desktop folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_DOWNLOADS

Refers to the Downloads folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_FAVORITES

Refers to the Favorites folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_HISTORY

Refers to the History folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_INTERNET_CACHE

Refers to the Internet Cache folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_PERSONAL

Refers to the Personal folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_MYDOCUMENTS

Refers to the My Documents folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_MYPICTURES

Refers to the My Pictures folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_MYMUSIC

Refers to the My Music folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_MYVIDEO

Refers to the My Videos folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_RECENT

Refers to the Recent folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_SENDTO

Refers to the Send To folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_STARTMENU

Refers to the Start Menu folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_PROGRAMS

Refers to the Programs folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_STARTUP

Refers to the Startup folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_TEMPLATES

Refers to the Templates folder inside %DEFAULTUSERPROFILE%.

CSIDL_DEFAULT_QUICKLAUNCH

Refers to the Quick Launch folder inside %DEFAULTUSERPROFILE%.

CSIDL_FONTS

A virtual folder containing fonts. A typical path is C:\Windows\Fonts.

CSIDL_PROGRAM_FILESX86

The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).

CSIDL_PROGRAM_FILES_COMMONX86

A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.

CSIDL_PROGRAM_FILES

The Program Files folder. A typical path is C:\Program Files.

CSIDL_PROGRAM_FILES_COMMON

A folder for components that are shared across applications. A typical path is C:\Program Files\Common.

CSIDL_RESOURCES

The file-system directory that contains resource data. A typical path is C:\Windows\Resources.

CSIDL_SYSTEM

The Windows System folder. A typical path is C:\Windows\System32.

CSIDL_WINDOWS

The Windows directory or system root. This corresponds to the %WINDIR% or %SYSTEMROOT% environment variables. A typical path is C:\Windows.

DEFAULTUSERPROFILE

Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile].

PROFILESFOLDER

Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory].

PROGRAMFILES

Same as CSIDL_PROGRAM_FILES.

PROGRAMFILES(X86)

Refers to the C:\Program Files (x86) folder on 64-bit systems.

SYSTEM

Refers to %WINDIR%\system32.

SYSTEM16

Refers to %WINDIR%\system.

SYSTEM32

Refers to %WINDIR%\system32.

SYSTEMPROFILE

Refers to the value in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath].

SYSTEMROOT

Refers to the root of the system drive.

WINDIR

Refers to the Windows folder located on the system drive.

- -  +|Variable|Explanation| +|--- |--- | +|**ALLUSERSAPPDATA**|Same as **CSIDL_COMMON_APPDATA**.| +|**ALLUSERSPROFILE**|Refers to %**PROFILESFOLDER**%\Public or %**PROFILESFOLDER**%\all users.| +|**COMMONPROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES_COMMON**.| +|**COMMONPROGRAMFILES**(X86)|Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.| +|**CSIDL_COMMON_ADMINTOOLS**|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.| +|**CSIDL_COMMON_ALTSTARTUP**|The file-system directory that corresponds to the non-localized Startup program group for all users.| +|**CSIDL_COMMON_APPDATA**|The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.| +|**CSIDL_COMMON_DESKTOPDIRECTORY**|The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.| +|**CSIDL_COMMON_DOCUMENTS**|The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.| +|**CSIDL_COMMON_FAVORITES**|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.| +|**CSIDL_COMMON_MUSIC**|The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.| +|**CSIDL_COMMON_PICTURES**|The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.| +|**CSIDL_COMMON_PROGRAMS**|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.| +|**CSIDL_COMMON_STARTMENU**|The file-system directory that contains the programs and folders which appear on the **Start** menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.| +|**CSIDL_COMMON_STARTUP**|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.| +|**CSIDL_COMMON_TEMPLATES**|The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.| +|**CSIDL_COMMON_VIDEO**|The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.| +|**CSIDL_DEFAULT_APPDATA**|Refers to the Appdata folder inside %**DEFAULTUSERPROFILE**%.| +|C**SIDL_DEFAULT_LOCAL_APPDATA**|Refers to the local Appdata folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_COOKIES**|Refers to the Cookies folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_CONTACTS**|Refers to the Contacts folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_DESKTOP**|Refers to the Desktop folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_DOWNLOADS**|Refers to the Downloads folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_FAVORITES**|Refers to the Favorites folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_HISTORY**|Refers to the History folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_INTERNET_CACHE**|Refers to the Internet Cache folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_PERSONAL**|Refers to the Personal folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_MYDOCUMENTS**|Refers to the My Documents folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_MYPICTURES**|Refers to the My Pictures folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_MYMUSIC**|Refers to the My Music folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_MYVIDEO**|Refers to the My Videos folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_RECENT**|Refers to the Recent folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_SENDTO**|Refers to the Send To folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_STARTMENU**|Refers to the Start Menu folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_PROGRAMS**|Refers to the Programs folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_STARTUP**|Refers to the Startup folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_TEMPLATES**|Refers to the Templates folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_DEFAULT_QUICKLAUNCH**|Refers to the Quick Launch folder inside %**DEFAULTUSERPROFILE**%.| +|**CSIDL_FONTS**|A virtual folder containing fonts. A typical path is C:\Windows\Fonts.| +|**CSIDL_PROGRAM_FILESX86**|The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).| +|**CSIDL_PROGRAM_FILES_COMMONX86**|A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.| +|**CSIDL_PROGRAM_FILES**|The Program Files folder. A typical path is C:\Program Files.| +|**CSIDL_PROGRAM_FILES_COMMON**|A folder for components that are shared across applications. A typical path is C:\Program Files\Common.| +|**CSIDL_RESOURCES**|The file-system directory that contains resource data. A typical path is C:\Windows\Resources.| +|**CSIDL_SYSTEM**|The Windows System folder. A typical path is C:\Windows\System32.| +|**CSIDL_WINDOWS**|The Windows directory or system root. This corresponds to the %**WINDIR**% or %**SYSTEMROOT**% environment variables. A typical path is C:\Windows.| +|**DEFAULTUSERPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]**.| +|**PROFILESFOLDER**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]**.| +|**PROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES**.| +|**PROGRAMFILES(X86)**|Refers to the C:\Program Files (x86) folder on 64-bit systems.| +|**SYSTEM**|Refers to %**WINDIR**%\system32.| +|**SYSTEM16**|Refers to %**WINDIR**%\system.| +|**SYSTEM32**|Refers to %**WINDIR**%\system32.| +|**SYSTEMPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]**.| +|**SYSTEMROOT**|Refers to the root of the system drive.| +|**WINDIR**|Refers to the Windows folder located on the system drive.| ## Variables that are recognized only in the user context - You can use these variables in the .xml files within sections with `context=User` and `context=UserAndSystem`. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
VariableExplanation

APPDATA

Same as CSIDL_APPDATA.

CSIDL_ADMINTOOLS

The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.

CSIDL_ALTSTARTUP

The file-system directory that corresponds to the user's non-localized Startup program group.

CSIDL_APPDATA

The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.

CSIDL_BITBUCKET

The virtual folder that contains the objects in the user's Recycle Bin.

CSIDL_CDBURN_AREA

The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.

CSIDL_CONNECTIONS

The virtual folder representing Network Connections that contains network and dial-up connections.

CSIDL_CONTACTS

This refers to the Contacts folder in %CSIDL_PROFILE%.

CSIDL_CONTROLS

The virtual folder that contains icons for the Control Panel items.

CSIDL_COOKIES

The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.

CSIDL_DESKTOP

The virtual folder representing the Windows desktop.

CSIDL_DESKTOPDIRECTORY

The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.

CSIDL_DRIVES

The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.

CSIDL_FAVORITES

The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.

CSIDL_HISTORY

The file-system directory that serves as a common repository for Internet history items.

CSIDL_INTERNET

A virtual folder for Internet Explorer.

CSIDL_INTERNET_CACHE

The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files

CSIDL_LOCAL_APPDATA

The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.

CSIDL_MYDOCUMENTS

The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.

CSIDL_MYMUSIC

The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.

CSIDL_MYPICTURES

The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.

CSIDL_MYVIDEO

The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.

CSIDL_NETHOOD

A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.

CSIDL_NETWORK

A virtual folder representing My Network Places, the root of the network namespace hierarchy.

CSIDL_PERSONAL

The virtual folder representing the My Documents desktop item. This is equivalent to CSIDL_MYDOCUMENTS.

-

A typical path is C:\Documents and Settings\username\My Documents.

CSIDL_PLAYLISTS

The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.

CSIDL_PRINTERS

The virtual folder that contains installed printers.

CSIDL_PRINTHOOD

The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.

CSIDL_PROFILE

The user's profile folder. A typical path is C:\Users\Username.

CSIDL_PROGRAMS

The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.

CSIDL_RECENT

The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.

CSIDL_SENDTO

The file-system directory that contains Send To menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.

CSIDL_STARTMENU

The file-system directory that contains Start menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.

CSIDL_STARTUP

The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.

CSIDL_TEMPLATES

The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.

HOMEPATH

Same as the standard environment variable.

TEMP

The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.

TMP

The temporary folder on the computer. A typical path is %USERPROFILE%\AppData\Local\Temp.

USERPROFILE

Same as CSIDL_PROFILE.

USERSID

Represents the current user-account security identifier (SID). For example,

-

S-1-5-21-1714567821-1326601894-715345443-1026.

- -  +|Variable|Explanation| +|--- |--- | +|**APPDATA**|Same as **CSIDL_APPDATA**.| +|**CSIDL_ADMINTOOLS**|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.| +|**CSIDL_ALTSTARTUP**|The file-system directory that corresponds to the user's non-localized Startup program group.| +|**CSIDL_APPDATA**|The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.| +|**CSIDL_BITBUCKET**|The virtual folder that contains the objects in the user's Recycle Bin.| +|**CSIDL_CDBURN_AREA**|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.| +|**CSIDL_CONNECTIONS**|The virtual folder representing Network Connections that contains network and dial-up connections.| +|**CSIDL_CONTACTS**|This refers to the Contacts folder in %**CSIDL_PROFILE**%.| +|**CSIDL_CONTROLS**|The virtual folder that contains icons for the Control Panel items.| +|**CSIDL_COOKIES**|The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.| +|**CSIDL_DESKTOP**|The virtual folder representing the Windows desktop.| +|**CSIDL_DESKTOPDIRECTORY**|The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.| +|**CSIDL_DRIVES**|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.| +|**CSIDL_FAVORITES**|The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.| +|**CSIDL_HISTORY**|The file-system directory that serves as a common repository for Internet history items.| +|**CSIDL_INTERNET**|A virtual folder for Internet Explorer.| +|**CSIDL_INTERNET_CACHE**|The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files| +|**CSIDL_LOCAL_APPDATA**|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.| +|**CSIDL_MYDOCUMENTS**|The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.| +|**CSIDL_MYMUSIC**|The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.| +|**CSIDL_MYPICTURES**|The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.| +|**CSIDL_MYVIDEO**|The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.| +|**CSIDL_NETHOOD**|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.| +|**CSIDL_NETWORK**|A virtual folder representing My Network Places, the root of the network namespace hierarchy.| +|**CSIDL_PERSONAL**|The virtual folder representing the My Documents desktop item. This is equivalent to **CSIDL_MYDOCUMENTS**.
A typical path is C:\Documents and Settings\username\My Documents.| +|**CSIDL_PLAYLISTS**|The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.| +|**CSIDL_PRINTERS**|The virtual folder that contains installed printers.| +|**CSIDL_PRINTHOOD**|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.| +|**CSIDL_PROFILE**|The user's profile folder. A typical path is C:\Users\Username.| +|**CSIDL_PROGRAMS**|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.| +|**CSIDL_RECENT**|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.| +|**CSIDL_SENDTO**|The file-system directory that contains **Send To** menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.| +|**CSIDL_STARTMENU**|The file-system directory that contains **Start** menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.| +|**CSIDL_STARTUP**|The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.| +|**CSIDL_TEMPLATES**|The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.| +|**HOMEPATH**|Same as the standard environment variable.| +|**TEMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.| +|**TMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.| +|**USERPROFILE**|Same as **CSIDL_PROFILE**.| +|**USERSID**|Represents the current user-account security identifier (SID). For example,
S-1-5-21-1714567821-1326601894-715345443-1026.| ## Related topics - [USMT XML Reference](usmt-xml-reference.md) - -  - -  - - - - - diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md index 7e00f19577..a24a5da4cd 100644 --- a/windows/deployment/usmt/usmt-reference.md +++ b/windows/deployment/usmt/usmt-reference.md @@ -16,63 +16,22 @@ ms.topic: article # User State Migration Toolkit (USMT) Reference - ## In This Section - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

USMT Requirements

Describes operating system, hardware, and software requirements, and user prerequisites.

USMT Best Practices

Discusses general and security-related best practices when using USMT.

How USMT Works

Learn about the processes behind the ScanState and LoadState tools.

Plan Your Migration

Choose what to migrate and the best migration scenario for your enterprise.

User State Migration Tool (USMT) Command-line Syntax

Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.

USMT XML Reference

Learn about customizing a migration with XML files.

Offline Migration Reference

Find requirements, best practices, and other considerations for performing a migration offline.

- - +| Link | Description | +|--- |--- | +|[USMT Requirements](usmt-requirements.md)|Describes operating system, hardware, and software requirements, and user prerequisites.| +|[USMT Best Practices](usmt-best-practices.md)|Discusses general and security-related best practices when using USMT.| +|[How USMT Works](usmt-how-it-works.md)|Learn about the processes behind the ScanState and LoadState tools.| +|[Plan Your Migration](usmt-plan-your-migration.md)|Choose what to migrate and the best migration scenario for your enterprise.| +|[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)|Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.| +|[USMT XML Reference](usmt-xml-reference.md)|Learn about customizing a migration with XML files.| +|[Offline Migration Reference](offline-migration-reference.md)|Find requirements, best practices, and other considerations for performing a migration offline.| ## Related topics - [User State Migration Tool (USMT) Overview Topics](usmt-topics.md) [User State Migration Tool (USMT) How-to topics](usmt-how-to.md) [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) - - - - - - - - - From dc50e22356473738f7fef3ff868da379781e9dd1 Mon Sep 17 00:00:00 2001 From: Benzy Dharmanayagam Date: Wed, 24 Nov 2021 18:51:20 +0530 Subject: [PATCH 13/74] Fixed warnings --- .../usmt/understanding-migration-xml-files.md | 21 ++++++++----------- .../usmt/usmt-hard-link-migration-store.md | 12 +++++------ 2 files changed, 15 insertions(+), 18 deletions(-) diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index 22512f33e0..cc32fdd543 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -16,7 +16,7 @@ ms.topic: article # Understanding Migration XML Files -You can modify the behavior of a basic User State Migration Tool (USMT)10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. +You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration. This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer. @@ -48,7 +48,7 @@ This topic provides an overview of the default and custom migration XML files an ## Overview of the Config.xml file -The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used in conjunction with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). +The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md). **Note**   When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files. @@ -58,7 +58,7 @@ When modifying the XML elements in the Config.xml file, you should edit an eleme The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). **Important**   -The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. See the [Sample migration rules for customized versions of XML files](#bkmk-samples) section of this document for more information about migrating .pst files that are not linked to Outlook. +The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see the [Sample migration rules for customized versions of XML files](#bkmk-samples). ## Overview of the MigDocs.xml file @@ -132,11 +132,11 @@ You can also use the **/genmigxml** option with the ScanState tool to review and ## Overview of the MigUser.xml file -The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, as well as any files on the computer with the specified file name extensions. +The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions. The default MigUser.xml file migrates the following: -- All files from the standard user-profile folders which are described as: +- All files from the standard user-profile folders, which are described as: - CSIDL\_MYVIDEO @@ -156,7 +156,7 @@ The default MigUser.xml file migrates the following: - Files with the following extensions: - .qdf, .qsd, .qel, .qph, .doc\*, .dot\*, .rtf, .mcw, .wps, .scd, .wri, .wpd, .xl\*, .csv, .iqy, .dqy, .oqy, .rqy, .wk\*, .wq1, .slk, .dif, .ppt\*, .pps\*, .pot\*, .sh3, .ch3, .pre, .ppa, .txt, .pst, .one\*, .vl\*, .vsd, .mpp, .or6, .accdb, .mdb, .pub + `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc\*`, `.dot\*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl\*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk\*`, `.wq1`, `.slk`, `.dif`, `.ppt\*`, `.pps\*`, `.pot\*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one\*`, `.vl\*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub` The default MigUser.xml file does not migrate the following: @@ -171,13 +171,10 @@ The default MigUser.xml file does not migrate the following: You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. **Note**   -Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than three hundred file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. - - +Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. ## Using multiple XML files - You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with additional migration rules. |XML migration file|Modifies the following components:| @@ -339,12 +336,12 @@ For best practices and requirements for customized XML files in USMT, see [Custo In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are: -||| +| Rule | Syntax | |--- |--- | |Rule 1|
<pattern type="File">d:\new folder[new text document.txt]</pattern>
| |Rule 2|
<pattern type="File">d:\new folder[]</pattern>
| -To exclude the new text document.txt file as well as any .txt files in "new folder", you can do the following: +To exclude the new text document.txt file and any .txt files in "new folder", you can do the following: **Example 1: Exclude all .txt files in a folder** diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 3da4429962..cc22a6eb2f 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -16,7 +16,7 @@ ms.topic: article # Hard-Link Migration Store -A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs and enables entirely new migration scenarios. +A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. ## In this topic @@ -54,7 +54,7 @@ You cannot use a hard-link migration store if your planned migration includes an - You are migrating data from one computer to a second computer. -- You are migrating data from one volume on a computer to another volume, for example from C: to D:. +- You are migrating data from one volume on a computer to another volume, for example from `C:` to `D:`. - You are formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store. @@ -67,7 +67,7 @@ When you create a hard link, you give an existing file an additional path. For i **Note**   A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. -For more information about hard links, please see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions) +For more information about hard links, see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions) In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place. @@ -109,11 +109,11 @@ This section provides details about hard-link migration stores. ### Hard Disk Space -The **/hardlink** command-line option proceeds with creating the migration store only if there is 250 megabytes (MB) of free space on the hard disk. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. +The **/hardlink** command-line option proceeds with creating the migration store only if there are 250 megabytes (MB) of free space on the hard disk. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration. ### Hard-Link Store Size Estimation -It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is very large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. +It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual. ### Migration Store Path on Multiple Volumes @@ -147,7 +147,7 @@ Files that are locked by an application or the operating system are handled diff Files that are locked by the operating system cannot remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you do not migrate any files out of the \\Windows directory, which minimizes performance-related issues. -Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used in conjunction with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the Config.xml file, it is possible to enable the migration of files locked by an application. +Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used with hard-link migrations. However, by modifying the new **<HardLinkStoreControl>** section in the Config.xml file, it is possible to enable the migration of files locked by an application. **Important**   There are some scenarios in which modifying the **<HardLinkStoreControl>** section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart. From 216785c5e4ae3d9cf4e931d2890ead4cd1579067 Mon Sep 17 00:00:00 2001 From: Benzy Dharmanayagam Date: Thu, 25 Nov 2021 20:25:23 +0530 Subject: [PATCH 14/74] Updated-5548201-Batch-21 --- windows/deployment/usmt/usmt-requirements.md | 71 +- windows/deployment/usmt/usmt-return-codes.md | 817 +----- .../deployment/usmt/usmt-scanstate-syntax.md | 796 +----- .../deployment/usmt/usmt-troubleshooting.md | 49 +- windows/deployment/usmt/usmt-utilities.md | 286 +- .../usmt/usmt-what-does-usmt-migrate.md | 265 +- .../usmt/usmt-xml-elements-library.md | 2418 ++--------------- windows/deployment/usmt/usmt-xml-reference.md | 68 +- 8 files changed, 552 insertions(+), 4218 deletions(-) diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md index 9134680979..3c580ae40f 100644 --- a/windows/deployment/usmt/usmt-requirements.md +++ b/windows/deployment/usmt/usmt-requirements.md @@ -16,10 +16,8 @@ ms.topic: article # USMT Requirements - ## In This Topic - - [Supported Operating Systems](#bkmk-1) - [Windows PE](#windows-pe) - [Credentials](#credentials) @@ -30,60 +28,18 @@ ms.topic: article ## Supported Operating Systems - The User State Migration Tool (USMT) 10.0 does not have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings. The following table lists the operating systems supported in USMT. - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Operating SystemsScanState (source computer)LoadState (destination computer)

32-bit versions of Windows 7

X

X

64-bit versions of Windows 7

X

X

32-bit versions of Windows 8

X

X

64-bit versions of Windows 8

X

X

32-bit versions of Windows 10

X

X

64-bit versions of Windows 10

X

X

- - +|Operating Systems|ScanState (source computer)|LoadState (destination computer)| +|--- |--- |--- | +|32-bit versions of Windows 7|X|X| +|64-bit versions of Windows 7|X|X| +|32-bit versions of Windows 8|X|X| +|64-bit versions of Windows 8|X|X| +|32-bit versions of Windows 10|X|X| +|64-bit versions of Windows 10|X|X| **Note**   You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system. @@ -100,7 +56,7 @@ For more information about previous releases of the USMT tools, see [User State ## Credentials - **Run as administrator** - When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8 or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration. + When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8, or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration. To open an elevated command prompt: @@ -119,11 +75,10 @@ You must run USMT using an account with full administrative permissions, includi - SeSecurityPrivilege (Manage auditing and security log) - SeTakeOwnership Privilege (Take ownership of files or other objects) - ## Config.xml - **Specify the /c option and <ErrorControl> settings in the Config.xml file.**
- USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md). + USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **<ErrorControl>** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md). ## LoadState @@ -132,12 +87,10 @@ You must run USMT using an account with full administrative permissions, includi ## Hard-Disk Requirements - Ensure that there is enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). ## User Prerequisites - This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following: - The navigation and hierarchy of the Windows registry. @@ -147,10 +100,6 @@ This documentation assumes that IT professionals using USMT understand command-l ## Related topics - [Plan Your Migration](usmt-plan-your-migration.md)
[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)
[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
- - - diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md index 44089d6d19..5e567af8e5 100644 --- a/windows/deployment/usmt/usmt-return-codes.md +++ b/windows/deployment/usmt/usmt-return-codes.md @@ -16,14 +16,12 @@ ms.topic: article # Return Codes - This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error. Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md). ## In This Topic - [USMT Return Codes](#bkmk-returncodes) [USMT Error Messages](#bkmk-errormessages) @@ -32,7 +30,6 @@ Understanding the requirements for running USMT can help minimize errors in your ## USMT Return Codes - If you encounter an error in your USMT migration, you can use return codes and the more specific information provided in the associated USMT error messages to troubleshoot the issue and to identify mitigation steps. Return codes are grouped into the following broad categories that describe their area of error reporting: @@ -51,731 +48,117 @@ As a best practice, we recommend that you set verbosity level to 5, **/v**:5 ## USMT Error Messages - Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received. You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](/windows/win32/debug/system-error-codes--0-499-). ## Troubleshooting Return Codes and Error Messages - The following table lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Return code valueReturn codeError messageTroubleshooting, mitigation, workaroundsCategory

0

USMT_SUCCESS

Successful run

Not applicable

Success or Cancel

1

USMT_DISPLAY_HELP

Command line help requested

Not applicable

Success or Cancel

2

USMT_STATUS_CANCELED

Gather was aborted because of an EFS file

Not applicable

User chose to cancel (such as pressing CTRL+C)

Not applicable

Success or Cancel

3

USMT_WOULD_HAVE_FAILED

At least one error was skipped as a result of /c

Review ScanState, LoadState, or UsmtUtils log for details about command-line errors.

11

USMT_INVALID_PARAMETERS

/all conflicts with /ui, /ue or /uel

Review ScanState log or LoadState log for details about command-line errors.

/auto expects an optional parameter for the script folder

Review ScanState log or LoadState log for details about command-line errors.

/encrypt can't be used with /nocompress

Review ScanState log or LoadState log for details about command-line errors.

/encrypt requires /key or /keyfile

Review ScanState log or LoadState log for details about command-line errors.

/genconfig can't be used with most other options

Review ScanState log or LoadState log for details about command-line errors.

/genmigxml can't be used with most other options

Review ScanState log or LoadState log for details about command-line errors.

/hardlink requires /nocompress

Review ScanState log or LoadState log for details about command-line errors.

/key and /keyfile both specified

Review ScanState log or LoadState log for details about command-line errors.

/key or /keyfile used without enabling encryption

Review ScanState log or LoadState log for details about command-line errors.

/lae is only used with /lac

Review ScanState log or LoadState log for details about command-line errors.

/listfiles cannot be used with /p

Review ScanState log or LoadState log for details about command-line errors.

/offline requires a valid path to an XML file describing offline paths

Review ScanState log or LoadState log for details about command-line errors.

/offlinewindir requires a valid path to offline windows folder

Review ScanState log or LoadState log for details about command-line errors.

/offlinewinold requires a valid path to offline windows folder

Review ScanState log or LoadState log for details about command-line errors.

A command was already specified

Verify that the command-line syntax is correct and that there are no duplicate commands.

An option argument is missing

Review ScanState log or LoadState log for details about command-line errors.

An option is specified more than once and is ambiguous

Review ScanState log or LoadState log for details about command-line errors.

By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.

Review ScanState log or LoadState log for details about command-line errors.

Command line arguments are required. Specify /? for options.

Review ScanState log or LoadState log for details about command-line errors.

Command line option is not valid

Review ScanState log or LoadState log for details about command-line errors.

EFS parameter specified is not valid for /efs

Review ScanState log or LoadState log for details about command-line errors.

File argument is invalid for /genconfig

Review ScanState log or LoadState log for details about command-line errors.

File argument is invalid for /genmigxml

Review ScanState log or LoadState log for details about command-line errors.

Invalid space estimate path. Check the parameters and/or file system permissions

Review ScanState log or LoadState log for details about command-line errors.

List file path argument is invalid for /listfiles

Review ScanState log or LoadState log for details about command-line errors.

Retry argument must be an integer

Review ScanState log or LoadState log for details about command-line errors.

Settings store argument specified is invalid

Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.

Specified encryption algorithm is not supported

Review ScanState log or LoadState log for details about command-line errors.

The /efs:hardlink requires /hardlink

Review ScanState log or LoadState log for details about command-line errors.

The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7

Review ScanState log or LoadState log for details about command-line errors.

The store parameter is required but not specified

Review ScanState log or LoadState log for details about command-line errors.

The source-to-target domain mapping is invalid for /md

Review ScanState log or LoadState log for details about command-line errors.

The source-to-target user account mapping is invalid for /mu

Review ScanState log or LoadState log for details about command-line errors.

Undefined or incomplete command line option

Review ScanState log or LoadState log for details about command-line errors.

Invalid Command Lines

Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate

Review ScanState log or LoadState log for details about command-line errors.

User exclusion argument is invalid

Review ScanState log or LoadState log for details about command-line errors.

Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)

Review ScanState log or LoadState log for details about command-line errors.

Volume shadow copy feature is not supported with a hardlink store

Review ScanState log or LoadState log for details about command-line errors.

Wait delay argument must be an integer

Review ScanState log or LoadState log for details about command-line errors.

12

USMT_ERROR_OPTION_PARAM_TOO_LARGE

Command line arguments cannot exceed 256 characters

Review ScanState log or LoadState log for details about command-line errors.

Invalid Command Lines

Specified settings store path exceeds the maximum allowed length of 256 characters

Review ScanState log or LoadState log for details about command-line errors.

13

USMT_INIT_LOGFILE_FAILED

Log path argument is invalid for /l

When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct.

Invalid Command Lines

14

USMT_ERROR_USE_LAC

Unable to create a local account because /lac was not specified

When creating local accounts, the command-line options /lac and /lae should be used.

Invalid Command Lines

26

USMT_INIT_ERROR

Multiple Windows installations found

Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid.

Setup and Initialization

Software malfunction or unknown exception

Check all loaded .xml files for errors, common error when using /I to load the Config.xml file.

Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries

Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping.

27

USMT_INVALID_STORE_LOCATION

A store path can't be used because an existing store exists; specify /o to overwrite

Specify /o to overwrite an existing intermediate or migration store.

Setup and Initialization

A store path is missing or has incomplete data

Make sure that the store path is accessible and that the proper permission levels are set.

An error occurred during store creation

Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.

An inappropriate device such as a floppy disk was specified for the store

Make sure that the store path is accessible and that the proper permission levels are set.

Invalid store path; check the store parameter and/or file system permissions

Invalid store path; check the store parameter and/or file system permissions

The file layout and/or file content is not recognized as a valid store

Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.

The store path holds a store incompatible with the current USMT version

Make sure that the store path is accessible and that the proper permission levels are set.

The store save location is read-only or does not support a requested storage option

Make sure that the store path is accessible and that the proper permission levels are set.

28

USMT_UNABLE_GET_SCRIPTFILES

Script file is invalid for /i

Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file.

Setup and Initialization

Unable to find a script file specified by /i

Verify the location of your script files, and ensure that the command-line options are correct.

29

USMT_FAILED_MIGSTARTUP

A minimum of 250 MB of free space is required for temporary files

Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable USMT_WORKING_DIR=<path> to redirect the temporary files working directory.

Setup and Initialization

Another process is preventing migration; only one migration tool can run at a time

Check the ScanState log file for migration .xml file errors.

Failed to start main processing, look in log for system errors or check the installation

Check the ScanState log file for migration .xml file errors.

Migration failed because of an XML error; look in the log for specific details

Check the ScanState log file for migration .xml file errors.

Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table

Check the ScanState log file for migration .xml file errors.

31

USMT_UNABLE_FINDMIGUNITS

An error occurred during the discover phase; the log should have more specific information

Check the ScanState log file for migration .xml file errors.

Setup and Initialization

32

USMT_FAILED_SETMIGRATIONTYPE

An error occurred processing the migration system

Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.

Setup and Initialization

33

USMT_UNABLE_READKEY

Error accessing the file specified by the /keyfile parameter

Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.

Setup and Initialization

The encryption key must have at least one character

Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.

34

USMT_ERROR_INSUFFICIENT_RIGHTS

Directory removal requires elevated privileges

Log on as Administrator, and run with elevated privileges.

Setup and Initialization

No rights to create user profiles; log in as Administrator; run with elevated privileges

Log on as Administrator, and run with elevated privileges.

No rights to read or delete user profiles; log in as Administrator, run with elevated privileges

Log on as Administrator, and run with elevated privileges.

35

USMT_UNABLE_DELETE_STORE

A reboot is required to remove the store

Reboot to delete any files that could not be deleted when the command was executed.

Setup and Initialization

A store path can't be used because it contains data that could not be overwritten

A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use USMTUtils /rd command to delete the store.

There was an error removing the store

Review ScanState log or LoadState log for details about command-line errors.

36

USMT_ERROR_UNSUPPORTED_PLATFORM

Compliance check failure; please check the logs for details

Investigate whether there is an active temporary profile on the system.

Setup and Initialization

Use of /offline is not supported during apply

The /offline command was not used while running in the Windows Preinstallation Environment (WinPE).

Use /offline to run gather on this platform

The /offline command was not used while running in WinPE.

37

USMT_ERROR_NO_INVALID_KEY

The store holds encrypted data but the correct encryption key was not provided

Verify that you have included the correct encryption /key or /keyfile.

Setup and Initialization

38

USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE

An error occurred during store access

Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.

Setup and Initialization

39

USMT_UNABLE_TO_READ_CONFIG_FILE

Error reading Config.xml

Review ScanState log or LoadState log for details about command-line errors in the Config.xml file.

Setup and Initialization

File argument is invalid for /config

Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line.

40

USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG

Error writing to the progress log

The Progress log could not be created. Verify that the location is valid and that you have write access.

Setup and Initialization

Progress log argument is invalid for /progress

The Progress log could not be created. Verify that the location is valid and that you have write access.

41

USMT_PREFLIGHT_FILE_CREATION_FAILED

Can't overwrite existing file

The Progress log could not be created. Verify that the location is valid and that you have write access.

Setup and Initialization

Invalid space estimate path. Check the parameters and/or file system permissions

Review ScanState log or LoadState log for details about command-line errors.

42

USMT_ERROR_CORRUPTED_STORE

The store contains one or more corrupted files

Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see Extract Files from a Compressed USMT Migration Store.

61

USMT_MIGRATION_STOPPED_NONFATAL

Processing stopped due to an I/O error

USMT exited but can continue with the /c command-line option, with the optional configurable <ErrorControl> section or by using the /vsc command-line option.

Non-fatal Errors

71

USMT_INIT_OPERATING_ENVIRONMENT_FAILED

A Windows Win32 API error occurred

Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.

Fatal Errors

An error occurred when attempting to initialize the diagnostic mechanisms such as the log

Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.

Failed to record diagnostic information

Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.

Unable to start. Make sure you are running USMT with elevated privileges

Exit USMT and log in again with elevated privileges.

72

USMT_UNABLE_DOMIGRATION

An error occurred closing the store

Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

Fatal Errors

An error occurred in the apply process

Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

An error occurred in the gather process

Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

Out of disk space while writing the store

Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

Out of temporary disk space on the local system

Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.

- - +|Return code value|Return code|Error message|Troubleshooting, mitigation, workarounds|Category| +|--- |--- |--- |--- |--- | +|0|USMT_SUCCESS|Successful run|Not applicable|Success or Cancel| +|1|USMT_DISPLAY_HELP|Command line help requested|Not applicable|Success or Cancel| +|2|USMT_STATUS_CANCELED|Gather was aborted because of an EFS file|Not applicable|| +|||User chose to cancel (such as pressing CTRL+C)|Not applicable|Success or Cancel| +|3|USMT_WOULD_HAVE_FAILED|At least one error was skipped as a result of /c|Review ScanState, LoadState, or UsmtUtils log for details about command-line errors.|| +|11|USMT_INVALID_PARAMETERS|/all conflicts with /ui, /ue or /uel|Review ScanState log or LoadState log for details about command-line errors.|| +|||/auto expects an optional parameter for the script folder|Review ScanState log or LoadState log for details about command-line errors.|| +|||/encrypt can't be used with /nocompress|Review ScanState log or LoadState log for details about command-line errors.|| +|||/encrypt requires /key or /keyfile|Review ScanState log or LoadState log for details about command-line errors.|| +|||/genconfig can't be used with most other options|Review ScanState log or LoadState log for details about command-line errors.|| +|||/genmigxml can't be used with most other options|Review ScanState log or LoadState log for details about command-line errors.|| +|||/hardlink requires /nocompress|Review ScanState log or LoadState log for details about command-line errors.|| +|||/key and /keyfile both specified|Review ScanState log or LoadState log for details about command-line errors.|| +|||/key or /keyfile used without enabling encryption|Review ScanState log or LoadState log for details about command-line errors.|| +|||/lae is only used with /lac|Review ScanState log or LoadState log for details about command-line errors.|| +|||/listfiles cannot be used with /p|Review ScanState log or LoadState log for details about command-line errors.|| +|||/offline requires a valid path to an XML file describing offline paths|Review ScanState log or LoadState log for details about command-line errors.|| +|||/offlinewindir requires a valid path to offline windows folder|Review ScanState log or LoadState log for details about command-line errors.|| +|||/offlinewinold requires a valid path to offline windows folder|Review ScanState log or LoadState log for details about command-line errors.|| +|||A command was already specified|Verify that the command-line syntax is correct and that there are no duplicate commands.|| +|||An option argument is missing|Review ScanState log or LoadState log for details about command-line errors.|| +|||An option is specified more than once and is ambiguous|Review ScanState log or LoadState log for details about command-line errors.|| +|||By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.|Review ScanState log or LoadState log for details about command-line errors.|| +|||Command line arguments are required. Specify /? for options.|Review ScanState log or LoadState log for details about command-line errors.|| +|||Command line option is not valid|Review ScanState log or LoadState log for details about command-line errors.|| +|||EFS parameter specified is not valid for /efs|Review ScanState log or LoadState log for details about command-line errors.|| +|||File argument is invalid for /genconfig|Review ScanState log or LoadState log for details about command-line errors.|| +|||File argument is invalid for /genmigxml|Review ScanState log or LoadState log for details about command-line errors.|| +|||Invalid space estimate path. Check the parameters and/or file system permissions|Review ScanState log or LoadState log for details about command-line errors.|| +|||List file path argument is invalid for /listfiles|Review ScanState log or LoadState log for details about command-line errors.|| +|||Retry argument must be an integer|Review ScanState log or LoadState log for details about command-line errors.|| +|||Settings store argument specified is invalid|Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.|| +|||Specified encryption algorithm is not supported|Review ScanState log or LoadState log for details about command-line errors.|| +|||The /efs:hardlink requires /hardlink|Review ScanState log or LoadState log for details about command-line errors.|| +|||The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7|Review ScanState log or LoadState log for details about command-line errors.|| +|||The store parameter is required but not specified|Review ScanState log or LoadState log for details about command-line errors.|| +|||The source-to-target domain mapping is invalid for /md|Review ScanState log or LoadState log for details about command-line errors.|| +|||The source-to-target user account mapping is invalid for /mu|Review ScanState log or LoadState log for details about command-line errors.|| +|||Undefined or incomplete command line option|Review ScanState log or LoadState log for details about command-line errors.|Invalid Command Lines| +|||Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate|Review ScanState log or LoadState log for details about command-line errors.|| +|||User exclusion argument is invalid|Review ScanState log or LoadState log for details about command-line errors.|| +|||Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)|Review ScanState log or LoadState log for details about command-line errors.|| +|||Volume shadow copy feature is not supported with a hardlink store|Review ScanState log or LoadState log for details about command-line errors.|| +|||Wait delay argument must be an integer|Review ScanState log or LoadState log for details about command-line errors.|| +|12|USMT_ERROR_OPTION_PARAM_TOO_LARGE|Command line arguments cannot exceed 256 characters|Review ScanState log or LoadState log for details about command-line errors.|Invalid Command Lines| +|||Specified settings store path exceeds the maximum allowed length of 256 characters|Review ScanState log or LoadState log for details about command-line errors.|| +|13|USMT_INIT_LOGFILE_FAILED|Log path argument is invalid for /l|When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct.|Invalid Command Lines| +|14|USMT_ERROR_USE_LAC|Unable to create a local account because /lac was not specified|When creating local accounts, the command-line options /lac and /lae should be used.|Invalid Command Lines| +|26|USMT_INIT_ERROR|Multiple Windows installations found|Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid.|Setup and Initialization| +|||Software malfunction or unknown exception|Check all loaded .xml files for errors, common error when using /I to load the Config.xml file.|| +|||Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries|Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping.|| +|27|USMT_INVALID_STORE_LOCATION|A store path can't be used because an existing store exists; specify /o to overwrite|Specify /o to overwrite an existing intermediate or migration store.|Setup and Initialization| +|||A store path is missing or has incomplete data|Make sure that the store path is accessible and that the proper permission levels are set.|| +|||An error occurred during store creation|Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.|| +|||An inappropriate device such as a floppy disk was specified for the store|Make sure that the store path is accessible and that the proper permission levels are set.|| +|||Invalid store path; check the store parameter and/or file system permissions|Invalid store path; check the store parameter and/or file system permissions|| +|||The file layout and/or file content is not recognized as a valid store|Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store.|| +|||The store path holds a store incompatible with the current USMT version|Make sure that the store path is accessible and that the proper permission levels are set.|| +|||The store save location is read-only or does not support a requested storage option|Make sure that the store path is accessible and that the proper permission levels are set.|| +|28|USMT_UNABLE_GET_SCRIPTFILES|Script file is invalid for /i|Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file.|Setup and Initialization| +|||Unable to find a script file specified by /i|Verify the location of your script files, and ensure that the command-line options are correct.|| +|29|USMT_FAILED_MIGSTARTUP|A minimum of 250 MB of free space is required for temporary files|Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable USMT_WORKING_DIR= to redirect the temporary files working directory.|Setup and Initialization| +|||Another process is preventing migration; only one migration tool can run at a time|Check the ScanState log file for migration .xml file errors.|| +|||Failed to start main processing, look in log for system errors or check the installation|Check the ScanState log file for migration .xml file errors.|| +|||Migration failed because of an XML error; look in the log for specific details|Check the ScanState log file for migration .xml file errors.|| +|||Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table|Check the ScanState log file for migration .xml file errors.|| +|31|USMT_UNABLE_FINDMIGUNITS|An error occurred during the discover phase; the log should have more specific information|Check the ScanState log file for migration .xml file errors.|Setup and Initialization| +|32|USMT_FAILED_SETMIGRATIONTYPE|An error occurred processing the migration system|Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.|Setup and Initialization| +|33|USMT_UNABLE_READKEY|Error accessing the file specified by the /keyfile parameter|Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.|Setup and Initialization| +|||The encryption key must have at least one character|Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.|| +|34|USMT_ERROR_INSUFFICIENT_RIGHTS|Directory removal requires elevated privileges|Log on as Administrator, and run with elevated privileges.|Setup and Initialization| +|||No rights to create user profiles; log in as Administrator; run with elevated privileges|Log on as Administrator, and run with elevated privileges.|| +|||No rights to read or delete user profiles; log in as Administrator, run with elevated privileges|Log on as Administrator, and run with elevated privileges.|| +|35|USMT_UNABLE_DELETE_STORE|A reboot is required to remove the store|Reboot to delete any files that could not be deleted when the command was executed.|Setup and Initialization| +|||A store path can't be used because it contains data that could not be overwritten|A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store.|| +|||There was an error removing the store|Review ScanState log or LoadState log for details about command-line errors.|| +|36|USMT_ERROR_UNSUPPORTED_PLATFORM|Compliance check failure; please check the logs for details|Investigate whether there is an active temporary profile on the system.|Setup and Initialization| +|||Use of /offline is not supported during apply|The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE).|| +|||Use /offline to run gather on this platform|The **/offline** command was not used while running in WinPE.|| +|37|USMT_ERROR_NO_INVALID_KEY|The store holds encrypted data but the correct encryption key was not provided|Verify that you have included the correct encryption /key or /keyfile.|Setup and Initialization| +|38|USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE|An error occurred during store access|Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.|Setup and Initialization| +|39|USMT_UNABLE_TO_READ_CONFIG_FILE|Error reading Config.xml|Review ScanState log or LoadState log for details about command-line errors in the Config.xml file.|Setup and Initialization| +|||File argument is invalid for /config|Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line.|| +|40|USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG|Error writing to the progress log|The Progress log could not be created. Verify that the location is valid and that you have write access.|Setup and Initialization| +|||Progress log argument is invalid for /progress|The Progress log could not be created. Verify that the location is valid and that you have write access.|| +|41|USMT_PREFLIGHT_FILE_CREATION_FAILED|Can't overwrite existing file|The Progress log could not be created. Verify that the location is valid and that you have write access.|Setup and Initialization| +|||Invalid space estimate path. Check the parameters and/or file system permissions|Review ScanState log or LoadState log for details about command-line errors.|| +|42|USMT_ERROR_CORRUPTED_STORE|The store contains one or more corrupted files|Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).|| +|61|USMT_MIGRATION_STOPPED_NONFATAL|Processing stopped due to an I/O error|USMT exited but can continue with the /c command-line option, with the optional configurable section or by using the /vsc command-line option.|Non-fatal Errors| +|71|USMT_INIT_OPERATING_ENVIRONMENT_FAILED|A Windows Win32 API error occurred|Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.|Fatal Errors| +|||An error occurred when attempting to initialize the diagnostic mechanisms such as the log|Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.|| +|||Failed to record diagnostic information|Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details.|| +|||Unable to start. Make sure you are running USMT with elevated privileges|Exit USMT and log in again with elevated privileges.|| +|72|USMT_UNABLE_DOMIGRATION|An error occurred closing the store|Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.|Fatal Errors| +|||An error occurred in the apply process|Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.|| +|||An error occurred in the gather process|Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.|| +|||Out of disk space while writing the store|Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.|| +|||Out of temporary disk space on the local system|Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details.|| ## Related topics - [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md) [Log Files](usmt-log-files.md) - - - diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index eaaf29d214..31c6497e19 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -16,12 +16,10 @@ ms.topic: article # ScanState Syntax - The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. ## In This Topic - [Before You Begin](#bkmk-beforeyoubegin) [Syntax](#bkmk-syntax) @@ -40,7 +38,6 @@ The ScanState command is used with the User State Migration Tool (USMT) 10.0 to ## Before You Begin - Before you run the **ScanState** command, note the following: - To ensure that all operating system settings migrate, in most cases you must run the **ScanState** commands in administrator mode from an account with administrative credentials. @@ -59,7 +56,6 @@ Before you run the **ScanState** command, note the following: ## Syntax - This section explains the syntax and usage of the **ScanState** command-line options. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator. The **ScanState** command's syntax is: @@ -76,80 +72,20 @@ To create an encrypted store using the Config.xml file and the default migration ## Storage Options - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

StorePath

Indicates a folder where files and settings will be saved. Note that StorePath cannot be C:\. You must specify the StorePath option in the ScanState command, except when using the /genconfig option. You cannot specify more than one StorePath location.

/apps

Scans the image for apps and includes them and their associated registry settings.

/ppkg [<FileName>]

Exports to a specific file location.

/o

Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the ScanState command will fail if the migration store already contains data. You cannot use this option more than once on a command line.

/vsc

This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the <ErrorControl> section.

-

This option can be used only with the ScanState executable file and cannot be combined with the /hardlink option.

/hardlink

Enables the creation of a hard-link migration store at the specified location. The /nocompress option must be specified with the /hardlink option.

/encrypt [{/key:<KeyString> | /keyfile:<file>]}

Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key-in one of the following ways:

-
    -

  • /key:KeyString specifies the encryption key. If there is a space in KeyString, you will need to surround KeyString with quotation marks.

    • -

  • /keyfile:FilePathAndName specifies a text (.txt) file that contains the encryption key.

    • -
-

We recommend that KeyString be at least eight characters long, but it cannot exceed 256 characters. The /key and /keyfile options cannot be used on the same command line. The /encrypt and /nocompress options cannot be used on the same command line.

-
-Important

You should use caution with this option, because anyone who has access to the ScanState command-line script will also have access to the encryption key.

-
-
- -
-

The following example shows the ScanState command and the /key option:

-

scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey

/encrypt:<EncryptionStrength>

The /encrypt option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see Migration Store Encryption.

/nocompress

Disables compression of data and saves the files to a hidden folder named "File" at StorePath\USMT. Compression is enabled by default. Combining the /nocompress option with the /hardlink option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the /nocompress option with the /hardlink option.

-

The /nocompress and /encrypt options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the LoadState command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

-

For example:

-

scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress

- - +| Command-Line Option | Description | +|-----|-----| +| *StorePath* | Indicates a folder where files and settings will be saved. Note that *StorePath* cannot be **C:\**. You must specify the *StorePath* option in the **ScanState** command, except when using the **/genconfig** option. You cannot specify more than one *StorePath* location. | +| **/apps** | Scans the image for apps and includes them and their associated registry settings. | +| **/ppkg** [*<FileName>*] | Exports to a specific file location. | +| **/o** | Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the **ScanState** command will fail if the migration store already contains data. You cannot use this option more than once on a command line. | +| **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **<ErrorControl>** section.

This option can be used only with the ScanState executable file and cannot be combined with the **/hardlink** option. | +| **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The **/nocompress** option must be specified with the **/hardlink** option. | +| **/encrypt** [{**/key:** *<KeyString>* | **/keyfile**:*<file>*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key-in one of the following ways:
  • **/key:** *KeyString* specifies the encryption key. If there is a space in *KeyString*, you will need to surround *KeyString* with quotation marks.
  • **/keyfile:** *FilePathAndName* specifies a text (.txt) file that contains the encryption key.

We recommend that *KeyString* be at least eight characters long, but it cannot exceed 256 characters. The **/key** and **/keyfile** options cannot be used on the same command line. The **/encrypt** and **/nocompress** options cannot be used on the same command line.
**Important**
You should use caution with this option, because anyone who has access to the **ScanState** command-line script will also have access to the encryption key.

The following example shows the ScanState command and the **/key** option:
`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey` | +| **/encrypt**:*<EncryptionStrength>* | The **/encrypt** option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). | +| **/nocompress** | Disables compression of data and saves the files to a hidden folder named "File" at *StorePath*\USMT. Compression is enabled by default. Combining the **/nocompress** option with the **/hardlink** option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the **/nocompress** option with the **/hardlink** option.

The **/nocompress** and **/encrypt** options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the **LoadState** command will migrate each file directly from the store to the correct location on the destination computer without a temporary location.

For example:
`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress` | ## Run the ScanState Command on an Offline Windows System - You can run the **ScanState** command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the **ScanState** command in WinPE or a Windows.old directory when you run the **ScanState** command in Windows. There are several benefits to running the **ScanState** command on an offline Windows image, including: @@ -172,445 +108,87 @@ There are several benefits to running the **ScanState** command on an offline Wi ## Offline Migration Options - - ---- - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDefinition

/offline:"path to an offline.xml file"

This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.

/offlinewindir:"path to a Windows directory"

This option specifies the offline Windows directory that the ScanState command gathers user state from. The offline directory can be Windows.old when you run the ScanState command in Windows or a Windows directory when you run the ScanState command in WinPE.

/offlinewinold:"Windows.old directory"

This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.

- - +|Command-Line Option|Definition| +|--- |--- | +|**/offline:** *"path to an offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.| +|**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the **ScanState** command gathers user state from. The offline directory can be Windows.old when you run the **ScanState** command in Windows or a Windows directory when you run the **ScanState** command in WinPE.| +|**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.| ## Migration Rule Options - USMT provides the following options to specify what files you want to migrate. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/i:[Path]FileName

(include)

-

Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the Frequently Asked Questions topic.

/genconfig:[Path]FileName

(Generate Config.xml)

-

Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the /i option, when you specify this option.

-

After you create this file, you will need to make use of it with the ScanState command using the /config option.

-

The only options that you can specify with this option are the /i, /v, and /l options. You cannot specify StorePath, because the /genconfig option does not create a store. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.

-

Examples:

-
    -

  • The following example creates a Config.xml file in the current directory:

    -

    scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13

    • -

/config:[Path</em>]FileName

Specifies the Config.xml file that the ScanState command should use to create the store. You cannot use this option more than once on the command line. Path can be either a relative or full path. If you do not specify the Path variable, then FileName must be located in the current directory.

-

The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:

-

scanstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log

-

The following example migrates the files and settings to the destination computer using the Config.xml, MigDocs.xml, and MigApp.xml files:

-

loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log

/auto:path to script files

This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The /auto option has the same effect as using the following options: /i: MigDocs.xml /i:MigApp.xml /v:5.

/genmigxml:path to a file

This option specifies that the ScanState command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the ScanState command is running.

/targetwindows8

Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios:

-
    -

  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows8 option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.

    • -

  • To create a migration store. Using the /targetwindows8 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows8 command-line option, some settings can be lost during the migration.

    • -

/targetwindows7

Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios:

-
    -

  • To create a Config.xml file by using the /genconfig option. Using the /targetwindows7 option optimizes the Config.xml file so that it only contains components that relate to Windows 7.

    • -

  • To create a migration store. Using the /targetwindows7 option ensures that the ScanState tool gathers the correct set of operating system settings. Without the /targetwindows7 command-line option, some settings can be lost during the migration.

    • -

/localonly

Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the /localonly option is not specified, then the ScanState command will copy files from these removable or network drives into the store.

-

Anything that is not considered a fixed drive by the OS will be excluded by /localonly. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see Exclude Files and Settings.

-

The /localonly command-line option includes or excludes data in the migration as identified in the following table:

- ---- - - - - - - - - - - - - - - - - - - - - -
Drive typeBehavior with /localonly

Removable drives such as a USB flash drive

Excluded

Network drives

Excluded

Fixed drives

Included

-

- - +| Command-Line Option | Description | +|-----|-----| +| **/i:**[*Path*]*FileName* | **(include)**

Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the "XML Files" section of the [Frequently Asked Questions](usmt-faq.yml) topic. | +| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**)

Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.

After you create this file, you will need to make use of it with the **ScanState** command using the **/config** option.

The only options that you can specify with this option are the **/i**, **/v**, and **/l** options. You cannot specify *StorePath*, because the **/genconfig** option does not create a store. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

Examples:
  • The following example creates a Config.xml file in the current directory:
    `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
| +| **/config:**[*Path*]*FileName* | Specifies the Config.xml file that the **ScanState** command should use to create the store. You cannot use this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory.

The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:
`scanstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`

The following example migrates the files and settings to the destination computer using the **Config.xml**, **MigDocs.xml**, and **MigApp.xml** files:
`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` | +| **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The **/auto** option has the same effect as using the following options: **/i: MigDocs.xml** **/i:MigApp.xml /v:5**. | +| **/genmigxml:** *path to a file* | This option specifies that the **ScanState** command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the **ScanState** command is running. | +| **/targetwindows8** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows8** option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.
  • **To create a migration store.** Using the **/targetwindows8** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows8** command-line option, some settings can be lost during the migration.
| +| **/targetwindows7** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios:
  • **To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows7** option optimizes the Config.xml file so that it only contains components that relate to Windows 7.
  • **To create a migration store.** Using the **/targetwindows7** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows7** command-line option, some settings can be lost during the migration.
| +| **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the **/localonly** option is not specified, then the **ScanState** command will copy files from these removable or network drives into the store.

Anything that is not considered a fixed drive by the OS will be excluded by **/localonly**. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).

The **/localonly** command-line option includes or excludes data in the migration as identified in the following:
  • **Removable drives such as a USB flash drive** - Excluded
  • **Network drives** - Excluded
  • **Fixed drives** - Included
| ## Monitoring Options - USMT provides several options that you can use to analyze problems that occur during migration. -> [!NOTE] +> [!NOTE] > The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option. - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/listfiles:<FileName>

You can use the /listfiles command-line option with the ScanState command to generate a text file that lists all of the files included in the migration.

/l:[Path]FileName

Specifies the location and name of the ScanState log.

-

You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then the log will be created in the current directory. You can use the /v option to adjust the amount of output.

-

If you run the ScanState or LoadState commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /l: scan.log command.

/v:<VerbosityLevel>

(Verbosity)

-

Enables verbose output in the ScanState log file. The default value is 0.

-

You can set the VerbosityLevel to one of the following levels:

- ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
LevelExplanation

0

Only the default errors and warnings are enabled.

1

Enables verbose output.

4

Enables error and status output.

5

Enables verbose and status output.

8

Enables error output to a debugger.

9

Enables verbose output to a debugger.

12

Enables error and status output to a debugger.

13

Enables verbose, status, and debugger output.

-

-

For example:

-

scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml

-

/progress:[Path</em>]FileName

Creates the optional progress log. You cannot store any of the log files in StorePath. Path can be either a relative or full path. If you do not specify the Path variable, then FileName will be created in the current directory.

-

For example:

-

scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log

/c

When this option is specified, the ScanState command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the ScanState command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the /c option, the ScanState command will exit on the first error.

-

You can use the new <ErrorControl> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /c command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /genconfig option now generates a sample <ErrorControl> section that is enabled by specifying error messages and desired behaviors in the Config.xml file.

/r:<TimesToRetry>

(Retry)

-

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

-

While storing the user state, the /r option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem.

/w:<SecondsBeforeRetry>

(Wait)

-

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second.

/p:<pathToFile>

When the ScanState command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:

-

Scanstate.exe C:\MigrationLocation [additional parameters]

-

/p:"C:\MigrationStoreSize.xml"

-

For more information, see Estimate Migration Store Size.

-

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the /p option, without specifying "pathtoafile", in USMT. If you specify only the /p option, the storage space estimations are created in the same manner as with USMT3.x releases.

/? or /help

Displays Help at the command line.

- - +| Command-Line Option | Description | +|-----|-----| +| **/listfiles**:<FileName> | You can use the **/listfiles** command-line option with the **ScanState** command to generate a text file that lists all of the files included in the migration. | +| **/l:**[*Path*]*FileName* | Specifies the location and name of the ScanState log.

You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can use the **/v** option to adjust the amount of output.

If you run the **ScanState** or **LoadState** commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /**l: scan.log** command. | +| **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the ScanState log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:
  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`| +| /**progress**:[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` | +| **/c** | When this option is specified, the **ScanState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the **ScanState** command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the **/c** option, the **ScanState** command will exit on the first error.

You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /**c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /**genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | +| **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

While storing the user state, the **/r** option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | +| **/w:***<SecondsBeforeRetry>* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | +| **/p:***<pathToFile>* | When the **ScanState** command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`Scanstate.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the **/p** option, without specifying *"pathtoafile"*, in USMT. If you specify only the **/p** option, the storage space estimations are created in the same manner as with USMT3.x releases. | +| /**?** or /**help** | Displays Help at the command line. | ## User Options - By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md) and [Migrate User Accounts](usmt-migrate-user-accounts.md). - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionDescription

/all

Migrates all of the users on the computer.

-

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /ue or /uel options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /all option, you cannot also use the /ui, /ue or /uel options.

/ui:<DomainName>\<UserName>

-

or

-

/ui:<ComputerName>\<LocalUserName>

(User include)

-

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /ue or /uel options. You can specify multiple /ui options, but you cannot use the /ui option with the /all option. DomainName and UserName can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.

-
-Note

If a user is specified for inclusion with the /ui option, and also is specified to be excluded with either the /ue or /uel options, the user will be included in the migration.

-
-
- -
-

For example:

-
    -

    To include only User2 from the Fabrikam domain, type:

    -

    /ue:*\* /ui:fabrikam\user2

    -

    To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:

    -

    /uel:30 /ui:fabrikam\*

    -

    In this example, a user account from the Contoso domain that was last modified two months ago will not be migrated.

    -
-

For more examples, see the descriptions of the /ue and /ui options in this table.

/uel:<NumberOfDays>

-

or

-

/uel:<YYYY/MM/DD>

-

or

-

/uel:0

(User exclude based on last logon)

-

Migrates the users that logged on to the source computer within the specified time period, based on the Last Modified date of the Ntuser.dat file on the source computer. The /uel option acts as an include rule. For example, the /uel:30 option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

-

You can specify a number of days or you can specify a date. You cannot use this option with the /all option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged on to another computer, that logon instance is not considered by USMT.

-
-Note

The /uel option is not valid in offline migrations.

-
-
- -
-
    -

  • /uel:0 migrates any users who are currently logged on.

    • -

  • /uel:90 migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.

    • -

  • /uel:1 migrates users whose account has been modified within the last 24 hours.

    • -

  • /uel:2002/1/15 migrates users who have logged on or been modified January 15, 2002 or afterwards.

    • -
-

For example:

-

scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0

/ue:<DomainName>\<UserName>

-

-or-

-

-

/ue:<ComputerName>\<LocalUserName>

(User exclude)

-

Excludes the specified users from the migration. You can specify multiple /ue options. You cannot use this option with the /all option. <DomainName> and <UserName> can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

-

For example:

-

scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1

- - +| Command-Line Option | Description | +|-----|-----| +| /**all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /**ue** or /**uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /**all** option, you cannot also use the /**ui**, /**ue** or /**uel** options. | +| /**ui**:*<DomainName>*\*<UserName>*
or
/**ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /**ue** or /**uel** options. You can specify multiple /**ui** options, but you cannot use the /**ui** option with the /**all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.
**Note**
If a user is specified for inclusion with the /**ui** option, and also is specified to be excluded with either the /**ue** or /**uel** options, the user will be included in the migration.

For example:
  • To include only User2 from the Fabrikam domain, type:
    `/ue:*\* /ui:fabrikam\user2`
  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
    `/uel:30 /ui:fabrikam\*`
    In this example, a user account from the Contoso domain that was last modified two months ago will not be migrated.

For more examples, see the descriptions of the /**ue** and /**ui** options in this table. | +| /**uel**:*<NumberOfDays>*
or
/**uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The /**uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

You can specify a number of days or you can specify a date. You cannot use this option with the /**all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged on to another computer, that logon instance is not considered by USMT.
**Note**
The /**uel** option is not valid in offline migrations.
  • **/uel:0** migrates any users who are currently logged on.
  • **/uel:90** migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • **/uel:1** migrates users whose account has been modified within the last 24 hours.
  • **/uel:2002/1/15** migrates users who have logged on or been modified January 15, 2002 or afterwards.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | +| /**ue**:*<DomainName>*\*<UserName>*
-or-

/**ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple /**ue** options. You cannot use this option with the /**all** option. *<DomainName>* and *<UserName>* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

For example:
`scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | ## How to Use /ui and /ue - The following examples apply to both the /**ui** and /**ue** options. You can replace the /**ue** option with the /**ui** option to include, rather than exclude, the specified users. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
BehaviorCommand

Exclude the user named User One in the Fabrikam domain.

/ue:"fabrikam\user one"

Exclude the user named User1 in the Fabrikam domain.

/ue:fabrikam\user1

Exclude the local user named User1.

/ue:%computername%\user1

Exclude all domain users.

/ue:Domain\*

Exclude all local users.

/ue:%computername%\*

Exclude users in all domains named User1, User2, and so on.

/ue:*\user*

- - +|Behavior|Command| +|--- |--- | +|Exclude the user named User One in the Fabrikam domain.|`/ue:"fabrikam\user one"`| +|Exclude the user named User1 in the Fabrikam domain.|`/ue:fabrikam\user1`| +|Exclude the local user named User1.|`/ue:%computername%\user1`| +|Exclude all domain users.|`/ue:Domain\*`| +|Exclude all local users.|`/ue:%computername%\*`| +|Exclude users in all domains named User1, User2, and so on.|`/ue:*\user*`| ## Using the Options Together - You can use the /**uel**, /**ue** and /**ui** options together to migrate only the users that you want migrated. The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option. The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
BehaviorCommand

Include only User2 from the Fabrikam domain and exclude all other users.

/ue:*\* /ui:fabrikam\user2

Include only the local user named User1 and exclude all other users.

/ue:*\* /ui:user1

Include only the domain users from Contoso, except Contoso\User1.

This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:

-
    -

  • On the ScanState command line, type: /ue:*\* /ui:contoso\*

    • -

  • On the LoadState command line, type: /ue:contoso\user1

    • -

Include only local (non-domain) users.

/ue:*\* /ui:%computername%\*

- - +|Behavior|Command| +|--- |--- | +|Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`| +|Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`| +|Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
  • On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`
  • On the **LoadState** command line, type: `/ue:contoso\user1`
| +|Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| ## Encrypted File Options - You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md). @@ -618,245 +196,49 @@ For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs- > [!NOTE] > EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files - > [!CAUTION] > Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration. - - - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line OptionExplanation

/efs:hardlink

Creates a hard link to the EFS file instead of copying it. Use only with the /hardlink and the /nocompress options.

/efs:abort

Causes the ScanState command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default.

/efs:skip

Causes the ScanState command to ignore EFS files.

/efs:decryptcopy

Causes the ScanState command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the ScanState command succeeds, the file will be unencrypted in the migration store, and once you run the LoadState command, the file will be copied to the destination computer.

/efs:copyraw

Causes the ScanState command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an /efs option. Therefore you should specify the /efs:copyraw option with the ScanState command to migrate the encrypted file. Then, when you run the LoadState command, the encrypted file and the EFS certificate will be automatically migrated.

-

For example:

-

ScanState /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw

-
-Important

All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see Migrate EFS Files and Certificates.

-
-
- -
- - +| Command-Line Option | Explanation | +|----|----| +| **/efs:hardlink** | Creates a hard link to the EFS file instead of copying it. Use only with the **/hardlink** and the **/nocompress** options. | +| **/efs:abort** | Causes the **ScanState** command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. | +| **/efs:skip** | Causes the **ScanState** command to ignore EFS files. | +| /**efs:decryptcopy** | Causes the **ScanState** command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the **ScanState** command succeeds, the file will be unencrypted in the migration store, and once you run the **LoadState** command, the file will be copied to the destination computer. | +| **/efs:copyraw** | Causes the **ScanState** command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an **/efs** option. Therefore you should specify the **/efs:copyraw** option with the **ScanState** command to migrate the encrypted file. Then, when you run the **LoadState** command, the encrypted file and the EFS certificate will be automatically migrated.

For example:
`ScanState /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw`
**Important**
All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
| ## Incompatible Command-Line Options - The following table indicates which command-line options are not compatible with the **ScanState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Command-Line Option/keyfile/nocompress/genconfig/all

/i

/o

/v

/nocompress

N/A

/localonly

X

/key

X

X

/encrypt

Required*

X

X

/keyfile

N/A

X

/l

/progress

X

/r

X

/w

X

/c

X

/p

X

N/A

/all

X

/ui

X

X

/ue

X

X

/uel

X

X

/efs:<option>

X

/genconfig

N/A

/config

X

<StorePath>

X

- +|Command-Line Option|/keyfile|/nocompress|/genconfig|/all| +|--- |--- |--- |--- |--- | +|**/i**||||| +|**/o**||||| +|**/v**||||| +|/**nocompress**||||N/A| +|/**localonly**|||X|| +|/**key**|X||X|| +|/**encrypt**|Required*|X|X|| +|/**keyfile**|N/A||X|| +|/**l**||||| +|/**progress**|||X|| +|/**r**|||X|| +|/**w**|||X|| +|/**c**|||X|| +|/**p**|||X|N/A| +|/**all**|||X|| +|/**ui**|||X|X| +|/**ue**|||X|X| +|/**uel**|||X|X| +|/**efs**:*