deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #5223 from MicrosoftDocs/master

Browse Source 
Publish 05/25/2021, 10:30 AM
This commit is contained in:
Diana Hanson 2021-05-25 11:36:12 -06:00 committed by GitHub
commit 9c974326ec
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 83 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -136,45 +136,45 @@ The SasUrl value is the target URI to which the CSP uploads the zip file contain
- Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`. - Expected input value: The full command line including path and any arguments, such as `%windir%\\system32\\ipconfig.exe /all`.
- Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter. - Output format: Console text output from the command is captured in a text file and included in the overall output archive. For commands which may generate file output rather than console output, a subsequent FolderFiles directive would be used to capture that output. The example XML above demonstrates this pattern with mdmdiagnosticstool.exe's -out parameter.
- Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed: - Privacy guardrails: To enable diagnostic data capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only the following commands are allowed:
- %windir%\\system32\\certutil.exe - %windir%\\system32\\certutil.exe
- %windir%\\system32\\dxdiag.exe - %windir%\\system32\\dxdiag.exe
- %windir%\\system32\\gpresult.exe - %windir%\\system32\\gpresult.exe
- %windir%\\system32\\msinfo32.exe - %windir%\\system32\\msinfo32.exe
- %windir%\\system32\\netsh.exe - %windir%\\system32\\netsh.exe
- %windir%\\system32\\nltest.exe - %windir%\\system32\\nltest.exe
- %windir%\\system32\\ping.exe - %windir%\\system32\\ping.exe
- %windir%\\system32\\powercfg.exe - %windir%\\system32\\powercfg.exe
- %windir%\\system32\\w32tm.exe - %windir%\\system32\\w32tm.exe
- %windir%\\system32\\wpr.exe - %windir%\\system32\\wpr.exe
- %windir%\\system32\\dsregcmd.exe - %windir%\\system32\\dsregcmd.exe
- %windir%\\system32\\dispdiag.exe - %windir%\\system32\\dispdiag.exe
- %windir%\\system32\\ipconfig.exe - %windir%\\system32\\ipconfig.exe
- %windir%\\system32\\logman.exe - %windir%\\system32\\logman.exe
- %windir%\\system32\\tracelog.exe - %windir%\\system32\\tracelog.exe
- %programfiles%\\windows defender\\mpcmdrun.exe - %programfiles%\\windows defender\\mpcmdrun.exe
- %windir%\\system32\\MdmDiagnosticsTool.exe - %windir%\\system32\\MdmDiagnosticsTool.exe
- %windir%\\system32\\pnputil.exe - %windir%\\system32\\pnputil.exe
- **FoldersFiles** - **FoldersFiles**
- Captures log files from a given path (without recursion). - Captures log files from a given path (without recursion).
- Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log". - Expected input value: File path with or without wildcards, such as "%windir%\\System32", or "%programfiles%\\*.log".
- Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed: - Privacy guardrails: To enable diagnostic log capture while reducing the risk of an IT admin inadvertently capturing user-generated documents, only paths under the following roots are allowed:
- %PROGRAMFILES% - %PROGRAMFILES%
- %PROGRAMDATA% - %PROGRAMDATA%
- %PUBLIC% - %PUBLIC%
- %WINDIR% - %WINDIR%
- %TEMP% - %TEMP%
- %TMP% - %TMP%
- Additionally, only files with the following extensions are captured: - Additionally, only files with the following extensions are captured:
- .log - .log
- .txt - .txt
- .dmp - .dmp
- .cab - .cab
- .zip - .zip
- .xml - .xml
- .html - .html
- .evtx - .evtx
- .etl - .etl
<a href="" id="diagnosticarchive-archiveresults"></a>**DiagnosticArchive/ArchiveResults** <a href="" id="diagnosticarchive-archiveresults"></a>**DiagnosticArchive/ArchiveResults**
Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run. Added in version 1.4 of the CSP in Windows 10, version 1903. This policy setting displays the results of the last archive run.

50
windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
View File

@ -9,12 +9,12 @@ ms.mktglfcycl: manage
ms.sitesec: library ms.sitesec: library
ms.localizationpriority: high ms.localizationpriority: high
audience: ITPro audience: ITPro
author: linque1 author: tomlayson
ms.author: robsize ms.author: tomlayson
manager: robsize manager: riche
ms.collection: M365-security-compliance ms.collection: M365-security-compliance
ms.topic: article ms.topic: article
ms.date: 12/1/2020 ms.date: 5/21/2021
--- ---
# Manage connections from Windows 10 operating system components to Microsoft services # Manage connections from Windows 10 operating system components to Microsoft services
@ -592,6 +592,48 @@ Alternatively, you can configure the following Registry keys as described:
For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](/microsoft-edge/deploy/available-policies).
### <a href="" id="bkmk-edgegp"></a>13.2 Microsoft Edge Enterprise
For a complete list of the Microsoft Edge policies, see [Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies).
> [!Important]
> - The following settings are applicable to Microsoft Edge version 77 or later.
> - For details on supported Operating Systems, see [Microsoft Edge supported Operating Systems](/deployedge/microsoft-edge-supported-operating-systems).
> - These policies require the Microsoft Edge administrative templates to be applied. For more information on administrative templates for Microsoft Edge, see [Configure Microsoft Edge policy settings on Windows](/deployedge/configure-microsoft-edge).
> - Devices must be domain joined for some of the policies to take effect.
| Policy | Group Policy Path | Registry Path |
|----------------------------------|--------------------|---------------------------------------------|
| **SearchSuggestEnabled** | Computer Configuration/Administrative Templates/Windows Component/Microsoft Edge - Enable search suggestions | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: SearchSuggestEnabled Set to 0** |
| **AutofillAddressEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for addresses | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: AutofillAddressEnabled Set to 0** |
| **AutofillCreditCardEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Enable AutoFill for credit cards | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: AutofillCreditCardEnabled Set to 0** |
| **ConfigureDoNotTrack** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge - Configure Do Not Track | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Enabled**| **REG_DWORD name: ConfigureDoNotTrackSet to 1** |
| **PasswordManagerEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Password manager and protection-Enable saving passwords to the password manager | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: PasswordManagerEnabled Set to 0** |
| **DefaultSearchProviderEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Default search provider-Enable the default search provider | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: DefaultSearchProviderEnabled Set to 0** |
| **HideFirstRunExperience** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Hide the First-run experience and splash screen | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Enabled**| **REG_DWORD name: HideFirstRunExperience Set to 1** |
| **SmartScreenEnabled** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/SmartScreen settings-Configure Microsoft Defender SmartScreen | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: SmartScreenEnabled Set to 0** |
| **NewTabPageLocation** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Configure the new tab page URL | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Enabled-Value “about:blank”**| **REG_SZ name: NewTabPageLocation Set to about:blank** |
| **RestoreOnStartup** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page- Action to take on startup | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge |
| | **Set to Disabled**| **REG_DWORD name: RestoreOnStartupSet to 5** |
| **RestoreOnStartupURLs** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge/Startup, home page and new tab page-Sites to open when the browser starts | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\RestoreOnStartupURLs |
| | **Set to Disabled**| **REG_SZ name: 1 Set to about:blank** |
| **UpdateDefault** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Applications-Update policy override default | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
| | **Set to Enabled - 'Updates disabled'**| **REG_DWORD name: UpdateDefault Set to 0** |
| **AutoUpdateCheckPeriodMinutes** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
| | **Set to Enabled - Set Value for Minutes between update checks to 0**| **REG_DWORD name: AutoUpdateCheckPeriodMinutes Set to 0** |
| **Experimentation and Configuration Service** | Computer Configurations/Administrative Templates/Windows Component/Microsoft Edge Update/Preferences- Auto-update check period override | HKEY_LOCAL_MACHINE \SOFTWARE\Policies\Microsoft\Edge\EdgeUpdate |
| | **Set to RestrictedMode**| **REG_DWORD name: ExperimentationAndConfigurationServiceControl Set to 0** |
|||
### <a href="" id="bkmk-ncsi"></a>14. Network Connection Status Indicator ### <a href="" id="bkmk-ncsi"></a>14. Network Connection Status Indicator
Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more. Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. See the [Microsoft Networking Blog](https://techcommunity.microsoft.com/t5/Networking-Blog/bg-p/NetworkingBlog) to learn more.

5
windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs.md
View File

@ -94,6 +94,9 @@ To find the PCR information, go to the end of the file.
## Use PCPTool to decode Measured Boot logs ## Use PCPTool to decode Measured Boot logs
> [!NOTE]
> PCPTool is a Visual Studio solution, but you need to build the executable before you can start using this tool.
PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file. PCPTool is part of the [TPM Platform Crypto-Provider Toolkit](https://www.microsoft.com/download/details.aspx?id=52487). The tool decodes a Measured Boot log file and converts it into an XML file.
To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions. To download and install PCPTool, go to the Toolkit page, select **Download**, and follow the instructions.
@ -111,4 +114,4 @@ where the variables represent the following values:
The content of the XML file resembles the following. The content of the XML file resembles the following.
![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg) ![Command Prompt window that shows an example of how to use PCPTool](./images/pcptool-output.jpg)