From 34d5c84ea3cc9ac3935bb0be2219f10884cf889b Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 27 Apr 2016 11:39:23 -0700 Subject: [PATCH 01/16] finishing intro sentence --- windows/keep-secure/audit-removable-storage.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/audit-removable-storage.md b/windows/keep-secure/audit-removable-storage.md index 6046b1b29c..5c9276822b 100644 --- a/windows/keep-secure/audit-removable-storage.md +++ b/windows/keep-secure/audit-removable-storage.md @@ -1,6 +1,6 @@ --- title: Audit Removable Storage (Windows 10) -description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines . +description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive. ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26 ms.prod: W10 ms.mktglfcycl: deploy @@ -15,9 +15,9 @@ author: brianlic-msft - Windows 10 -This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines . +This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines when there is a read or a write to a removable drive. -Event volume: +Event volume: Low Default: Not configured From 7371e7c1305b498d874dcee17acf1beec34519de Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 27 Apr 2016 16:54:13 -0700 Subject: [PATCH 02/16] fixing table --- .../about-client-configuration-settings51.md | 478 ++---------------- 1 file changed, 40 insertions(+), 438 deletions(-) diff --git a/mdop/appv-v5/about-client-configuration-settings51.md b/mdop/appv-v5/about-client-configuration-settings51.md index e8512afd4f..f77a20a083 100644 --- a/mdop/appv-v5/about-client-configuration-settings51.md +++ b/mdop/appv-v5/about-client-configuration-settings51.md @@ -15,444 +15,46 @@ The Microsoft Application Virtualization (App-V) 5.1 client stores its configura The following table displays information about the App-V 5.1 client configuration settings: - -------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Setting NameSetup FlagDescriptionSetting OptionsRegistry Key ValueDisabled Policy State Keys and Values

PackageInstallationRoot

PACKAGEINSTALLATIONROOT

Specifies directory where all new applications and updates will be installed.

String

Streaming\PackageInstallationRoot

Policy value not written (same as Not Configured)

PackageSourceRoot

PACKAGESOURCEROOT

Overrides source location for downloading package content.

String

Streaming\PackageSourceRoot

Policy value not written (same as Not Configured)

AllowHighCostLaunch

Not available.

This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).

True (enabled); False (Disabled state)

Streaming\AllowHighCostLaunch

0

ReestablishmentRetries

Not available.

Specifies the number of times to retry a dropped session.

Integer (0-99)

Streaming\ReestablishmentRetries

Policy value not written (same as Not Configured)

ReestablishmentInterval

Not available.

Specifies the number of seconds between attempts to reestablish a dropped session.

Integer (0-3600)

Streaming\ReestablishmentInterval

Policy value not written (same as Not Configured)

AutoLoad

AUTOLOAD

Specifies how new packages should be loaded automatically by App-V on a specific computer.

(0x0) None; (0x1) Previously used; (0x2) All

Streaming\AutoLoad

Policy value not written (same as Not Configured)

LocationProvider

Not available.

Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.

String

Streaming\LocationProvider

Policy value not written (same as Not Configured)

CertFilterForClientSsl

Not available.

Specifies the path to a valid certificate in the certificate store.

String

Streaming\CertFilterForClientSsl

Policy value not written (same as Not Configured)

VerifyCertificateRevocationList

Not available.

Verifies Server certificate revocation status before steaming using HTTPS.

True(enabled); False(Disabled state)

Streaming\VerifyCertificateRevocationList

0

SharedContentStoreMode

SHAREDCONTENTSTOREMODE

Specifies that streamed package contents will be not be saved to the local hard disk.

True(enabled); False(Disabled state)

Streaming\SharedContentStoreMode

0

Name

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

PUBLISHINGSERVERNAME

Displays the name of publishing server.

String

Publishing\Servers\{serverId}\FriendlyName

Policy value not written (same as Not Configured)

URL

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

PUBLISHINGSERVERURL

Displays the URL of publishing server.

String

Publishing\Servers\{serverId}\URL

Policy value not written (same as Not Configured)

GlobalRefreshEnabled

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

GLOBALREFRESHENABLED

Enables global publishing refresh (Boolean)

True(enabled); False(Disabled state)

Publishing\Servers\{serverId}\GlobalEnabled

False

GlobalRefreshOnLogon

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

GLOBALREFRESHONLOGON

Triggers a global publishing refresh on logon. ( Boolean)

True(enabled); False(Disabled state)

Publishing\Servers\{serverId}\GlobalLogonRefresh

False

GlobalRefreshInterval

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

GLOBALREFRESHINTERVAL  

Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.

Integer (0-744

Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval

0

GlobalRefreshIntervalUnit

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

GLOBALREFRESHINTERVALUNI

Specifies the interval unit (Hour 0-23, Day 0-31). 

0 for hour, 1 for day

Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit

1

UserRefreshEnabled

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

USERREFRESHENABLED 

Enables user publishing refresh (Boolean)

True(enabled); False(Disabled state)

Publishing\Servers\{serverId}\UserEnabled

False

UserRefreshOnLogon

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

USERREFRESHONLOGON

Triggers a user publishing refresh onlogon. ( Boolean)

-

Word count (with spaces): 60

True(enabled); False(Disabled state)

Publishing\Servers\{serverId}\UserLogonRefresh

False

UserRefreshInterval

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

USERREFRESHINTERVAL     

Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.

-

Word count (with spaces): 85

Integer (0-744 Hours)

Publishing\Servers\{serverId}\UserPeriodicRefreshInterval

0

UserRefreshIntervalUnit

-
-Note   -

This setting cannot be modified using the set-AppvclientConfiguration cmdLet. You must use the Set-AppvPublishingServer cmdlet.

-
-
-  -

USERREFRESHINTERVALUNIT  

Specifies the interval unit (Hour 0-23, Day 0-31). 

0 for hour, 1 for day

Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit

1

MigrationMode

MIGRATIONMODE

Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.

True(enabled state); False (disabled state)

Coexistence\MigrationMode

CEIPOPTIN

CEIPOPTIN

Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application.

0 for disabled; 1 for enabled

SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable

0

EnablePackageScripts

ENABLEPACKAGESCRIPTS

Enables scripts defined in the package manifest of configuration files that should run.

True(enabled); False(Disabled state)

\Scripting\EnablePackageScripts

RoamingFileExclusions

ROAMINGFILEEXCLUSIONS

Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'

RoamingRegistryExclusions

ROAMINGREGISTRYEXCLUSIONS

Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients

String

Integration\RoamingReglstryExclusions

Policy value not written (same as Not Configured)

IntegrationRootUser

Not available.

Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.

String

Integration\IntegrationRootUser

Policy value not written (same as Not Configured)

IntegrationRootGlobal

Not available.

Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration

String

Integration\IntegrationRootGlobal

Policy value not written (same as Not Configured)

VirtualizableExtensions

Not available.

A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.

-

When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the RunVirtual command line parameter will be added, and the application will run virtually.

-

For more information about the RunVirtual parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md).

String

Integration\VirtualizableExtensions

Policy value not written

ReportingEnabled

Not available.

Enables the client to return information to a reporting server.

True (enabled); False (Disabled state)

Reporting\EnableReporting

False

ReportingServerURL

Not available.

Specifies the location on the reporting server where client information is saved.

String

Reporting\ReportingServer

Policy value not written (same as Not Configured)

ReportingDataCacheLimit

Not available.

Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.

Integer [0-1024]

Reporting\DataCacheLimit

Policy value not written (same as Not Configured)

ReportingDataBlockSize

Not available.

Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.

Integer [1024 - Unlimited]

Reporting\DataBlockSize

Policy value not written (same as Not Configured)

ReportingStartTime

Not available.

Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the ReportingStartTime will start on the current day at 10 P.M.or 22.

-
-Note   -

You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline.

-
-
-  -

Integer (0 – 23)

Reporting\ StartTime

Policy value not written (same as Not Configured)

ReportingInterval

Not available.

Specifies the retry interval that the client will use to resend data to the reporting server.

Integer

Reporting\RetryInterval

Policy value not written (same as Not Configured)

ReportingRandomDelay

Not available.

Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data. This can help to prevent collisions on the server.

Integer [0 - ReportingRandomDelay]

Reporting\RandomDelay

Policy value not written (same as Not Configured)

EnableDynamicVirtualization

-
-Important   -

This setting is available only with App-V 5.0 SP2 or later.

-
-
-  -

Not available.

Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.

1 (Enabled), 0 (Disabled)

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization

EnablePublishingRefreshUI

-
-Important   -

This setting is available only with App-V 5.0 SP2.

-
-
-  -

Not available.

Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client.

1 (Enabled), 0 (Disabled)

HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing

HideUI

-
-Important   -

This setting is available only with App-V 5.0 SP2.

-
-
-  -

Not available.

Hides the publishing refresh progress bar.

1 (Enabled), 0 (Disabled)

ProcessesUsingVirtualComponents

Not available.

Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.

String

Virtualization\ProcessesUsingVirtualComponents

Empty string.

- -  +|Setting name | Setup Flag | Description | Setting Options | Registry Key Value | Disabled Policy State Keys and Values | +|-------------|------------|-------------|-----------------|--------------------|--------------------------------------| +| PackageInstallationRoot | PACKAGEINSTALLATIONROOT | Specifies directory where all new applications and updates will be installed. | String | Streaming\PackageInstallationRoot | Policy value not written (same as Not Configured) | +| PackageSourceRoot | PACKAGESOURCEROOT | Overrides source location for downloading package content. | String | Streaming\PackageSourceRoot | Policy value not written (same as Not Configured) | +| AllowHighCostLaunch | Not available. |This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | True (enabled); False (Disabled state) | Streaming\AllowHighCostLaunch | 0 | +| ReestablishmentRetries | Not available. | Specifies the number of times to retry a dropped session. | Integer (0-99) | Streaming\ReestablishmentRetries | Policy value not written (same as Not Configured) | +| ReestablishmentInterval | Not available. | Specifies the number of seconds between attempts to reestablish a dropped session. | Integer (0-3600) | Streaming\ReestablishmentInterval | Policy value not written (same as Not Configured) | +| LocationProvider | Not available. | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | String | Streaming\LocationProvider | Policy value not written (same as Not Configured) | +| CertFilterForClientSsl | Not available. | Specifies the path to a valid certificate in the certificate store. | String | Streaming\CertFilterForClientSsl | Policy value not written (same as Not Configured) | +| VerifyCertificateRevocationList | Not available. | Verifies Server certificate revocation status before steaming using HTTPS. | True(enabled); False(Disabled state) | Streaming\VerifyCertificateRevocationList | 0 | +| SharedContentStoreMode | SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. | True(enabled); False(Disabled state) | Streaming\SharedContentStoreMode | 0 | +| Name
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERNAME | Displays the name of publishing server. | String | Publishing\Servers\{serverId}\FriendlyName | Policy value not written (same as Not Configured) | +| URL
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERURL | Displays the URL of publishing server. | String | Publishing\Servers\{serverId}\URL | Policy value not written (same as Not Configured) | +| GlobalRefreshEnabled
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHENABLED | Enables global publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalEnabled | False | +| GlobalRefreshOnLogon
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHONLOGON | Triggers a global publishing refresh on logon. ( Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalLogonRefresh | False | +| GlobalRefreshInterval
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Integer (0-744) | Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval | 0 | +| GlobalRefreshIntervalUnit
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVALUNI | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit | 1 | +| UserRefreshEnabled
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHENABLED | Enables user publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserEnabled | False | +| UserRefreshOnLogon
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHONLOGON | Triggers a user publishing refresh onlogon. ( Boolean)
Word count (with spaces): 60 | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserLogonRefresh | False | +| UserRefreshInterval
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVAL | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Word count (with spaces): 85
Integer (0-744 Hours) | Publishing\Servers\{serverId}\UserPeriodicRefreshInterval | 0 | +| UserRefreshIntervalUnit
**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVALUNIT | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit | 1 | +| MigrationMode | MIGRATIONMODE | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V. | True(enabled state); False (disabled state) | Coexistence\MigrationMode | | +| CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 | +| EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | | +| RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | | +| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingReglstryExclusions | Policy value not written (same as Not Configured) | +| IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) | +|IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) | +| VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.
When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.
For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written | +| ReportingEnabled | Not available. | Enables the client to return information to a reporting server. | True (enabled); False (Disabled state) | Reporting\EnableReporting | False | +| ReportingServerURL | Not available. | Specifies the location on the reporting server where client information is saved. | String | Reporting\ReportingServer | Policy value not written (same as Not Configured) | +| ReportingDataCacheLimit | Not available. | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Integer [0-1024] | Reporting\DataCacheLimit | Policy value not written (same as Not Configured) | +| ReportingDataBlockSize| Not available. | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Integer [1024 - Unlimited] | Reporting\DataBlockSize | Policy value not written (same as Not Configured) | +| ReportingStartTime | Not available. | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.
**Note** You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. | Integer (0 – 23) | Reporting\ StartTime | Policy value not written (same as Not Configured) | +| ReportingInterval | Not available. | Specifies the retry interval that the client will use to resend data to the reporting server. | Integer | Reporting\RetryInterval | Policy value not written (same as Not Configured) | +| ReportingRandomDelay | Not available. | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Integer [0 - ReportingRandomDelay] | Reporting\RandomDelay | Policy value not written (same as Not Configured) | +| EnableDynamicVirtualization
**Important** This setting is available only with App-V 5.0 SP2 or later. | Not available. | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization | | +| EnablePublishingRefreshUI
**Important** This setting is available only with App-V 5.0 SP2. | Not available. | Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing | | +| HideUI
**Important**  This setting is available only with App-V 5.0 SP2.| Not available. | Hides the publishing refresh progress bar. | 1 (Enabled), 0 (Disabled) | | | +| ProcessesUsingVirtualComponents | Not available. | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | String | Virtualization\ProcessesUsingVirtualComponents | Empty string. | ## Got a suggestion for App-V? From 83248415131e37e6f4cef1d5c042f54dfd0451d6 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 28 Apr 2016 07:59:48 -0700 Subject: [PATCH 03/16] Updated to fix VS #7371643 --- windows/keep-secure/index.md | 2 +- windows/keep-secure/protect-enterprise-data-using-edp.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/index.md b/windows/keep-secure/index.md index 80a12f1d0e..f2a2ac4b8c 100644 --- a/windows/keep-secure/index.md +++ b/windows/keep-secure/index.md @@ -62,7 +62,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.

[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)

-

With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.

+

With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.

[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)

diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md index 6c688aa008..132514c566 100644 --- a/windows/keep-secure/protect-enterprise-data-using-edp.md +++ b/windows/keep-secure/protect-enterprise-data-using-edp.md @@ -17,7 +17,7 @@ author: eross-msft [Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] -With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage. +With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside EDP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client. From 7fe006e16e35452b3be17ed50f182b916c3137ef Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 28 Apr 2016 08:53:39 -0700 Subject: [PATCH 04/16] fixing table --- ...aging-app-v-51-virtualized-applications.md | 182 ++++++------------ 1 file changed, 62 insertions(+), 120 deletions(-) diff --git a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md index bc1485ab15..cf8080c563 100644 --- a/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md +++ b/mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md @@ -11,7 +11,7 @@ author: jamiejdt After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application. **Note**   -For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx). +For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).   @@ -146,125 +146,67 @@ Copy on write (CoW) file extensions allow App-V 5.1 to dynamically write to spec The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.1 client. All other files and directories can be modified. -.acm - -.asa - -.asp - -.aspx - -.ax - -.bat - -.cer - -.chm - -.clb - -.cmd - -.cnt - -.cnv - -.com - -.cpl - -.cpx - -.crt - -.dll - -.drv - -.exe - -.fon - -.grp - -.hlp - -.hta - -.ime - -.inf - -.ins - -.isp - -.its - -.js - -.jse - -.lnk - -.msc - -.msi - -.msp - -.mst - -.mui - -.nls - -.ocx - -.pal - -.pcd - -.pif - -.reg - -.scf - -.scr - -.sct - -.shb - -.shs - -.sys - -.tlb - -.tsp - -.url - -.vb - -.vbe - -.vbs - -.vsmacros - -.ws - -.esc - -.wsf - -.wsh - -  +| File type | +| --------- | +| .acm | +| .asa | +| .asp | +| .aspx | +| .ax | +| .bat | +| .cer | +| .chm | +| .clb | +| .cmd | +| .cnt | +| .cnv | +| .com | +| .cpl | +| .cpx | +| .crt | +| .dll | +| .drv | +| .exe | +| .fon | +| .grp | +| .hlp | +| .hta | +| .ime | +| .inf | +| .ins | +| .isp | +| .its | +| .js | +| .jse | +| .lnk | +| .msc | +| .msi | +| .msp | +| .mst | +| .mui | +| .nls | +| .ocx | +| .pal | +| .pcd | +| .pif | +| .reg | +| .scf | +| .scr | +| .sct | +| .shb | +| .shs | +| .sys | +| .tlb | +| .tsp | +| .url | +| .vb | +| .vbe | +| .vbs | +| .vsmacros | +| .ws | +| .esc | +| .wsf | +| .wsh | ## Modifying an existing virtual application package From ba47a67dc2145fe019869c9a6a0367ff16455ac6 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Thu, 28 Apr 2016 09:40:22 -0700 Subject: [PATCH 05/16] fixed code blocks --- ...ate-or-edit-the-sms-defmof-file-mbam-25.md | 36 +++++++++---------- .../edit-the-configurationmof-file-mbam-25.md | 36 +++++++++---------- 2 files changed, 36 insertions(+), 36 deletions(-) diff --git a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md index 89d24f23b8..104e174531 100644 --- a/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md +++ b/mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md @@ -27,8 +27,8 @@ In the following sections, complete the instructions that correspond to the vers // Microsoft BitLocker Administration and Monitoring //=================================================== -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("BitLocker Encryption Details"), SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] @@ -66,8 +66,8 @@ In the following sections, complete the instructions that correspond to the vers String EnforcePolicyDate; }; -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [ SMS_Report(TRUE), SMS_Group_Name("BitLocker Policy"), SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")] @@ -110,8 +110,8 @@ In the following sections, complete the instructions that correspond to the vers }; //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("Operating System Ex"), SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] @@ -124,8 +124,8 @@ In the following sections, complete the instructions that correspond to the vers }; //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("Computer System Ex"), SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] @@ -193,8 +193,8 @@ In the following sections, complete the instructions that correspond to the vers // Microsoft BitLocker Administration and Monitoring //=================================================== -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("BitLocker Encryption Details"), SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")] @@ -232,8 +232,8 @@ In the following sections, complete the instructions that correspond to the vers String EnforcePolicyDate; }; -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [ SMS_Report(TRUE), SMS_Group_Name("BitLocker Policy"), SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), @@ -278,8 +278,8 @@ In the following sections, complete the instructions that correspond to the vers string EncodedComputerName; }; -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [ SMS_Report(TRUE), SMS_Group_Name("BitLocker Policy"), SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"), @@ -325,8 +325,8 @@ In the following sections, complete the instructions that correspond to the vers }; //Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista. -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("Operating System Ex"), SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ] @@ -339,8 +339,8 @@ In the following sections, complete the instructions that correspond to the vers }; //Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista. -#pragma namespace ("\\\\.\\root\\cimv2\\SMS") -#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2\\SMS") + #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [ SMS_Report (TRUE), SMS_Group_Name ("Computer System Ex"), SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ] diff --git a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md index f19930748f..b920db9b8e 100644 --- a/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md +++ b/mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md @@ -25,8 +25,8 @@ To enable the client computers to report BitLocker compliance details through th // Microsoft BitLocker Administration and Monitoring //=================================================== -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { @@ -62,8 +62,8 @@ To enable the client computers to report BitLocker compliance details through th String EnforcePolicyDate; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { @@ -124,8 +124,8 @@ To enable the client computers to report BitLocker compliance details through th EncodedComputerName; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended @@ -136,8 +136,8 @@ To enable the client computers to report BitLocker compliance details through th uint32 SKU; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended @@ -168,8 +168,8 @@ To enable the client computers to report BitLocker compliance details through th // Microsoft BitLocker Administration and Monitoring //=================================================== -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL) [Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")] class Win32_BitLockerEncryptionDetails { @@ -205,8 +205,8 @@ To enable the client computers to report BitLocker compliance details through th String EnforcePolicyDate; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy { @@ -267,8 +267,8 @@ To enable the client computers to report BitLocker compliance details through th EncodedComputerName; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL) [DYNPROPS] Class Win32Reg_MBAMPolicy_64 { @@ -329,8 +329,8 @@ To enable the client computers to report BitLocker compliance details through th EncodedComputerName; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL) [Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_OperatingSystemExtended @@ -341,8 +341,8 @@ To enable the client computers to report BitLocker compliance details through th uint32 SKU; }; -#pragma namespace ("\\\\.\\root\\cimv2") -#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) + #pragma namespace ("\\\\.\\root\\cimv2") + #pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL) [Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"}, dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")] class CCM_ComputerSystemExtended From 7eeb7b083f0a95e2bd8b355c6af71f29415084d1 Mon Sep 17 00:00:00 2001 From: "J. Decker" Date: Thu, 28 Apr 2016 09:48:22 -0700 Subject: [PATCH 06/16] fix formatting --- windows/manage/windows-10-start-layout-options-and-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/windows-10-start-layout-options-and-policies.md b/windows/manage/windows-10-start-layout-options-and-policies.md index 142e4e88a6..5a0c3eadfe 100644 --- a/windows/manage/windows-10-start-layout-options-and-policies.md +++ b/windows/manage/windows-10-start-layout-options-and-policies.md @@ -57,7 +57,7 @@ The following table lists the different parts of Start and any applicable policy

-and-

Dynamically inserted app tile

MDM: Allow Windows Consumer Features

-

Group Policy: Computer Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off Microsoft consumer experiences

+

Group Policy: Computer Configuration\\Administrative Templates\\Windows Components\\Cloud Content\\Turn off Microsoft consumer experiences

Note  

This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu.

From 56915118b2cc7fa9caa9012cee45bc878a3adeb4 Mon Sep 17 00:00:00 2001 From: LizRoss Date: Thu, 28 Apr 2016 10:10:08 -0700 Subject: [PATCH 07/16] Updated for task #7360131 --- ...ct-data-using-enterprise-site-discovery.md | 87 +++++++++++-------- 1 file changed, 49 insertions(+), 38 deletions(-) diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md index 3c72362e33..4d6f071016 100644 --- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md +++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md @@ -16,9 +16,9 @@ title: Collect data using Enterprise Site Discovery - Windows 8.1 Update - Windows 7 with Service Pack 1 (SP1) -Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. +Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades. -## Requirements +## Before you begin Before you start, you need to make sure you have the following: - Latest cumulative security update (for all supported versions of Internet Explorer): @@ -43,7 +43,7 @@ Before you start, you need to make sure you have the following: You must use System Center 2012 R2 Configuration Manager or later for these samples to work. -Both the PowerShell script and .mof file need to be copied to the same location on the client computer, before you run the scripts. +Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts. ## What data is collected? Data is collected on the configuration characteristics of IE and the sites it browses, as shown here. @@ -67,7 +67,7 @@ Data is collected on the configuration characteristics of IE and the sites it br The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. ## Where is the data stored and how do I collect it? -The data is stored locally, in an industry-standard WMI class, Managed Object Format (.MOF) file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend: +The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend: - **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer. @@ -80,48 +80,55 @@ On average, a website generates about 250bytes of data for each visit, causing o

**Important**
The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements. ## Getting ready to use Enterprise Site Discovery +Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options: + +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

+-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

+-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.

**Important**
You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output. - ![](images/wedge.gif) **To set up Enterprise Site Discovery** +![](images/wedge.gif) **To set up Enterprise Site Discovery** -- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460). - -### Optional: Set up your firewall for WMI data +- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460). +### WMI only: Set up your firewall for WMI data If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps: - ![](images/wedge.gif) **To set up your firewall** +![](images/wedge.gif) **To set up your firewall** -1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**. +1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**. -2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**. +2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**. -3. Restart your computer to start collecting your WMI data. +3. Restart your computer to start collecting your WMI data. -## Setting up Enterprise Site Discovery using PowerShell -After you finish the initial setup for Site Discovery using PowerShell, you have the option to continue with PowerShell or to switch to Group Policy. +## Use PowerShell to finish setting up Enterprise Site Discovery +You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).

**Important**
The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device. -### Setting up zones or domains for data collection -You can determine which zones or domains are used for data collection, using PowerShell. +- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process. -- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process. - -- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process. +- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process. ![](images/wedge.gif) **To set up data collection using a domain allow list** - -- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. -

**Important**
Wildcards, like \*.microsoft.com, aren’t supported. + + - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`. + + **Important**
Wildcards, like \*.microsoft.com, aren’t supported. ![](images/wedge.gif) **To set up data collection using a zone allow list** + + - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. + + **Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. -- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`. -

**Important**
Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported. - -## Setting up Enterprise Site Discovery using Group Policy -If you don’t want to continue using PowerShell, you can switch to Group Policy after the initial Site Discovery setup. +## Use Group Policy to finish setting up Enterprise Site Discovery +You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).

**Note**
 All of the Group Policy settings can be used individually or as a group. ![](images/wedge.gif) **To set up Enterprise Site Discovery using Group Policy** @@ -136,7 +143,6 @@ If you don’t want to continue using PowerShell, you can switch to Group Policy |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:

microsoft.sharepoint.com
outlook.com
onedrive.com
timecard.contoso.com
LOBApp.contoso.com | ### Combining WMI and XML Group Policy settings - You can use both the WMI and XML settings individually or together, based on: ![](images/wedge.gif) **To turn off Enterprise Site Discovery** @@ -163,12 +169,17 @@ You can use both the WMI and XML settings individually or together, based on:

  • Turn on Site Discovery XML output: XML file path
    • - ## Use Configuration Manager to collect your data -After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, in one of the following ways. +After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options: -### Collect your hardware inventory using the MOF Editor while connecting to a computer -You can collect your hardware inventory using the MOF Editor, while you’re connected to your client computers. +- Collect your hardware inventory using the MOF Editor, while connecting to a client device.

    +-OR- +- Collect your hardware inventory using the MOF Editor with a .MOF import file.

    +-OR- +- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) + +### Collect your hardware inventory using the MOF Editor while connected to a client device +You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices. ![](images/wedge.gif) **To collect your inventory** @@ -193,8 +204,8 @@ You can collect your hardware inventory using the MOF Editor, while you’re con 5. Click **OK** to close the default windows.
    Your environment is now ready to collect your hardware inventory and review the sample reports. -### Collect your hardware inventory using the MOF Editor with a MOF import file -You can collect your hardware inventory using the MOF Editor and a MOF import file. +### Collect your hardware inventory using the MOF Editor with a .MOF import file +You can collect your hardware inventory using the MOF Editor and a .MOF import file. ![](images/wedge.gif) **To collect your inventory** @@ -207,8 +218,8 @@ You can collect your hardware inventory using the MOF Editor and a MOF import fi 4. Click **OK** to close the default windows.
    Your environment is now ready to collect your hardware inventory and review the sample reports. -### Collect your hardware inventory using the SMS\DEF.MOF file -You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. +### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only) +You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option. ![](images/wedge.gif) **To collect your inventory** @@ -281,7 +292,7 @@ You can collect your hardware inventory using the using the Systems Management S 3. Save the file and close it to the same location.
    Your environment is now ready to collect your hardware inventory and review the sample reports. -### Viewing the sample reports +## View the sample reports with your collected data The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data. ### SCCM Report Sample – ActiveX.rdl @@ -336,7 +347,7 @@ Each site is validated and if successful, added to the global site list when you 3. Click **OK** to close the **Bulk add sites to the list** menu. -## Turn off data collection on your client computers +## Turn off data collection on your client devices After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off. ![](images/wedge.gif) **To stop collecting data, using PowerShell** From 552ffb838184fe7a559e109607e2eadc5d95b413 Mon Sep 17 00:00:00 2001 From: "J. Decker" Date: Thu, 28 Apr 2016 11:09:11 -0700 Subject: [PATCH 08/16] smb hardening --- .../keep-secure/windows-10-security-guide.md | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md index fbcf34aefe..b5f748c2f1 100644 --- a/windows/keep-secure/windows-10-security-guide.md +++ b/windows/keep-secure/windows-10-security-guide.md @@ -355,7 +355,10 @@ Table 3. Threats and Windows 10 mitigations Windows 10 mitigation - + +

    "Man in the middle" attacks, when an attacker reroutes communications between two users through the attacker's computer without the knowledge of the two communicating users

    +

    Client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos).

    +

    Firmware bootkits replace the firmware with malware.

    All certified PCs include a UEFI with Secure Boot, which requires signed firmware for updates to UEFI and Option ROMs.

    @@ -395,6 +398,22 @@ Table 3. Threats and Windows 10 mitigations The sections that follow describe these improvements in more detail. +**SMB hardening improvements for SYSVOL and NETLOGON connections** + +In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos). + +- **What value does this change add?** +This change reduces the likelihood of man-in-the-middle attacks. + +- **What works differently?** +If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts. + + +> **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values. + +For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215). + + **Secure hardware** Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors. From 98e240371f24c63ce292bd3a6493f6477afea795 Mon Sep 17 00:00:00 2001 From: "J. Decker" Date: Thu, 28 Apr 2016 11:47:45 -0700 Subject: [PATCH 09/16] removed colgroup --- windows/keep-secure/windows-10-security-guide.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md index b5f748c2f1..91964d3da0 100644 --- a/windows/keep-secure/windows-10-security-guide.md +++ b/windows/keep-secure/windows-10-security-guide.md @@ -345,10 +345,6 @@ Table 3 lists specific malware threats and the mitigation that Windows 10 provi Table 3. Threats and Windows 10 mitigations ---- From 3171b1c0e75a55367db573448a42fa8ac372e5bc Mon Sep 17 00:00:00 2001 From: "J. Decker" Date: Thu, 28 Apr 2016 11:48:45 -0700 Subject: [PATCH 10/16] spell out smb --- windows/keep-secure/windows-10-security-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md index 91964d3da0..586d509b57 100644 --- a/windows/keep-secure/windows-10-security-guide.md +++ b/windows/keep-secure/windows-10-security-guide.md @@ -396,7 +396,7 @@ The sections that follow describe these improvements in more detail. **SMB hardening improvements for SYSVOL and NETLOGON connections** -In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require SMB signing and mutual authentication (such as Kerberos). +In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require Server Message Block (SMB) signing and mutual authentication (such as Kerberos). - **What value does this change add?** This change reduces the likelihood of man-in-the-middle attacks. From eb60deb49dc6bae0a2bc9bc633dd1846819e9760 Mon Sep 17 00:00:00 2001 From: "J. Decker" Date: Thu, 28 Apr 2016 12:03:03 -0700 Subject: [PATCH 11/16] added SM to changelist --- windows/keep-secure/change-history-for-keep-windows-10-secure.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 3752693094..3940db84d1 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -16,6 +16,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md |New or changed topic | Description | |----------------------|-------------| |[Protect derived domain credentials with Credential Guard](credential-guard.md) |Clarified Credential Guard protections | +|[Windows 10 security overview](windows-10-security-guide.md) |Added SMB hardening improvements for SYSVOL and NETLOGON connections | ## March 2016 From fb97df54a0b0b2c538f8d3751c73beefab55729c Mon Sep 17 00:00:00 2001 From: jamiejdt Date: Fri, 29 Apr 2016 17:56:04 -0700 Subject: [PATCH 12/16] Bug 6613390: Fix Documentation for App-V 5.0 SP3 -> 5.1 Server upgrade Corrected several files to provide better flow and to highlight required registry key fixes --- mdop/appv-v5/TOC.md | 1 + mdop/appv-v5/about-app-v-50-sp3.md | 2 +- mdop/appv-v5/about-app-v-51.md | 38 ++- mdop/appv-v5/check-reg-key-svr.md | 238 ++++++++++++++++ .../how-to-deploy-the-app-v-51-server.1.md | 269 ++++++++++++++++++ ...ing-to-app-v-51-from-a-previous-version.md | 5 +- 6 files changed, 545 insertions(+), 8 deletions(-) create mode 100644 mdop/appv-v5/check-reg-key-svr.md create mode 100644 mdop/appv-v5/how-to-deploy-the-app-v-51-server.1.md diff --git a/mdop/appv-v5/TOC.md b/mdop/appv-v5/TOC.md index 2e81d5ad03..1a7c936696 100644 --- a/mdop/appv-v5/TOC.md +++ b/mdop/appv-v5/TOC.md @@ -79,6 +79,7 @@ ##### [How to Access the Client Management Console 5.1](how-to-access-the-client-management-console51.md) ##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server 5.1](how-to-configure-the-client-to-receive-package-and-connection-groups-updates-from-the-publishing-server-51.md) #### [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) +##### [Check Registry Keys before installing App-V 5.x Server](check-reg-key-svr.md) ##### [How to Convert a Package Created in a Previous Version of App-V 5.1](how-to-convert-a-package-created-in-a-previous-version-of-app-v51.md) ##### [How to Migrate Extension Points From an App-V 4.6 SP2 Package to a Converted App-V 5.1 Package for All Users on a Specific Computer](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-a-converted-app-v-51-package-for-all-users-on-a-specific-computer.md) ##### [How to Migrate Extension Points From an App-V 4.6 SP2 Package to App-V 5.1 for a Specific User](how-to-migrate-extension-points-from-an-app-v-46-sp2-package-to-app-v-51-for-a-specific-user.md) diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md index a4418a6430..84f1b27782 100644 --- a/mdop/appv-v5/about-app-v-50-sp3.md +++ b/mdop/appv-v5/about-app-v-50-sp3.md @@ -197,7 +197,7 @@ Complete the following steps to upgrade each component of the App-V infrastructu
    Threat

     

    -

  • If you are upgrading the App-V Server from App-V SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).

    • +

  • If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).

  • Follow the steps in [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md).

    • diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md index 162630bae1..47d75bfb12 100644 --- a/mdop/appv-v5/about-app-v-51.md +++ b/mdop/appv-v5/about-app-v-51.md @@ -63,7 +63,7 @@ See the following links for the App-V 5.1 software prerequisites and supported c ## Migrating to App-V 5.1 -Use the following information to upgrade to App-V 5.1 from earlier versions. See [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) for more information. +Use the following information to upgrade to App-V 5.1 from earlier versions. See [Migrating to App-V 5.1 from a Previous Version](migrating-to-app-v-51-from-a-previous-version.md) for more information. ### Before you start the upgrade @@ -90,7 +90,7 @@ Review the following information before you start the upgrade:
    Note   -

    To use the App-V client user interface, download the existing version from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

    +

    Prior to App-V 5.0 SP2, the Client Management User Interface (UI) was provided with the App-V Client installation. For App-V 5.0 SP2 installations (or later), you can use the Client Management UI by downloading from [Application Virtualization 5.0 Client UI Application](http://www.microsoft.com/download/details.aspx?id=41186).

      @@ -98,7 +98,7 @@ Review the following information before you start the upgrade:

    Upgrading from App-V 4.x

    -

    For more information, see:

    +

    You must first upgrade to App-V 5.0. You cannot upgrade directly from App-V 4.x to App-V 5.1. For more information, see:

    • “Differences between App-V 4.6 and App-V 5.0” in [About App-V 5.0](about-app-v-50.md)

    • [Planning for Migrating from a Previous Version of App-V](planning-for-migrating-from-a-previous-version-of-app-v.md)

      • @@ -147,7 +147,35 @@ Complete the following steps to upgrade each component of the App-V infrastructu
       
      -

      See [How to Deploy the App-V 5.0 Server](how-to-deploy-the-app-v-50-server-50sp3.md)

      +

      Follow these steps:

      +
        +

      1. Do one of the following, depending on the method you are using to upgrade the Management database and/or Reporting database:

        + ++++ + + + + + + + + + + + + + + + + +
        Database upgrade methodStep

        Windows Installer

        Skip this step and go to step 2, “If you are upgrading the App-V Server...”

        SQL scripts

        Follow the steps in [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts.md).

        +

      2. If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in section [Check registry keys after installing the App-V 5.0 SP3 Server](#bkmk-check-reg-key-svr).

        3. +

      3. Follow the steps in [How to Deploy the App-V 5.1 Server](how-to-deploy-the-app-v-51-server.md)

        4. +

         

        +

      Step 2: Upgrade the App-V Sequencer.

      @@ -174,7 +202,7 @@ App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no ## What’s New in App-V 5.1 -These sections are for users who are already familiar with App-V and want to know what has changed in App-V 5.1. If you are not already familiar with App-V, you should start by reading [Planning for App-V 5.0](planning-for-app-v-50-rc.md). +These sections are for users who are already familiar with App-V and want to know what has changed in App-V 5.1. If you are not already familiar with App-V, you should start by reading [Planning for App-V 5.1](planning-for-app-v-51.md). ### App-V support for Windows 10 diff --git a/mdop/appv-v5/check-reg-key-svr.md b/mdop/appv-v5/check-reg-key-svr.md new file mode 100644 index 0000000000..40deca6793 --- /dev/null +++ b/mdop/appv-v5/check-reg-key-svr.md @@ -0,0 +1,238 @@ +--- +title: Check Registry Keys before installing App-V 5.x Server +description: Check Registry Keys before installing App-V 5.x Server +ms.assetid: +author: jamiejdt +--- + +# Check Registry Keys before installing App-V 5.x Server + +If you are upgrading the App-V Server from App-V 5.0 SP1 Hotfix Package 3 or later, complete the steps in this section before installing the App-V 5.x Server + + ++++ + + + + + + + + + + + + + + + + + + +

      When this step is required

      You are upgrading from App-V 5.0 SP1 with any subsequent Hotfix Packages that you installed by using an .msp file.

      Which components require that you do this step

      Only the App-V Server components that you are upgrading.

      When you need to do this step

      Before you upgrade the App-V Server to App-V 5.x

      What you need to do

      Using the information in the following tables, update each registry key value under HKLM\Software\Microsoft\AppV\Server with the value that you provided in your original server installation. Completing this step restores registry values that may have been removed when App-V 5.0 SP1 Hotfix Packages were installed.

      + +  + +**ManagementDatabase key** + +If you are installing the Management database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementDatabase`. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Key nameDescription

      IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

      Describes whether a public access account is required to access non-local management databases. Value is set to “1” if it is required.

      MANAGEMENT_DB_NAME

      Name of the Management database.

      MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT

      Account used for read (public) access to the Management database.

      +

      Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

      MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_SID

      Secure identifier (SID) of the account used for read (public) access to the Management database.

      +

      Used when IS_MANAGEMENT_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

      MANAGEMENT_DB_SQL_INSTANCE

      SQL Server instance for the Management database.

      +

      If the value is blank, the default database instance is used.

      MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT

      Account used for write (administrator) access to the Management database.

      MANAGEMENT_DB_WRITE_ACCESS_ACCOUNT_SID

      Secure identifier (SID) of the account used for write (administrator) access to the Management database.

      MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT

      Management server remote computer account (domain\account).

      MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT

      Installation administrator login for the Management server (domain\account).

      MANAGEMENT_SERVER_MACHINE_USE_LOCAL

      Valid values are:

      +
        +

      • 1 – the Management service is on the local computer, that is, MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

        • +

      • 0 - the Management service is on a different computer from the local computer.

        • +
      + +  + +**ManagementService key** + +If you are installing the Management server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ManagementService`. + + ++++ + + + + + + + + + + + + + + + + + + + + +
      Key nameDescription

      MANAGEMENT_ADMINACCOUNT

      Active Directory Domain Services (AD DS) group or account that is authorized to manage App-V (domain\account).

      MANAGEMENT_DB_SQL_INSTANCE

      SQL server instance that contains the Management database.

      +

      If the value is blank, the default database instance is used.

      MANAGEMENT_DB_SQL_SERVER_NAME

      Name of the remote SQL server with the Management database.

      +

      If the value is blank, the local computer is used.

      + +  + +**ReportingDatabase key** + +If you are installing the Reporting database, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingDatabase`. + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Key nameDescription

      IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED

      Describes whether a public access account is required to access non-local reporting databases. Value is set to “1” if it is required.

      REPORTING_DB_NAME

      Name of the Reporting database.

      REPORTING_DB_PUBLIC_ACCESS_ACCOUNT

      Account used for read (public) access to the Reporting database.

      +

      Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

      REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_SID

      Secure identifier (SID) of the account used for read (public) access to the Reporting database.

      +

      Used when IS_REPORTING_DB_PUBLIC_ACCESS_ACCOUNT_REQUIRED is set to 1.

      REPORTING_DB_SQL_INSTANCE

      SQL Server instance for the Reporting database.

      +

      If the value is blank, the default database instance is used.

      REPORTING_DB_WRITE_ACCESS_ACCOUNT

      REPORTING_DB_WRITE_ACCESS_ACCOUNT_SID

      REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT

      Reporting server remote computer account (domain\account).

      REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT

      Installation administrator login for the Reporting server (domain\account).

      REPORTING_SERVER_MACHINE_USE_LOCAL

      Valid values are:

      +
        +

      • 1 – the Reporting service is on the local computer, that is, REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT is blank.

        • +

      • 0 - the Reporting service is on a different computer from the local computer.

        • +
      + +  + +**ReportingService key** + +If you are installing the Reporting server, set these registry keys under `HKLM\Software\Microsoft\AppV\Server\ReportingService`. + + ++++ + + + + + + + + + + + + + + + + +
      Key nameDescription

      REPORTING_DB_SQL_INSTANCE

      SQL Server instance for the Reporting database.

      +

      If the value is blank, the default database instance is used.

      REPORTING_DB_SQL_SERVER_NAME

      Name of the remote SQL server with the Reporting database.

      +

      If the value is blank, the local computer is used.

      + diff --git a/mdop/appv-v5/how-to-deploy-the-app-v-51-server.1.md b/mdop/appv-v5/how-to-deploy-the-app-v-51-server.1.md new file mode 100644 index 0000000000..e524980035 --- /dev/null +++ b/mdop/appv-v5/how-to-deploy-the-app-v-51-server.1.md @@ -0,0 +1,269 @@ +--- +title: How to Deploy the App-V 5.1 Server +description: How to Deploy the App-V 5.1 Server +ms.assetid: 4729beda-b98f-481b-ae74-ad71c59b1d69 +author: jamiejdt +--- + +# How to Deploy the App-V 5.1 Server + + +Use the following procedure to install the Microsoft Application Virtualization (App-V) 5.1 server. For information about deploying the App-V 5.1 Server, see [About App-V 5.1](about-app-v-51.md#bkmk-migrate-to-51). + +**Before you start:** + +- Ensure that you’ve installed prerequisite software. See [App-V 5.1 Prerequisites](app-v-51-prerequisites.md). + +- Review the server section of [App-V 5.1 Security Considerations](app-v-51-security-considerations.md). + +- Specify a port where each component will be hosted. + +- Add firewall rules to allow incoming requests to access the specified ports. + +- If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](how-to-deploy-the-app-v-databases-by-using-sql-scripts51.md). + +**To install the App-V 5.1 server** + +1. Copy the App-V 5.1 server installation files to the computer on which you want to install it. + +2. Start the App-V 5.1 server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**. + +3. Review and accept the license terms, and choose whether to enable Microsoft updates. + +4. On the **Feature Selection** page, select all of the following components. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      ComponentDescription

      Management server

      Provides overall management functionality for the App-V infrastructure.

      Management database

      Facilitates database predeployments for App-V management.

      Publishing server

      Provides hosting and streaming functionality for virtual applications.

      Reporting server

      Provides App-V 5.1 reporting services.

      Reporting database

      Facilitates database predeployments for App-V reporting.

      + +   + +5. On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line. + +6. On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below. + + + + + + + + + + + + + + + + + + + + + + +
      MethodWhat you need to do

      You are using a custom Microsoft SQL Server instance.

      Select Use the custom instance, and type the name of the instance.

      +

      Use the format INSTANCENAME. The assumed installation location is the local computer.

      +

      Not supported: A server name using the format ServerName\INSTANCE.

      You are using a custom database name.

      Select Custom configuration and type the database name.

      +

      The database name must be unique, or the installation will fail.

      + +   + +7. On the **Configure** page, accept the default value **Use this local computer**. + + **Note**   + If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. + +   + +8. On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below. + + + + + + + + + + + + + + + + + + + + + + +
      MethodWhat you need to do

      You are using a custom Microsoft SQL Server instance.

      Select Use the custom instance, and type the name of the instance.

      +

      Use the format INSTANCENAME. The assumed installation location is the local computer.

      +

      Not supported: A server name using the format ServerName\INSTANCE.

      You are using a custom database name.

      Select Custom configuration and type the database name.

      +

      The database name must be unique, or the installation will fail.

      + +   + +9. On the **Configure** page, accept the default value: **Use this local computer**. + + **Note**   + If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed. + +   + +10. On the **Configure** (Management Server Configuration) page, specify the following: + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Item to configureDescription and examples

      Type the AD group with sufficient permissions to manage the App-V environment.

      Example: MyDomain\MyUser

      +

      After installation, you can add additional users or groups by using the Management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use Domain local or Universal groups are required to perform this action.

      Website name: Specify the custom name that will be used to run the publishing service.

      If you do not have a custom name, do not make any changes.

      Port binding: Specify a unique port number that will be used by App-V.

      Example: 12345

      +

      Ensure that the port specified is not being used by another website.

      + +   + +11. On the **Configure** **Publishing Server Configuration** page, specify the following: + + + + + + + + + + + + + + + + + + + + + + + + + + +
      Item to configureDescription and examples

      Specify the URL for the management service.

      Example: http://localhost:12345

      Website name: Specify the custom name that will be used to run the publishing service.

      If you do not have a custom name, do not make any changes.

      Port binding: Specify a unique port number that will be used by App-V.

      Example: 54321

      +

      Ensure that the port specified is not being used by another website.

      + +   + +12. On the **Reporting Server** page, specify the following: + + + + + + + + + + + + + + + + + + + + + + +
      Item to configureDescription and examples

      Website name: Specify the custom name that will be used to run the Reporting Service.

      If you do not have a custom name, do not make any changes.

      Port binding: Specify a unique port number that will be used by App-V.

      Example: 55555

      +

      Ensure that the port specified is not being used by another website.

      + +   + +13. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page. + +14. To verify that the setup completed successfully, open a web browser, and type the following URL: + + **http://<Management server machine name>:<Management service port number>/Console.html**. + + Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors. + + **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv). + +## Related topics + + +[Deploying App-V 5.1](deploying-app-v-51.md) + +[How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](how-to-install-the-management-and-reporting-databases-on-separate-computers-from-the-management-and-reporting-services51.md) + +[How to Install the Publishing Server on a Remote Computer](how-to-install-the-publishing-server-on-a-remote-computer51.md) + +[How to Deploy the App-V 5.1 Server Using a Script](how-to-deploy-the-app-v-51-server-using-a-script.md) + +  + +  + + + + + diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md index 5e1395c0f0..64565f8e9c 100644 --- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md +++ b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md @@ -8,10 +8,11 @@ author: jamiejdt # Migrating to App-V 5.1 from a Previous Version -With Microsoft Application Virtualization (App-V) 5.1 you can migrate your existing App-V 4.6 infrastructure to the more flexible, integrated, and easier to manage App-V 5.1 infrastructure. +With Microsoft Application Virtualization (App-V) 5.1, you can migrate your existing App-V 4.6 or App-V 5.0 infrastructure to the more flexible, integrated, and easier to manage App-V 5.1 infrastructure. +However, you cannot migrate directly from App-V 4.x to App-V 5.1, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](migrating-from-a-previous-version-aap-v-50.md) **Note**   -App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and so there is no need to convert App-V 5.0 packages to App-V 5.1 packages. +App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and therefore, there is no need to convert App-V 5.0 packages to App-V 5.1 packages. For more information about the differences between App-V 4.6 and App-V 5.1, see the **Differences between App-4.6 and App-V 5.0 section** of [About App-V 5.0](about-app-v-50.md). From 88e61dee112546a85e5c2f3c26d9868c62c83308 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Sun, 1 May 2016 12:46:30 -0700 Subject: [PATCH 13/16] fixing link --- mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md index 64565f8e9c..0eb3ce6d09 100644 --- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md +++ b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md @@ -9,7 +9,7 @@ author: jamiejdt With Microsoft Application Virtualization (App-V) 5.1, you can migrate your existing App-V 4.6 or App-V 5.0 infrastructure to the more flexible, integrated, and easier to manage App-V 5.1 infrastructure. -However, you cannot migrate directly from App-V 4.x to App-V 5.1, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](migrating-from-a-previous-version-aap-v-50.md) +However, you cannot migrate directly from App-V 4.x to App-V 5.1, you must migrate to App-V 5.0 first. For more information on migrating from App-V 4.x to App-V 5.0, see [Migrating from a Previous Version](migrating-from-a-previous-version-app-v-50.md) **Note**   App-V 5.1 packages are exactly the same as App-V 5.0 packages. There has been no change in the package format between the versions and therefore, there is no need to convert App-V 5.0 packages to App-V 5.1 packages. From 1a33b2e854ef71a98586519f2f6c3a240ead62c8 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 2 May 2016 09:26:19 -0700 Subject: [PATCH 14/16] testing broken link --- windows/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/index.md b/windows/index.md index 08ec4adaa7..33c6dfbb9f 100644 --- a/windows/index.md +++ b/windows/index.md @@ -14,7 +14,7 @@ This library provides the core content that IT pros need to evaluate, plan, depl ## In this library -[What's new in Windows 10](whats-new/index.md) +[What's new in Windows 10](whats-new/) [Plan for Windows 10 deployment](plan/index.md) From 9b7990442e9f7881a37393324430a15303514f69 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 2 May 2016 09:34:08 -0700 Subject: [PATCH 15/16] fixing other links --- windows/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/index.md b/windows/index.md index 33c6dfbb9f..51b64fe509 100644 --- a/windows/index.md +++ b/windows/index.md @@ -16,13 +16,13 @@ This library provides the core content that IT pros need to evaluate, plan, depl [What's new in Windows 10](whats-new/) -[Plan for Windows 10 deployment](plan/index.md) +[Plan for Windows 10 deployment](plan/) -[Deploy Windows 10](deploy/index.md) +[Deploy Windows 10](deploy/) -[Keep Windows 10 secure](keep-secure/index.md) +[Keep Windows 10 secure](keep-secure/) -[Manage and update Windows 10](manage/index.md) +[Manage and update Windows 10](manage/) ## Related topics From abe195ca4a01c1db48c794b6c2e74604fc94289c Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Mon, 2 May 2016 09:36:42 -0700 Subject: [PATCH 16/16] fixing links again --- windows/index.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/index.md b/windows/index.md index 51b64fe509..08ec4adaa7 100644 --- a/windows/index.md +++ b/windows/index.md @@ -14,15 +14,15 @@ This library provides the core content that IT pros need to evaluate, plan, depl ## In this library -[What's new in Windows 10](whats-new/) +[What's new in Windows 10](whats-new/index.md) -[Plan for Windows 10 deployment](plan/) +[Plan for Windows 10 deployment](plan/index.md) -[Deploy Windows 10](deploy/) +[Deploy Windows 10](deploy/index.md) -[Keep Windows 10 secure](keep-secure/) +[Keep Windows 10 secure](keep-secure/index.md) -[Manage and update Windows 10](manage/) +[Manage and update Windows 10](manage/index.md) ## Related topics