From da4388afacee8778997f255fba67725e86938012 Mon Sep 17 00:00:00 2001 From: andreiztm Date: Mon, 25 Feb 2019 15:46:43 +0200 Subject: [PATCH 1/4] Documenting known issue and updating guidance for servers On WS2016 a known issue was discovered that is already fixed starting with 1703. For WS2016 a different key needs to be set through Group Policy, for the KMS server to not connect to Microsoft. --- ...s-operating-system-components-to-microsoft-services.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 75f9a40255..adb861c877 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1726,7 +1726,7 @@ For Windows 10: - Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). -For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core: +For Windows Server 2019 or later: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation** @@ -1734,6 +1734,12 @@ For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Co - Create a REG\_DWORD registry setting named **NoGenTicket** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). +For Windows Server 2016: +- Create a REG\_DWORD registry setting named **NoAcquireGT** in **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one). + +>[!NOTE] +>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead. + The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS. ### 19. Storage health From da0c2c687826520f1dbe0f92528676fe71a42812 Mon Sep 17 00:00:00 2001 From: JC <47532346+Jcoetsee@users.noreply.github.com> Date: Thu, 28 Feb 2019 00:20:47 +0200 Subject: [PATCH 2/4] change made to unrestricted powershell cmd change made to unrestricted powershell cmd Please see https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2739 --- windows/deployment/windows-autopilot/add-devices.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md index db20123f7a..cdb9e46e2b 100644 --- a/windows/deployment/windows-autopilot/add-devices.md +++ b/windows/deployment/windows-autopilot/add-devices.md @@ -50,7 +50,7 @@ To use this script, you can download it from the PowerShell Gallery and run it o ```powershell md c:\\HWID Set-Location c:\\HWID -Set-ExecutionPolicy Unrestricted +Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted Install-Script -Name Get-WindowsAutoPilotInfo Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv ``` From 8803a2fa084f93dd28f03af49e0bf7a738570fd9 Mon Sep 17 00:00:00 2001 From: Nicole Turner <39884432+nenonix@users.noreply.github.com> Date: Thu, 7 Mar 2019 20:52:45 +0200 Subject: [PATCH 3/4] Update configure-splunk-windows-defender-advanced-threat-protection.md Fixes https://github.com/MicrosoftDocs/windows-itpro-docs/issues/2826 --- ...figure-splunk-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md index 259719c095..ba8f81a9ba 100644 --- a/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/security/threat-protection/windows-defender-atp/configure-splunk-windows-defender-advanced-threat-protection.md @@ -111,7 +111,7 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. Set sourcetype - From list + Manual Source type From 04c2056917c524133fcebe9aa725ec6a6a6fd26c Mon Sep 17 00:00:00 2001 From: Harshitha Chidananda Murthy Date: Thu, 7 Mar 2019 17:01:31 -0800 Subject: [PATCH 4/4] changed wording from business to IT --- devices/surface/surface-diagnostic-toolkit-business.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/devices/surface/surface-diagnostic-toolkit-business.md b/devices/surface/surface-diagnostic-toolkit-business.md index 7325a15492..0a73499333 100644 --- a/devices/surface/surface-diagnostic-toolkit-business.md +++ b/devices/surface/surface-diagnostic-toolkit-business.md @@ -60,7 +60,7 @@ SDT for Business is supported on Surface 3 and later devices, including: To create an SDT package that you can distribute to users in your organization, you first need to install SDT at a command prompt and set a custom flag to install the tool in admin mode. SDT contains the following install option flags: - `SENDTELEMETRY` sends telemetry data to Microsoft. The flag accepts `0` for disabled or `1` for enabled. The default value is `1` to send telemetry. -- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for Business client mode or `1` for Business Administrator mode. The default value is `0`. +- `ADMINMODE` configures the tool to be installed in admin mode. The flag accepts `0` for client mode or `1` for IT Administrator mode. The default value is `0`. **To install SDT in ADMINMODE:**