DM protocol commands |
-The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
+ | The following list shows the commands that are used by the device. For further information about the OMA DM command elements, see "SyncML Representation Protocol Device Management Usage (OMA-SyncML-DMRepPro-V1_1_2-20030613-A)" available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).
Add (Implicit Add supported) Alert (DM alert): Generic alert (1226) is used by enterprise management client when the user triggers an MDM unenrollment action from the device or when a CSP finishes some asynchronous actions. Device alert (1224) is used to notify the server some device triggered event.
@@ -301,15 +301,15 @@ The following table shows the sequence of events during a typical DM session.
-
-The step numbers in the table do not represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each additional message. For more information about MsgID and OMA SyncML protocol, see "OMA Device Management Representation Protocol" (OMA-TS-DM\_RepPro-V1\_2-20070209-A) available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
+
+The step numbers in the table do not represent message identification numbers (MsgID). All messages from the server must have a MsgID that is unique within the session, starting at 1 for the first message, and increasing by an increment of 1 for each additional message. For more information about MsgID and OMA SyncML protocol, see "OMA Device Management Representation Protocol" (DM_RepPro-V1_2-20070209-A) available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/).
During OMA DM application level mutual authentication, if the device response code to Cred element in the server request is 212, no further authentication is needed for the remainder of the DM session. In the case of the MD5 authentication, the Chal element can be returned. Then the next nonce in Chal must be used for the MD5 digest when the next DM session is started.
If a request includes credentials and the response code to the request is 200, the same credential must be sent within the next request. If the Chal element is included and the MD5 authentication is required, a new digest is created by using the next nonce via the Chal element for next request.
-For more information about Basic or MD5 client authentication, MD5 server authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM\_Security-V1\_2\_1-20080617-A), authentication response code handling and step-by-step samples in OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=526900).
+For more information about Basic or MD5 client authentication, MD5 server authentication, MD5 hash, and MD5 nonce, see the OMA Device Management Security specification (OMA-TS-DM_Security-V1_2_1-20080617-A), authentication response code handling and step-by-step samples in OMA Device Management Protocol specification (OMA-TS-DM_Protocol-V1_2_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2_1-20080617-A/).
## User targeted vs. Device targeted configuration
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index e258974ff4..4d766ec5f7 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -724,7 +724,10 @@ The following list shows the supported values:
-Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
+Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app.
+
+* On Mobile, the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
+* On HoloLens, this timeout is controlled by the device's system sleep timeout, regardless of the value set by this policy.
> [!NOTE]
> This policy must be wrapped in an Atomic command.
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index f434251f74..85542e6932 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -17,6 +17,9 @@ The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmwa
> [!Note]
> The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809).
+> [!Note]
+> The production UEFI CSP is present in 1809, but it depends upon the Device Firmware Configuration Interface (DFCI) and UEFI firmware to comply with this interface. The specification for this interface and compatible firmware is not yet available.
+
The following diagram shows the UEFI CSP in tree format.
@@ -124,4 +127,4 @@ Value type is Base64. Supported operation is Replace.
**Settings2/Result**
Retrieves the binary result package of previous Settings2/Apply operation. This binary package contains XML describing the action taken for each individual setting.
-Supported operation is Get.
\ No newline at end of file
+Supported operation is Get.
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index fe6bdbb4ad..4142e8244f 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -448,6 +448,8 @@ Required for native profiles. Type of tunneling protocol used. This value can be
Value type is chr. Supported operations include Get, Add, Replace, and Delete.
+> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: IKEv2, PPTP and then L2TP. This order is not customizable.
+
**VPNv2/***ProfileName***/NativeProfile/Authentication**
Required node for native profile. It contains authentication information for the native VPN profile.
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 515e4fa81f..81e49742b0 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -44,6 +44,7 @@ Disable the camera. | Go to **Settings** > **Privacy** > **Camera**, a
Turn off app notifications on the lock screen. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
Disable removable media. | Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.**NOTE**: To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+
## Enable logging
Logs can help you [troubleshoot issues](multi-app-kiosk-troubleshoot.md) kiosk issues. Logs about configuration and runtime issues can be obtained by enabling the **Applications and Services Logs\Microsoft\Windows\AssignedAccess\Operational** channel, which is disabled by default.
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 635ee7e17a..cb0103ffff 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -300,6 +300,33 @@ C:\Windows\System32\tdlrecover.exe -reregister -resetlayout -resetcache
Although a reboot is not required, it may help clear up any residual issues after the command is run.
+### Symptoms: Start Menu and Apps cannot start after upgrade to Windows 10 version 1809 when Symantec Endpoint Protection is installed
+
+**Description** Start Menu, Search and Apps do not start after you upgrade a Windows 7-based computer that has Symantec Endpoint Protection installed to Windows 10 version 1809.
+
+**Cause** This occurs because of a failure to load sysfer.dll. During upgrade, the setup process does not set the privilege group "All Application Packages" on sysfer.dll and other Symantec modules.
+
+**Resolution** This issue was fixed by the Windows Cumulative Update that were released on December 5, 2018—KB4469342 (OS Build 17763.168).
+
+If you have already encountered this issue, use one of the following two options to fix the issue:
+
+**Option 1** Remove sysfer.dll from system32 folder and copy it back. Windows will set privilege automatically.
+
+**Option 2**
+
+1. Locate the directory C:\Windows\system32.
+
+2. Right-click on sysfer.dll and choose **Properties**.
+
+3. Switch to the **Security** tab.
+
+4. Confirm that **All Application Packages** group is missing.
+
+5. Click **Edit**, and then click **Add** to add the group.
+
+6. Test Start and other Apps.
+
+
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index de3fecb42b..a4a8ead75e 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -110,7 +110,7 @@ With Windows 10, version 1607 and later, the UE-V service is installed on user d
2. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**.
-3. Double click **Use Users Experience Virtualization (UE-V)**.
+3. Double click **Use User Experience Virtualization (UE-V)**.
4. Select **Enabled** and click **OK**.
diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md
index b073e9cd2f..8436f310a4 100644
--- a/windows/deployment/update/how-windows-update-works.md
+++ b/windows/deployment/update/how-windows-update-works.md
@@ -19,7 +19,7 @@ The Windows Update workflow has four core areas of functionality:
### Scan
1. Orchestrator schedules the scan.
-2. Orchestrator vertifies admin approvals and policies for download.
+2. Orchestrator verifies admin approvals and policies for download.
### Download
@@ -139,4 +139,4 @@ The action list describes all the files needed from WU, and what the install age
When the option to automatically install updates is configured, the Windows Update Orchestrator, in most cases, automatically restarts the PC for you after installing the updates. This is necessary because your PC may be insecure, or not fully updated, until a restart is completed. You can use Group Policy settings, mobile device management (MDM), or the registry (not recommended) to configure when devices will restart after a Windows 10 update is installed.
-For more information see [Manage device restarts after updates](waas-restart.md).
\ No newline at end of file
+For more information see [Manage device restarts after updates](waas-restart.md).
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 91d6394973..a1a57c4f21 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -42,7 +42,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
Windows 10 Pro Education |
Windows 10 Education |
Windows 10 Enterprise |
- Windows 10 Enterprise LTSC |
Windows 10 Mobile |
Windows 10 Mobile Enterprise |
|
@@ -264,17 +263,6 @@ D = Edition downgrade; personal data is maintained, applications and settings ar