mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
fix: MD006/ul-start-left
Consider starting bulleted lists at the beginning of the line
This commit is contained in:
Nick Schonning
parent
4f83bfdd46
commit
94e89df6b7
@ -171,13 +171,13 @@ You can determine which zones or domains are used for data collection, using Pow
|
|||||||
|
|
||||||
**To set up data collection using a domain allow list**
|
**To set up data collection using a domain allow list**
|
||||||
|
|
||||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||||
|
|
||||||
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
||||||
|
|
||||||
**To set up data collection using a zone allow list**
|
**To set up data collection using a zone allow list**
|
||||||
|
|
||||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||||
|
|
||||||
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
||||||
|
|
||||||
|
|||||||
@ -6,7 +6,8 @@ author: dansimp
|
|||||||
ms.prod: ie11
|
ms.prod: ie11
|
||||||
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
|
ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
audience: itpro
manager: dansimp
|
audience: itpro
|
||||||
|
manager: dansimp
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
title: Collect data using Enterprise Site Discovery
|
title: Collect data using Enterprise Site Discovery
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
@ -171,13 +172,13 @@ You can determine which zones or domains are used for data collection, using Pow
|
|||||||
|
|
||||||
**To set up data collection using a domain allow list**
|
**To set up data collection using a domain allow list**
|
||||||
|
|
||||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
|
||||||
|
|
||||||
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
>**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
|
||||||
|
|
||||||
**To set up data collection using a zone allow list**
|
**To set up data collection using a zone allow list**
|
||||||
|
|
||||||
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
- Start PowerShell in elevated mode (using admin privileges) and run IETelemetrySetUp.ps1, using this command: `.\IETelemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
|
||||||
|
|
||||||
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
|
||||||
|
|
||||||
|
|||||||
@ -37,9 +37,9 @@ When you develop for HoloLens, there are [system requirements and tools](https:/
|
|||||||
- TTLS-TLS
|
- TTLS-TLS
|
||||||
|
|
||||||
### Device management
|
### Device management
|
||||||
- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
|
- Users have Azure AD accounts with [Intune license assigned](https://docs.microsoft.com/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4)
|
||||||
- Wi-Fi network
|
- Wi-Fi network
|
||||||
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
|
- Intune or a 3rd party mobile device management (MDM) provider that uses Microsoft MDM APIs
|
||||||
|
|
||||||
### Upgrade to Windows Holographic for Business
|
### Upgrade to Windows Holographic for Business
|
||||||
- HoloLens Enterprise license XML file
|
- HoloLens Enterprise license XML file
|
||||||
|
|||||||
@ -20,9 +20,9 @@ for Surface devices. It works on Surface Pro 3 and all newer Surface devices.
|
|||||||
|
|
||||||
## System requirements
|
## System requirements
|
||||||
|
|
||||||
- Surface Pro 3 or later
|
- Surface Pro 3 or later
|
||||||
|
|
||||||
- UEFI firmware version 3.9.150.0 or later
|
- UEFI firmware version 3.9.150.0 or later
|
||||||
|
|
||||||
## Using Surface Asset Tag
|
## Using Surface Asset Tag
|
||||||
|
|
||||||
|
|||||||
@ -59,11 +59,11 @@ instant on/instant off functionality typical of smartphones. S0ix, also
|
|||||||
known as Deepest Runtime Idle Platform State (DRIPS), is the default
|
known as Deepest Runtime Idle Platform State (DRIPS), is the default
|
||||||
power mode for Surface devices. Modern standby has two modes:
|
power mode for Surface devices. Modern standby has two modes:
|
||||||
|
|
||||||
- **Connected standby.** The default mode for up-to-the minute
|
- **Connected standby.** The default mode for up-to-the minute
|
||||||
delivery of emails, messaging, and cloud-synced data, connected
|
delivery of emails, messaging, and cloud-synced data, connected
|
||||||
standby keeps Wi-Fi on and maintains network connectivity.
|
standby keeps Wi-Fi on and maintains network connectivity.
|
||||||
|
|
||||||
- **Disconnected standby.** An optional mode for extended battery
|
- **Disconnected standby.** An optional mode for extended battery
|
||||||
life, disconnected standby delivers the same instant-on experience
|
life, disconnected standby delivers the same instant-on experience
|
||||||
and saves power by turning off Wi-Fi, Bluetooth, and related network
|
and saves power by turning off Wi-Fi, Bluetooth, and related network
|
||||||
connectivity.
|
connectivity.
|
||||||
@ -76,12 +76,12 @@ Center](https://docs.microsoft.com/windows-hardware/design/device-experiences/mo
|
|||||||
Surface integrates the following features designed to help users
|
Surface integrates the following features designed to help users
|
||||||
optimize the power management experience:
|
optimize the power management experience:
|
||||||
|
|
||||||
- [Singular power plan](#singular-power-plan)
|
- [Singular power plan](#singular-power-plan)
|
||||||
|
|
||||||
- [Simplified power settings user
|
- [Simplified power settings user
|
||||||
interface](#simplified-power-settings-user-interface)
|
interface](#simplified-power-settings-user-interface)
|
||||||
|
|
||||||
- [Windows performance power
|
- [Windows performance power
|
||||||
slider](#windows-performance-power-slider)
|
slider](#windows-performance-power-slider)
|
||||||
|
|
||||||
### Singular power plan
|
### Singular power plan
|
||||||
|
|||||||
@ -25,15 +25,15 @@ designed to help reduce thermal load and lower the overall carbon
|
|||||||
footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
|
footprint for deployed Surface devices. The tool automatically dims the screen when not in use and
|
||||||
includes the following configuration options:
|
includes the following configuration options:
|
||||||
|
|
||||||
- Period of inactivity before dimming the display.
|
- Period of inactivity before dimming the display.
|
||||||
|
|
||||||
- Brightness level when dimmed.
|
- Brightness level when dimmed.
|
||||||
|
|
||||||
- Maximum brightness level when in use.
|
- Maximum brightness level when in use.
|
||||||
|
|
||||||
**To run Surface Brightness Control:**
|
**To run Surface Brightness Control:**
|
||||||
|
|
||||||
- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
|
- Install surfacebrightnesscontrol.msi on the target device and Surface Brightness Control
|
||||||
will begin working immediately.
|
will begin working immediately.
|
||||||
|
|
||||||
## Configuring Surface Brightness Control
|
## Configuring Surface Brightness Control
|
||||||
|
|||||||
@ -20,8 +20,8 @@ manager: dansimp
|
|||||||
- Windows 10
|
- Windows 10
|
||||||
|
|
||||||
You have two tools to choose from to set up PCs for your classroom:
|
You have two tools to choose from to set up PCs for your classroom:
|
||||||
* Set up School PCs
|
* Set up School PCs
|
||||||
* Windows Configuration Designer
|
* Windows Configuration Designer
|
||||||
|
|
||||||
Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account).
|
Choose the tool that is appropriate for how your students will sign in (Active Directory, Azure Active Directory, or no account).
|
||||||
|
|
||||||
|
|||||||
@ -43,9 +43,7 @@ You must configure the package converter to always save the package ingredients
|
|||||||
Import-Module AppVPkgConverter
|
Import-Module AppVPkgConverter
|
||||||
```
|
```
|
||||||
|
|
||||||
3.
|
3. The following cmdlets are available:
|
||||||
|
|
||||||
The following cmdlets are available:
|
|
||||||
|
|
||||||
- Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.
|
- Test-AppvLegacyPackage – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using the PowerShell cmdline, type `Test-AppvLegacyPackage -?`.
|
||||||
|
|
||||||
|
|||||||
@ -42,14 +42,14 @@ Refunds work a little differently for free apps, and apps that have a price. In
|
|||||||
|
|
||||||
**Refunds for free apps**
|
**Refunds for free apps**
|
||||||
|
|
||||||
For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory.
|
For free apps, there isn't really a refund to request -- you're removing the app from your inventory. You must first reclaim any assigned licenses, and then you can remove the app from your organization's inventory.
|
||||||
|
|
||||||
**Refunds for apps that have a price**
|
**Refunds for apps that have a price**
|
||||||
|
|
||||||
There are a few requirements for apps that have a price:
|
There are a few requirements for apps that have a price:
|
||||||
- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
|
- **Timing** - Refunds are available for the first 30 days after you place your order. For example, if your order is placed on June 1, you can self-refund through June 30.
|
||||||
- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
|
- **Available licenses** - You need to have enough available licenses to cover the number of licenses in the order you are refunding. For example, if you purchased 10 copies of an app and you want to request a refund, you must have at least 10 licenses of the app available in your inventory -- those 10 licenses can't be assigned to people in your organization.
|
||||||
- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.
|
- **Whole order refunds only** - You must refund the complete amount of apps in an order. You can't refund a part of an order. For example, if you purchased 10 copies of an app, but later found you only needed 5 copies, you'll need to request a refund for the 10 apps, and then make a separate order for 5 apps. If you have had multiple orders of the same app, you can refund one order but still keep the rest of the inventory.
|
||||||
|
|
||||||
**To refund an order**
|
**To refund an order**
|
||||||
|
|
||||||
|
|||||||
@ -49,9 +49,9 @@ The following diagram shows the NetworkQoSPolicy configuration service provider
|
|||||||
|
|
||||||
<p style="margin-left: 20px">Valid values are:
|
<p style="margin-left: 20px">Valid values are:
|
||||||
|
|
||||||
- 0 (default) - Both TCP and UDP
|
- 0 (default) - Both TCP and UDP
|
||||||
- 1 - TCP
|
- 1 - TCP
|
||||||
- 2 - UDP
|
- 2 - UDP
|
||||||
|
|
||||||
<p style="margin-left: 20px">The data type is int.
|
<p style="margin-left: 20px">The data type is int.
|
||||||
|
|
||||||
|
|||||||
@ -70,8 +70,8 @@ manager: dansimp
|
|||||||
This setting determines whether non-administrators can use Task Manager to end tasks.
|
This setting determines whether non-administrators can use Task Manager to end tasks.
|
||||||
|
|
||||||
Value type is integer. Supported values:
|
Value type is integer. Supported values:
|
||||||
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
|
- 0 - Disabled. EndTask functionality is blocked in TaskManager.
|
||||||
- 1 - Enabled (default). Users can perform EndTask in TaskManager.
|
- 1 - Enabled (default). Users can perform EndTask in TaskManager.
|
||||||
|
|
||||||
<!--/Description-->
|
<!--/Description-->
|
||||||
<!--SupportedValues-->
|
<!--SupportedValues-->
|
||||||
|
|||||||
@ -31,8 +31,8 @@ Interior node. Supported operation is Get.
|
|||||||
<a href="" id="allowwindowsdefenderapplicationguard"></a>**Settings/AllowWindowsDefenderApplicationGuard**
|
<a href="" id="allowwindowsdefenderapplicationguard"></a>**Settings/AllowWindowsDefenderApplicationGuard**
|
||||||
Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
|
Turn on Windows Defender Application Guard in Enterprise Mode. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
|
||||||
|
|
||||||
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
|
- 0 - Stops Application Guard in Enterprise Mode. Trying to access non-enterprise domains on the host will not automatically get transferred into the insolated environment.
|
||||||
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
|
- 1 - Enables Application Guard in Enterprise Mode. Trying to access non-enterprise websites on the host will automatically get transferred into the container.
|
||||||
|
|
||||||
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
|
<a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**
|
||||||
Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
|
Determines the type of content that can be copied from the host to Application Guard environment and vice versa. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
|
||||||
|
|||||||
@ -233,10 +233,10 @@ XML files can and should be tested locally on a Hyper-V or other virtual machine
|
|||||||
- User-initiated changes to the start layout are not roamed.
|
- User-initiated changes to the start layout are not roamed.
|
||||||
|
|
||||||
Specifically, behaviors include
|
Specifically, behaviors include
|
||||||
- Applications (apps or icons) pinned to the start menu are missing.
|
- Applications (apps or icons) pinned to the start menu are missing.
|
||||||
- Entire tile window disappears.
|
- Entire tile window disappears.
|
||||||
- The start button fails to respond.
|
- The start button fails to respond.
|
||||||
- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
|
- If a new roaming user is created, the first logon appears normal, but on subsequent logons, tiles are missing.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -357,4 +357,4 @@ For networks that require non-standard handling of single-segment incoming MMS W
|
|||||||
|
|
||||||
|
|
||||||
## Related topics
|
## Related topics
|
||||||
- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)
|
- [Customizations for SMS and MMS](https://docs.microsoft.com/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)
|
||||||
|
|||||||
@ -319,54 +319,54 @@ Each rule name and its associated unique rule identifier are listed with a descr
|
|||||||
## Release notes
|
## Release notes
|
||||||
|
|
||||||
06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
|
06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
|
||||||
- All date and time outputs are updated to localized format per user request.
|
- All date and time outputs are updated to localized format per user request.
|
||||||
- Added setup Operation and Phase information to /verbose log.
|
- Added setup Operation and Phase information to /verbose log.
|
||||||
- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below).
|
- Added last Setup Operation and last Setup Phase information to most rules where it make sense (see new output below).
|
||||||
- Performance improvement in searching setupact.logs to determine correct log to parse.
|
- Performance improvement in searching setupact.logs to determine correct log to parse.
|
||||||
- Added SetupDiag version number to text report (xml and json always had it).
|
- Added SetupDiag version number to text report (xml and json always had it).
|
||||||
- Added "no match" reports for xml and json per user request.
|
- Added "no match" reports for xml and json per user request.
|
||||||
- Formatted Json output for easy readability.
|
- Formatted Json output for easy readability.
|
||||||
- Performance improvements when searching for setup logs; this should be much faster now.
|
- Performance improvements when searching for setup logs; this should be much faster now.
|
||||||
- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
|
- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
|
||||||
- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
|
- Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
|
||||||
- The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
|
- The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
|
||||||
- This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date.
|
- This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date.
|
||||||
- This registry key also gets deleted when a new update instance is invoked.
|
- This registry key also gets deleted when a new update instance is invoked.
|
||||||
- For an example, see [Sample registry key](#sample-registry-key).
|
- For an example, see [Sample registry key](#sample-registry-key).
|
||||||
|
|
||||||
05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
|
05/17/2019 - SetupDiag v1.4.1.0 is released with 53 rules, as a standalone tool available from the Download Center.
|
||||||
- This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset).
|
- This release adds the ability to find and diagnose reset and recovery failures (Push Button Reset).
|
||||||
|
|
||||||
12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
|
12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
|
||||||
- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
|
- This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
|
||||||
- The FindDownlevelFailure rule is up to 10x faster.
|
- The FindDownlevelFailure rule is up to 10x faster.
|
||||||
- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
|
- New rules have been added to analyze failures upgrading to Windows 10 version 1809.
|
||||||
- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
|
- A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
|
||||||
- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
|
- Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
|
||||||
- Some functional and output improvements were made for several rules.
|
- Some functional and output improvements were made for several rules.
|
||||||
|
|
||||||
07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
|
07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
|
||||||
- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
|
- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
|
||||||
|
|
||||||
07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
|
07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
|
||||||
- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
|
- Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
|
||||||
- New feature: Ability to output logs in JSON and XML format.
|
- New feature: Ability to output logs in JSON and XML format.
|
||||||
- Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
|
- Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
|
||||||
- If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
|
- If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
|
||||||
- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
|
- New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
|
||||||
- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
|
- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
|
||||||
|
|
||||||
05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
|
05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
|
||||||
- Fixed a bug in device install failure detection in online mode.
|
- Fixed a bug in device install failure detection in online mode.
|
||||||
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
|
- Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate. This change enables the tool to analyze update failures that occur prior to calling SetupHost.
|
||||||
- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
|
- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
|
||||||
|
|
||||||
05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
|
05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
|
||||||
- A performance enhancment has been added to result in faster rule processing.
|
- A performance enhancment has been added to result in faster rule processing.
|
||||||
- Rules output now includes links to support articles, if applicable.
|
- Rules output now includes links to support articles, if applicable.
|
||||||
- SetupDiag now provides the path and name of files that it is processing.
|
- SetupDiag now provides the path and name of files that it is processing.
|
||||||
- You can now run SetupDiag by simply clicking on it and then examining the output log file.
|
- You can now run SetupDiag by simply clicking on it and then examining the output log file.
|
||||||
- An output log file is now always created, whether or not a rule was matched.
|
- An output log file is now always created, whether or not a rule was matched.
|
||||||
|
|
||||||
03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
|
03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
|
||||||
|
|
||||||
|
|||||||
@ -84,13 +84,13 @@ If the Microsoft Store is not accessible, the AutoPilot process will still conti
|
|||||||
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
|
Windows Autopilot depends on specific capabilities available in Windows 10 and Azure Active Directory. It also requires an MDM service such as Microsoft Intune. These capabilities can be obtained through various editions and subscription programs:
|
||||||
|
|
||||||
To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
|
To provide needed Azure Active Directory (automatic MDM enrollment and company branding features) and MDM functionality, one of the following is required:
|
||||||
- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
|
- [Microsoft 365 Business subscriptions](https://www.microsoft.com/en-us/microsoft-365/business)
|
||||||
- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
|
- [Microsoft 365 F1 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline)
|
||||||
- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
|
- [Microsoft 365 Academic A1, A3, or A5 subscriptions](https://www.microsoft.com/en-us/education/buy-license/microsoft365/default.aspx)
|
||||||
- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
|
- [Microsoft 365 Enterprise E3 or E5 subscriptions](https://www.microsoft.com/en-us/microsoft-365/enterprise), which include all Windows 10, Office 365, and EM+S features (Azure AD and Intune).
|
||||||
- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
|
- [Enterprise Mobility + Security E3 or E5 subscriptions](https://www.microsoft.com/en-us/cloud-platform/enterprise-mobility-security), which include all needed Azure AD and Intune features.
|
||||||
- [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
|
- [Intune for Education subscriptions](https://docs.microsoft.com/intune-education/what-is-intune-for-education), which include all needed Azure AD and Intune features.
|
||||||
- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service).
|
- [Azure Active Directory Premium P1 or P2](https://azure.microsoft.com/services/active-directory/) and [Microsoft Intune subscriptions](https://www.microsoft.com/en-us/cloud-platform/microsoft-intune) (or an alternative MDM service).
|
||||||
|
|
||||||
Additionally, the following are also recommended (but not required):
|
Additionally, the following are also recommended (but not required):
|
||||||
- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
|
- [Office 365 ProPlus](https://www.microsoft.com/en-us/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
|
||||||
|
|||||||
@ -1049,11 +1049,11 @@ To turn off dictation of your voice, speaking to Cortana and other apps, and to
|
|||||||
|
|
||||||
If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
|
If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models:
|
||||||
|
|
||||||
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
|
- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data**
|
||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
|
- Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)**
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@ -1415,11 +1415,11 @@ In the **Inking & Typing** area you can configure the functionality as such:
|
|||||||
|
|
||||||
To turn off Inking & Typing data collection (note: there is no Group Policy for this setting):
|
To turn off Inking & Typing data collection (note: there is no Group Policy for this setting):
|
||||||
|
|
||||||
- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off**
|
- In the UI go to **Settings -> Privacy -> Diagnostics & Feedback -> Inking and typing** and turn **Improve inking & typing** to **Off**
|
||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
|
- Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)**
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-act-history"></a>18.22 Activity History
|
### <a href="" id="bkmk-act-history"></a>18.22 Activity History
|
||||||
@ -1484,29 +1484,29 @@ To turn this Off in the UI:
|
|||||||
|
|
||||||
Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
|
Enterprise customers can manage their Windows activation status with volume licensing using an on-premises Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
|
||||||
|
|
||||||
**For Windows 10:**
|
**For Windows 10:**
|
||||||
|
|
||||||
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
|
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
|
||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
|
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**.
|
||||||
|
|
||||||
**For Windows Server 2019 or later:**
|
**For Windows Server 2019 or later:**
|
||||||
|
|
||||||
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
|
- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Software Protection Platform** > **Turn off KMS Client Online AVS Validation**
|
||||||
|
|
||||||
-or-
|
-or-
|
||||||
|
|
||||||
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
|
- Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
|
||||||
|
|
||||||
**For Windows Server 2016:**
|
**For Windows Server 2016:**
|
||||||
|
|
||||||
- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
|
- Create a REG_DWORD registry setting named **NoAcquireGT** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a value of 1 (one).
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
|
>Due to a known issue the **Turn off KMS Client Online AVS Validation** group policy does not work as intended on Windows Server 2016, the **NoAcquireGT** value needs to be set instead.
|
||||||
>The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
|
>The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
|
||||||
|
|
||||||
### <a href="" id="bkmk-storage-health"></a>20. Storage health
|
### <a href="" id="bkmk-storage-health"></a>20. Storage health
|
||||||
|
|
||||||
|
|||||||
@ -71,7 +71,7 @@ Azure AD Join is intended for organizations that desire to be cloud-first or clo
|
|||||||
[Join Type](#join-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined)
|
[Join Type](#join-type), [Hybrid Azure AD Joined](#hybrid-azure-ad-joined)
|
||||||
|
|
||||||
### More information
|
### More information
|
||||||
- [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction).
|
- [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction).
|
||||||
|
|
||||||
[Return to Top](hello-how-it-works-technology.md)
|
[Return to Top](hello-how-it-works-technology.md)
|
||||||
## Azure AD Registered
|
## Azure AD Registered
|
||||||
|
|||||||
@ -34,9 +34,9 @@ With Windows Hello for Business and passwords coexisting in your environment, th
|
|||||||
|
|
||||||
### 3. Transition into a passwordless deployment
|
### 3. Transition into a passwordless deployment
|
||||||
Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where:
|
Once the user-visible password surface has been eliminated, your organization can begin to transition those users into a passwordless world. A world where:
|
||||||
- the users never type their password
|
- the users never type their password
|
||||||
- the users never change their password
|
- the users never change their password
|
||||||
- the users do not know their password
|
- the users do not know their password
|
||||||
|
|
||||||
In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.
|
In this world, the user signs in to Windows 10 using Windows Hello for Business and enjoys single sign-on to Azure and Active Directory resources. If the user is forced to authenticate, their authentication uses Windows Hello for Business.
|
||||||
|
|
||||||
|
|||||||
@ -24,11 +24,11 @@ The Windows 10 operating system improves most existing security features in the
|
|||||||
|
|
||||||
**See also:**
|
**See also:**
|
||||||
|
|
||||||
- [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
|
- [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications)
|
||||||
|
|
||||||
- [TPM Fundamentals](tpm-fundamentals.md)
|
- [TPM Fundamentals](tpm-fundamentals.md)
|
||||||
|
|
||||||
- [TPM Recommendations](tpm-recommendations.md)
|
- [TPM Recommendations](tpm-recommendations.md)
|
||||||
|
|
||||||
## TPM Overview
|
## TPM Overview
|
||||||
|
|
||||||
|
|||||||
@ -18,14 +18,14 @@ ms.reviewer:
|
|||||||
|
|
||||||
On this page
|
On this page
|
||||||
|
|
||||||
- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo)
|
- [Introduction](https://technet.microsoft.com/library/cc750357.aspx#id0eo)
|
||||||
- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd)
|
- [FIPS 140 Overview](https://technet.microsoft.com/library/cc750357.aspx#id0ebd)
|
||||||
- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd)
|
- [Microsoft Product Validation (Information for Procurement Officers and Auditors)](https://technet.microsoft.com/library/cc750357.aspx#id0ezd)
|
||||||
- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve)
|
- [Information for System Integrators](https://technet.microsoft.com/library/cc750357.aspx#id0eve)
|
||||||
- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac)
|
- [Information for Software Developers](https://technet.microsoft.com/library/cc750357.aspx#id0eibac)
|
||||||
- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac)
|
- [FIPS 140 FAQ](https://technet.microsoft.com/library/cc750357.aspx#id0eqcac)
|
||||||
- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac)
|
- [Microsoft FIPS 140 Validated Cryptographic Modules](https://technet.microsoft.com/library/cc750357.aspx#id0ewfac)
|
||||||
- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg)
|
- [Cryptographic Algorithms](https://technet.microsoft.com/library/cc750357.aspx#id0erobg)
|
||||||
|
|
||||||
Updated: March 2018
|
Updated: March 2018
|
||||||
|
|
||||||
@ -103,12 +103,12 @@ Rather than validate individual components and products, Microsoft chooses to va
|
|||||||
|
|
||||||
The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules:
|
The following list contains some of the Windows components and Microsoft products that rely on FIPS 140 validated cryptographic modules:
|
||||||
|
|
||||||
- Schannel Security Package
|
- Schannel Security Package
|
||||||
- Remote Desktop Protocol (RDP) Client
|
- Remote Desktop Protocol (RDP) Client
|
||||||
- Encrypting File System (EFS)
|
- Encrypting File System (EFS)
|
||||||
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
|
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
|
||||||
- BitLocker® Drive Full-volume Encryption
|
- BitLocker® Drive Full-volume Encryption
|
||||||
- IPsec Settings of Windows Firewall
|
- IPsec Settings of Windows Firewall
|
||||||
|
|
||||||
## Information for System Integrators
|
## Information for System Integrators
|
||||||
|
|
||||||
@ -145,12 +145,12 @@ While there are alternative methods for setting the FIPS local/group security po
|
|||||||
|
|
||||||
The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy.
|
The following list details some of the Microsoft components that use the cryptographic functionality implemented by either CNG or legacy CAPI. When the FIPS Local/Group Security Policy is set, the following components will enforce the validated module Security Policy.
|
||||||
|
|
||||||
- Schannel Security Package
|
- Schannel Security Package
|
||||||
- Remote Desktop Protocol (RDP) Client
|
- Remote Desktop Protocol (RDP) Client
|
||||||
- Encrypting File System (EFS)
|
- Encrypting File System (EFS)
|
||||||
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
|
- Some Microsoft .NET Framework Applications (.NET also provides cryptographic algorithm implementations that have not been FIPS 140 validated.)
|
||||||
- BitLocker® Drive Full-volume Encryption
|
- BitLocker® Drive Full-volume Encryption
|
||||||
- IPsec Settings of Windows Firewall
|
- IPsec Settings of Windows Firewall
|
||||||
|
|
||||||
#### Effects of Setting FIPS Local/Group Security Policy Flag
|
#### Effects of Setting FIPS Local/Group Security Policy Flag
|
||||||
|
|
||||||
|
|||||||
@ -143,8 +143,8 @@ For more information, see [Create rules for alert notifications](configure-email
|
|||||||
|
|
||||||
|
|
||||||
These check boxes must be checked:
|
These check boxes must be checked:
|
||||||
- **Include organization name** - The customer name will be added to email notifications
|
- **Include organization name** - The customer name will be added to email notifications
|
||||||
- **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal
|
- **Include tenant-specific portal link** - Alert link URL will have tenant specific parameter (tid=target_tenant_id) that allows direct access to target tenant portal
|
||||||
|
|
||||||
|
|
||||||
## Fetch alerts from MSSP customer's tenant into the SIEM system
|
## Fetch alerts from MSSP customer's tenant into the SIEM system
|
||||||
|
|||||||
@ -36,7 +36,7 @@ The embedded Microsoft Defender ATP sensor runs in system context using the Loca
|
|||||||
|
|
||||||
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) Internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
|
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) Internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
|
||||||
|
|
||||||
- Auto-discovery methods:
|
- Auto-discovery methods:
|
||||||
- Transparent proxy
|
- Transparent proxy
|
||||||
- Web Proxy Auto-discovery Protocol (WPAD)
|
- Web Proxy Auto-discovery Protocol (WPAD)
|
||||||
|
|
||||||
@ -44,7 +44,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
|
|||||||
> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
|
> If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
|
||||||
|
|
||||||
|
|
||||||
- Manual static proxy configuration:
|
- Manual static proxy configuration:
|
||||||
- Registry based configuration
|
- Registry based configuration
|
||||||
- WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
|
- WinHTTP configured using netsh command – Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
|
||||||
|
|
||||||
|
|||||||
@ -51,17 +51,17 @@ The machine will automatically be onboarded to your tenant with the recommended
|
|||||||
|
|
||||||
The following security components are pre-configured in the test machines:
|
The following security components are pre-configured in the test machines:
|
||||||
|
|
||||||
- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
|
- [Attack Surface Reduction](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard)
|
||||||
- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
|
- [Block at first sight](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus)
|
||||||
- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
|
- [Controlled Folder Access](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard)
|
||||||
- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
|
- [Exploit Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-exploit-protection)
|
||||||
- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
|
- [Network Protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard)
|
||||||
- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus)
|
- [Potentially unwanted application detection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus)
|
||||||
- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)
|
- [Cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus)
|
||||||
- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
|
- [Windows Defender SmartScreen](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview)
|
||||||
|
|
||||||
>[!NOTE]
|
>[!NOTE]
|
||||||
> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
|
> Windows Defender Antivirus will be on (not in audit). If Windows Defender Antivirus blocks you from running your simulation, you may turn off real-time protection on the machine through Windows Security. For more information, see [Configure always-on protection](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus).
|
||||||
|
|
||||||
Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).
|
Automated investigation settings will be dependent on tenant settings. It will be configured to be semi-automated by default. For more information, see [Overview of Automated investigations](automated-investigations.md).
|
||||||
|
|
||||||
|
|||||||
@ -26,9 +26,9 @@ ms.date: 09/24/2018
|
|||||||
Full scenario using multiple APIs from Microsoft Defender ATP.
|
Full scenario using multiple APIs from Microsoft Defender ATP.
|
||||||
|
|
||||||
In this section we share PowerShell samples to
|
In this section we share PowerShell samples to
|
||||||
- Retrieve a token
|
- Retrieve a token
|
||||||
- Use token to retrieve the latest alerts in Microsoft Defender ATP
|
- Use token to retrieve the latest alerts in Microsoft Defender ATP
|
||||||
- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
|
- For each alert, if the alert has medium or high priority and is still in progress, check how many times the machine has connected to suspicious URL.
|
||||||
|
|
||||||
>**Prerequisite**: You first need to [create an app](apis-intro.md).
|
>**Prerequisite**: You first need to [create an app](apis-intro.md).
|
||||||
|
|
||||||
|
|||||||
@ -53,8 +53,8 @@ Do you expect a machine to be in ‘Active’ status? [Open a support ticket](ht
|
|||||||
|
|
||||||
## Misconfigured machines
|
## Misconfigured machines
|
||||||
Misconfigured machines can further be classified to:
|
Misconfigured machines can further be classified to:
|
||||||
- Impaired communications
|
- Impaired communications
|
||||||
- No sensor data
|
- No sensor data
|
||||||
|
|
||||||
### Impaired communications
|
### Impaired communications
|
||||||
This status indicates that there's limited communication between the machine and the service.
|
This status indicates that there's limited communication between the machine and the service.
|
||||||
|
|||||||
@ -32,13 +32,13 @@ ms.topic: conceptual
|
|||||||
Follow the corresponding instructions depending on your preferred deployment method.
|
Follow the corresponding instructions depending on your preferred deployment method.
|
||||||
|
|
||||||
## Offboard Windows 10 machines
|
## Offboard Windows 10 machines
|
||||||
- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
|
- [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script)
|
||||||
- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
|
- [Offboard machines using Group Policy](configure-endpoints-gp.md#offboard-machines-using-group-policy)
|
||||||
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
|
- [Offboard machines using System Center Configuration Manager](configure-endpoints-sccm.md#offboard-machines-using-system-center-configuration-manager)
|
||||||
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
|
- [Offboard machines using Mobile Device Management tools](configure-endpoints-mdm.md#offboard-and-monitor-machines-using-mobile-device-management-tools)
|
||||||
|
|
||||||
## Offboard Servers
|
## Offboard Servers
|
||||||
- [Offboard servers](configure-server-endpoints.md#offboard-servers)
|
- [Offboard servers](configure-server-endpoints.md#offboard-servers)
|
||||||
|
|
||||||
## Offboard non-Windows machines
|
## Offboard non-Windows machines
|
||||||
- [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)
|
- [Offboard non-Windows machines](configure-endpoints-non-windows.md#offboard-non-windows-machines)
|
||||||
|
|||||||
@ -44,9 +44,9 @@ In the context of Microsoft Defender ATP, alert definitions are containers for I
|
|||||||
Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console.
|
Each IOC defines the concrete detection logic based on its type and value as well as its action, which determines how it is matched. It is bound to a specific alert definition that defines how a detection is displayed as an alert on the Microsoft Defender ATP console.
|
||||||
|
|
||||||
Here is an example of an IOC:
|
Here is an example of an IOC:
|
||||||
- Type: Sha1
|
- Type: Sha1
|
||||||
- Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56
|
- Value: 92cfceb39d57d914ed8b14d0e37643de0797ae56
|
||||||
- Action: Equals
|
- Action: Equals
|
||||||
|
|
||||||
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
|
IOCs have a many-to-one relationship with alert definitions such that an alert definition can have many IOCs that correspond to it.
|
||||||
|
|
||||||
|
|||||||
@ -296,9 +296,9 @@ You might also need to check the following:
|
|||||||
## Licensing requirements
|
## Licensing requirements
|
||||||
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
Microsoft Defender Advanced Threat Protection requires one of the following Microsoft Volume Licensing offers:
|
||||||
|
|
||||||
- Windows 10 Enterprise E5
|
- Windows 10 Enterprise E5
|
||||||
- Windows 10 Education E5
|
- Windows 10 Education E5
|
||||||
- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
|
- Microsoft 365 Enterprise E5 which includes Windows 10 Enterprise E5
|
||||||
|
|
||||||
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
|
For more information, see [Windows 10 Licensing](https://www.microsoft.com/en-us/Licensing/product-licensing/windows10.aspx#tab=2).
|
||||||
|
|
||||||
|
|||||||
@ -191,7 +191,7 @@ This setting will prevent a scan from occurring after receiving an update. You c
|
|||||||
|
|
||||||
|
|
||||||
### Enable headless UI mode
|
### Enable headless UI mode
|
||||||
- Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users.
|
- Double-click **Enable headless UI mode** and set the option to **Enabled**. Click **OK**. This hides the entire Windows Defender AV user interface from users.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Add rules for packaged apps to existing AppLocker rule-set
|
# Add rules for packaged apps to existing AppLocker rule-set
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
|
This topic for IT professionals describes how to update your existing AppLocker policies for packaged apps using the Remote Server Administration Toolkit (RSAT).
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 02/28/2019
|
|||||||
# Administer AppLocker
|
# Administer AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
|
This topic for IT professionals provides links to specific procedures to use when administering AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker architecture and components
|
# AppLocker architecture and components
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professional describes AppLocker’s basic architecture and its major components.
|
This topic for IT professional describes AppLocker’s basic architecture and its major components.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker functions
|
# AppLocker functions
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
|
This topic for the IT professional lists the functions and security levels for the Software Restriction Policies (SRP) and AppLocker features.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 10/16/2017
|
|||||||
# AppLocker
|
# AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
|
This topic provides a description of AppLocker and can help you decide if your organization can benefit from deploying AppLocker application control policies. AppLocker helps you control which apps and files users can run. These include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
|
||||||
|
|
||||||
|
|||||||
@ -21,8 +21,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker deployment guide
|
# AppLocker deployment guide
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
|
This topic for IT professionals introduces the concepts and describes the steps required to deploy AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker design guide
|
# AppLocker design guide
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
|
This topic for the IT professional introduces the design and planning steps required to deploy application control policies by using AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker policy use scenarios
|
# AppLocker policy use scenarios
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
|
This topic for the IT professional lists the various application control scenarios in which AppLocker policies can be effectively implemented.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker processes and interactions
|
# AppLocker processes and interactions
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
|
This topic for the IT professional describes the process dependencies and interactions when AppLocker evaluates and enforces rules.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker settings
|
# AppLocker settings
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional lists the settings used by AppLocker.
|
This topic for the IT professional lists the settings used by AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# AppLocker technical reference
|
# AppLocker technical reference
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This overview topic for IT professionals provides links to the topics in the technical reference.
|
This overview topic for IT professionals provides links to the topics in the technical reference.
|
||||||
AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.
|
AppLocker advances the application control features and functionality of Software Restriction Policies. AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny apps from running based on unique identities of files and to specify which users or groups can run those apps.
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 06/08/2018
|
|||||||
# Configure an AppLocker policy for audit only
|
# Configure an AppLocker policy for audit only
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
|
This topic for IT professionals describes how to set AppLocker policies to **Audit only** within your IT environment by using AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Configure an AppLocker policy for enforce rules
|
# Configure an AppLocker policy for enforce rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
|
This topic for IT professionals describes the steps to enable the AppLocker policy enforcement setting.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Add exceptions for an AppLocker rule
|
# Add exceptions for an AppLocker rule
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
|
This topic for IT professionals describes the steps to specify which apps can or cannot run as exceptions to an AppLocker rule.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Configure the AppLocker reference device
|
# Configure the AppLocker reference device
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
|
This topic for the IT professional describes the steps to create an AppLocker policy platform structure on a reference computer.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 04/02/2018
|
|||||||
# Configure the Application Identity service
|
# Configure the Application Identity service
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
|
This topic for IT professionals shows how to configure the Application Identity service to start automatically or manually.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create a rule for packaged apps
|
# Create a rule for packaged apps
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
This topic for IT professionals shows how to create an AppLocker rule for packaged apps with a publisher condition.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create a rule that uses a file hash condition
|
# Create a rule that uses a file hash condition
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
|
This topic for IT professionals shows how to create an AppLocker rule with a file hash condition.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create a rule that uses a path condition
|
# Create a rule that uses a path condition
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals shows how to create an AppLocker rule with a path condition.
|
This topic for IT professionals shows how to create an AppLocker rule with a path condition.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create a rule that uses a publisher condition
|
# Create a rule that uses a publisher condition
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
|
This topic for IT professionals shows how to create an AppLocker rule with a publisher condition.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create AppLocker default rules
|
# Create AppLocker default rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
|
This topic for IT professionals describes the steps to create a standard set of AppLocker rules that will allow Windows system files to run.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create a list of apps deployed to each business group
|
# Create a list of apps deployed to each business group
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
|
This topic describes the process of gathering app usage requirements from each business group in order to implement application control policies by using AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create Your AppLocker policies
|
# Create Your AppLocker policies
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
|
This overview topic for the IT professional describes the steps to create an AppLocker policy and prepare it for deployment.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Create Your AppLocker rules
|
# Create Your AppLocker rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
|
This topic for the IT professional describes what you need to know about AppLocker rules and the methods that you can to create rules.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 08/02/2018
|
|||||||
# Delete an AppLocker rule
|
# Delete an AppLocker rule
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to delete an AppLocker rule.
|
This topic for IT professionals describes the steps to delete an AppLocker rule.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Deploy AppLocker policies by using the enforce rules setting
|
# Deploy AppLocker policies by using the enforce rules setting
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
|
This topic for IT professionals describes the steps to deploy AppLocker policies by using the enforcement setting method.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Deploy the AppLocker policy into production
|
# Deploy the AppLocker policy into production
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
|
This topic for the IT professional describes the tasks that should be completed before you deploy AppLocker application control settings.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Determine the Group Policy structure and rule enforcement
|
# Determine the Group Policy structure and rule enforcement
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
|
This overview topic describes the process to follow when you are planning to deploy AppLocker rules.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Determine which apps are digitally signed on a reference device
|
# Determine which apps are digitally signed on a reference device
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
|
This topic for the IT professional describes how to use AppLocker logs and tools to determine which applications are digitally signed.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Determine your application control objectives
|
# Determine your application control objectives
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
|
This topic helps you with the decisions you need to make to determine what applications to control and how to control them by comparing Software Restriction Policies (SRP) and AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Display a custom URL message when users try to run a blocked app
|
# Display a custom URL message when users try to run a blocked app
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
|
This topic for IT professionals describes the steps for displaying a customized message to users when an AppLocker policy denies access to an app.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# DLL rules in AppLocker
|
# DLL rules in AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes the file formats and available default rules for the DLL rule collection.
|
This topic describes the file formats and available default rules for the DLL rule collection.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Document the Group Policy structure and AppLocker rule enforcement
|
# Document the Group Policy structure and AppLocker rule enforcement
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
|
This planning topic describes what you need to investigate, determine, and record in your application control policies plan when you use AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Document your app list
|
# Document your app list
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
|
This planning topic describes the app information that you should document when you create a list of apps for AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Document your AppLocker rules
|
# Document your AppLocker rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
|
This topic describes what rule conditions to associate with each file, how to associate the rule conditions with each file, the source of the rule, and whether the file should be included or excluded.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Edit an AppLocker policy
|
# Edit an AppLocker policy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps required to modify an AppLocker policy.
|
This topic for IT professionals describes the steps required to modify an AppLocker policy.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Edit AppLocker rules
|
# Edit AppLocker rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
|
This topic for IT professionals describes the steps to edit a publisher rule, path rule, and file hash rule in AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Enable the DLL rule collection
|
# Enable the DLL rule collection
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
|
This topic for IT professionals describes the steps to enable the DLL rule collection feature for AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Enforce AppLocker rules
|
# Enforce AppLocker rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to enforce application control rules by using AppLocker.
|
This topic for IT professionals describes how to enforce application control rules by using AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Executable rules in AppLocker
|
# Executable rules in AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes the file formats and available default rules for the executable rule collection.
|
This topic describes the file formats and available default rules for the executable rule collection.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Export an AppLocker policy from a GPO
|
# Export an AppLocker policy from a GPO
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
|
This topic for IT professionals describes the steps to export an AppLocker policy from a Group Policy Object (GPO) so that it can be modified.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Export an AppLocker policy to an XML file
|
# Export an AppLocker policy to an XML file
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
|
This topic for IT professionals describes the steps to export an AppLocker policy to an XML file for review or testing.
|
||||||
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
|
Membership in the local **Administrators** group, or equivalent, is the minimum required to complete this procedure.
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# How AppLocker works
|
# How AppLocker works
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
|
This topic for the IT professional provides links to topics about AppLocker architecture and components, processes and interactions, rules and policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Import an AppLocker policy from another computer
|
# Import an AppLocker policy from another computer
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to import an AppLocker policy.
|
This topic for IT professionals describes how to import an AppLocker policy.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Import an AppLocker policy into a GPO
|
# Import an AppLocker policy into a GPO
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
|
This topic for IT professionals describes the steps to import an AppLocker policy into a Group Policy Object (GPO).
|
||||||
AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
|
AppLocker policies can be created as local security policies and modified like any other local security policy, or they can be created as part of a GPO and managed by using Group Policy. You can create AppLocker policies on any supported computer. For info about which Windows editions are supported, see [Requirements to Use AppLocker](requirements-to-use-applocker.md).
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Maintain AppLocker policies
|
# Maintain AppLocker policies
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes how to maintain rules within AppLocker policies.
|
This topic describes how to maintain rules within AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Manage packaged apps with AppLocker
|
# Manage packaged apps with AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
|
This topic for IT professionals describes concepts and lists procedures to help you manage Packaged apps with AppLocker as part of your overall application control strategy.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Merge AppLocker policies by using Set-ApplockerPolicy
|
# Merge AppLocker policies by using Set-ApplockerPolicy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
|
This topic for IT professionals describes the steps to merge AppLocker policies by using Windows PowerShell.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Merge AppLocker policies manually
|
# Merge AppLocker policies manually
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
|
This topic for IT professionals describes the steps to manually merge AppLocker policies to update the Group Policy Object (GPO).
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Monitor app usage with AppLocker
|
# Monitor app usage with AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
|
This topic for IT professionals describes how to monitor app usage when AppLocker policies are applied.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Optimize AppLocker performance
|
# Optimize AppLocker performance
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes how to optimize AppLocker policy enforcement.
|
This topic for IT professionals describes how to optimize AppLocker policy enforcement.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 10/13/2017
|
|||||||
# Packaged apps and packaged app installer rules in AppLocker
|
# Packaged apps and packaged app installer rules in AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
|
This topic explains the AppLocker rule collection for packaged app installers and packaged apps.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Plan for AppLocker policy management
|
# Plan for AppLocker policy management
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
|
This topic for describes the decisions you need to make to establish the processes for managing and maintaining AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Refresh an AppLocker policy
|
# Refresh an AppLocker policy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to force an update for an AppLocker policy.
|
This topic for IT professionals describes the steps to force an update for an AppLocker policy.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Requirements for deploying AppLocker policies
|
# Requirements for deploying AppLocker policies
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
|
This deployment topic for the IT professional lists the requirements that you need to consider before you deploy AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Requirements to use AppLocker
|
# Requirements to use AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
|
This topic for the IT professional lists software requirements to use AppLocker on the supported Windows operating systems.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Run the Automatically Generate Rules wizard
|
# Run the Automatically Generate Rules wizard
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
|
This topic for IT professionals describes steps to run the wizard to create AppLocker rules on a reference device.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Script rules in AppLocker
|
# Script rules in AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes the file formats and available default rules for the script rule collection.
|
This topic describes the file formats and available default rules for the script rule collection.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Security considerations for AppLocker
|
# Security considerations for AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
|
This topic for the IT professional describes the security considerations you need to address when implementing AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Select the types of rules to create
|
# Select the types of rules to create
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
|
This topic lists resources you can use when selecting your application control policy rules by using AppLocker.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Test an AppLocker policy by using Test-AppLockerPolicy
|
# Test an AppLocker policy by using Test-AppLockerPolicy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
|
This topic for IT professionals describes the steps to test an AppLocker policy prior to importing it into a Group Policy Object (GPO) or another computer.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Test and update an AppLocker policy
|
# Test and update an AppLocker policy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic discusses the steps required to test an AppLocker policy prior to deployment.
|
This topic discusses the steps required to test an AppLocker policy prior to deployment.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Tools to use with AppLocker
|
# Tools to use with AppLocker
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes the tools available to create and administer AppLocker policies.
|
This topic for the IT professional describes the tools available to create and administer AppLocker policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understand AppLocker enforcement settings
|
# Understand AppLocker enforcement settings
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes the AppLocker enforcement settings for rule collections.
|
This topic describes the AppLocker enforcement settings for rule collections.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 10/13/2017
|
|||||||
# Understand AppLocker policy design decisions
|
# Understand AppLocker policy design decisions
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
|
This topic for the IT professional lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies by using AppLocker within a Windows operating system environment.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understand AppLocker rules and enforcement setting inheritance in Group Policy
|
# Understand AppLocker rules and enforcement setting inheritance in Group Policy
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
|
This topic for the IT professional describes how application control policies configured in AppLocker are applied through Group Policy.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understand the AppLocker policy deployment process
|
# Understand the AppLocker policy deployment process
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
|
This planning and deployment topic for the IT professional describes the process for using AppLocker when deploying application control policies.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understanding AppLocker allow and deny actions on rules
|
# Understanding AppLocker allow and deny actions on rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic explains the differences between allow and deny actions on AppLocker rules.
|
This topic explains the differences between allow and deny actions on AppLocker rules.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understanding AppLocker default rules
|
# Understanding AppLocker default rules
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
|
This topic for IT professional describes the set of rules that can be used to ensure that required Windows system files are allowed to run when the policy is applied.
|
||||||
|
|
||||||
|
|||||||
@ -20,8 +20,8 @@ ms.date: 09/21/2017
|
|||||||
# Understanding AppLocker rule behavior
|
# Understanding AppLocker rule behavior
|
||||||
|
|
||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
- Windows Server
|
- Windows Server
|
||||||
|
|
||||||
This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
|
This topic describes how AppLocker rules are enforced by using the allow and deny options in AppLocker.
|
||||||
|
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user