From 978ebcd2075e36f3607c61473669213b99a8c176 Mon Sep 17 00:00:00 2001 From: skycommand <17097175+skycommand@users.noreply.github.com> Date: Sat, 28 Jan 2023 17:41:44 +0330 Subject: [PATCH 1/4] Typo fixes, style fixes - Fixed a paragraph that had mistakenly been merged into a warning box. - Fixed a typo. "File system object" (FSO) and "Group Policy Object" (GPO) are both written without a hyphen. --- .../security-policy-settings/create-symbolic-links.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 82c3f5ffc9..4f4e7f1e57 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -29,9 +29,10 @@ Describes the best practices, location, values, policy management, and security This user right determines if users can create a symbolic link from the device they're logged on to. -A symbolic link is a file-system object that points to another file-system object that is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links. +A symbolic link is a file system object that points to another file system object that is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links. >**Warning:**   This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. + Constant: SeCreateSymbolicLinkPrivilege ### Possible values From 9595f78b593c02a6f4c93b435a23fa015bc229aa Mon Sep 17 00:00:00 2001 From: skycommand <17097175+skycommand@users.noreply.github.com> Date: Sun, 29 Jan 2023 14:53:14 +0330 Subject: [PATCH 2/4] Update windows/security/threat-protection/security-policy-settings/create-symbolic-links.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../security-policy-settings/create-symbolic-links.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md index 4f4e7f1e57..cc0957e9e8 100644 --- a/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md +++ b/windows/security/threat-protection/security-policy-settings/create-symbolic-links.md @@ -31,7 +31,8 @@ This user right determines if users can create a symbolic link from the device t A symbolic link is a file system object that points to another file system object that is called the target. Symbolic links are transparent to users. The links appear as normal files or directories, and they can be acted upon by the user or application in exactly the same manner. Symbolic links are designed to aid in migration and application compatibility with UNIX operating systems. Microsoft has implemented symbolic links to function just like UNIX links. ->**Warning:**   This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. +> [!WARNING] +> This privilege should only be given to trusted users. Symbolic links can expose security vulnerabilities in applications that aren't designed to handle them. Constant: SeCreateSymbolicLinkPrivilege From 9df2d8fb8d050c771b1e8f8d8a6bc995c015dadc Mon Sep 17 00:00:00 2001 From: skycommand <17097175+skycommand@users.noreply.github.com> Date: Sun, 29 Jan 2023 14:59:58 +0330 Subject: [PATCH 3/4] Update act-as-part-of-the-operating-system.md --- .../act-as-part-of-the-operating-system.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md index 5c6402aa17..ed12776057 100644 --- a/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md +++ b/windows/security/threat-protection/security-policy-settings/act-as-part-of-the-operating-system.md @@ -28,6 +28,7 @@ Describes the best practices, location, values, policy management, and security ## Reference The **Act as part of the operating system** policy setting determines whether a process can assume the identity of any user and thereby gain access to the resources that the user is authorized to access. Typically, only low-level authentication services require this user right. Potential access isn't limited to what is associated with the user by default. The calling process may request that arbitrary extra privileges be added to the access token. The calling process may also build an access token that doesn't provide a primary identity for auditing in the system event logs. + Constant: SeTcbPrivilege ### Possible values From 80c706a51760c02b6228fdb99a06b4c7f03ea421 Mon Sep 17 00:00:00 2001 From: skycommand <17097175+skycommand@users.noreply.github.com> Date: Sun, 29 Jan 2023 15:14:41 +0330 Subject: [PATCH 4/4] Update lock-pages-in-memory.md --- .../security-policy-settings/lock-pages-in-memory.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md index d7510658e7..5f6ed628f4 100644 --- a/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md +++ b/windows/security/threat-protection/security-policy-settings/lock-pages-in-memory.md @@ -33,7 +33,8 @@ Normally, an application running on Windows can negotiate for more physical memo Enabling this policy setting for a specific account (a user account or a process account for an application) prevents paging of the data. Thereby, the amount of memory that Windows can reclaim under pressure is limited. This limitation could lead to performance degradation. ->**Note:**  By configuring this policy setting, the performance of the Windows operating system will differ depending on if applications are running on 32-bit or 64-bit systems, and if they are virtualized images. Performance will also differ between earlier and later versions of the Windows operating system. +> [!NOTE] +> By configuring this policy setting, the performance of the Windows operating system will differ depending on if applications are running on 32-bit or 64-bit systems, and if they are virtualized images. Performance will also differ between earlier and later versions of the Windows operating system. Constant: SeLockMemoryPrivilege