deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 14:27:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jdsb

Browse Source
This commit is contained in:
Jeanie Decker 2019-03-20 10:12:17 -07:00
commit 85b076c92c
6 changed files with 70 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
devices/surface/TOC.md
View File

@ -24,6 +24,7 @@
## [Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices](enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md)
## [Manage Surface UEFI settings](manage-surface-uefi-settings.md)
### [Advanced UEFI security features for Surface Pro 3](advanced-uefi-security-features-for-surface-pro-3.md)
### [Surface System SKU reference](surface-system-sku-reference.md)
## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
### [Enroll and configure Surface devices with SEMM](enroll-and-configure-surface-devices-with-semm.md)
### [Unenroll Surface devices from SEMM](unenroll-surface-devices-from-semm.md)

7
devices/surface/change-history-for-surface.md
View File

@ -13,6 +13,13 @@ ms.topic: article
This topic lists new and updated topics in the Surface documentation library.
## March 2019
New or changed topic | Description
--- | ---
[Surface System SKU reference](surface-system-sku-reference.md) | New
## February 2019
New or changed topic | Description

59
devices/surface/surface-system-sku-reference.md Normal file
View File

@ -0,0 +1,59 @@
---
title: System SKU reference (Surface)
description: See a reference of System Model and System SKU names.
keywords: uefi, configure, firmware, secure, semm
ms.prod: w10
ms.mktglfcycl: manage
ms.pagetype: surface, devices, security
ms.sitesec: library
author: coveminer
ms.author: v-jokai
ms.topic: article
ms.date: 03/20/2019
---
# System SKU reference
This document provides a reference of System Model and System SKU names that you can use to quickly determine the machine state of a specific device using PowerShell, WMI,
System Model and System SKU are variables stored in System Management BIOS (SMBIOS) tables in the UEFI layer of Surface devices. The System SKU name is required to differentiate between devices with the same System Model name, such as Surface Pro and Surface Pro with LTE Advanced.
| Device | System Model | System SKU |
| ---------- | ----------- | -------------- |
| Surface 3 WiFI | Surface 3 | Surface_3 |
| Surface 3 LTE AT&T | Surface 3 | Surface_3_US1 |
| Surface 3 LTE Verizon | Surface 3 | Surface_3_US2 |
| Surface 3 LTE North America | Surface 3 | Surface_3_NAG |
| Surface 3 LTE Outside of North America and T-Mobile In Japan | Surface 3 | Surface_3_ROW |
| Surface Pro | Surface Pro | Surface_Pro_1796 |
| Surface Pro with LTE Advanced | Surface Pro | Surface_Pro_1807 |
| Surface Book 2 13inch | Surface Book 2 | Surface_Book_1832 |
| Surface Book 2 15inch | Surface Book 2 | Surface_Book_1793 |
| Surface Go Consumer | Surface Go | Surface_Go_1824_Consumer |
| Surface Go Commercial | Surface Go | Surface_Go_1824_Commercial |
| Surface Pro 6 Consumer | Surface Pro 6 | Surface_Pro_6_1796_Consumer |
| Surface Pro 6 Commercial | Surface Pro 6 | Surface_Pro_6_1796_Commercial |
| Surface Laptop 2 Consumer | Surface Laptop 2 | Surface_Laptop_2_1769_Consumer |
| Surface Laptop 2 Commercial | Surface Laptop 2 | Surface_Laptop_2_1769_Commercial |
## Examples
**PowerShell**
Use the following PowerShell command to pull System SKU:
```
gwmi -namespace root\wmi -class MS_SystemInformation | select SystemSKU
```
**System Information**
You can also find the System SKU and System Model for a device in System Information.
- Go to **Start** > **MSInfo32**.
One example of how you could use this in Microsoft Deployment Toolkit (MDT) or System Center Configuration Manager is as part of a Task Sequence WMI Condition. For example:
**Task Sequence WMI Condition**
- WMI Namespace Root\WMI
- WQL Query SELECT * FROM MS_SystemInformation WHERE SystemSKU = "Surface_Pro_1796"

2
education/windows/get-minecraft-for-education.md
View File

@ -34,7 +34,7 @@ Teachers and IT administrators can now get early access to **Minecraft: Educatio
- **Minecraft: Education Edition** requires Windows 10.
- Trials or subscriptions of **Minecraft: Education Edition** are offered to education tenants that are managed by Azure Active Directory (Azure AD).
- If your school doesn't have an Azure AD tenant, the [IT administrator can set one up](school-get-minecraft.md) as part of the process of getting **Minecraft: Education Edition**.
* Office 365 Education, which includes online versions of Office apps plus 1 TB online storage and [Microsoft Classroom](https://classroom.microsoft.com/), is free for teachers and students. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
* Office 365 Education, which includes online versions of Office apps plus 1 TB online storage. [Sign up your school for Office 365 Education.](https://products.office.com/academic/office-365-education-plan)
* If your school has an Office 365 Education subscription, it includes a free Azure AD subscription. [Register your free Azure AD subscription.](https://msdn.microsoft.com/library/windows/hardware/mt703369%28v=vs.85%29.aspx)
<!-- ![teacher](images/teacher.png) -->

5
windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
View File

@ -42,11 +42,10 @@ These steps will show you how to configure an Active Directory account with the
5. User cannot change password: Select
6. Password never expires: Select
3. In an elevated Windows PowerShell prompt (run as Administrator), run the following commands and press **Enter** after each command:
``` syntax
```powershell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Force
Set-Location C:\Setup\Scripts
.\Set-OUPermissions.ps1 -Account MDT_JD
-TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
.\Set-OUPermissions.ps1 -Account MDT_JD -TargetOU "OU=Workstations,OU=Computers,OU=Contoso"
```
4. The Set-OUPermissions.ps1 script allows the MDT\_JD user account permissions to manage computer accounts in the Contoso / Computers OU. Below you find a list of the permissions being granted:
1. Scope: This object and all descendant objects

10
windows/security/threat-protection/security-policy-settings/create-global-objects.md
View File

@ -89,16 +89,6 @@ By default, members of the **Administrators** group, the System account, and ser
When non-administrators need to access a server using Remote Desktop, add the users to the **Remote Desktop Users** group rather than assining them this user right.
### Vulnerability
>**Caution:**  A user account that is given this user right has complete control over the system, and it can lead to the system being compromised. We highly recommend that you do not assign this right to any user accounts.
 
Windows examines a user's access token to determine the level of the user's privileges. Access tokens are built when users log on to the local device or connect to a remote device over a network. When you revoke a privilege, the change is immediately recorded, but the change is not reflected in the user's access token until the next time the user logs on or connects. Users with the ability to create or modify tokens can change the level of access for any currently logged on account. They could escalate their privileges or create a denial-of-service (DoS) condition.
### Countermeasure
Do not assign the **Create a token object** user right to any users. Processes that require this user right should use the Local System account, which already includes it, instead of a separate user account with this user right assigned.
### Potential impact
None. Not Defined is the default domain policy configuration.