deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into App-v-revision

Browse Source
This commit is contained in:
Heidi Lohr 2018-02-01 08:46:41 -08:00
commit 9f4cfed7dd
16 changed files with 889 additions and 683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.openpublishing.publish.config.json
View File

@ -102,24 +102,6 @@
"moniker_groups": [],
"version": 0
},
{
"docset_name": "microsoft-365",
"build_source_folder": "microsoft-365",
"build_output_subfolder": "microsoft-365",
"locale": "en-us",
"monikers": [],
"moniker_ranges": [],
"open_to_public_contributors": false,
"type_mapping": {
"Conceptual": "Content",
"ManagedReference": "Content",
"RestApi": "Content"
},
"build_entry_point": "docs",
"template_folder": "_themes",
"moniker_groups": [],
"version": 0
},
{
"docset_name": "microsoft-edge-VSTS",
"build_source_folder": "browsers/edge",

5
.openpublishing.redirection.json
View File

@ -51,6 +51,11 @@
"redirect_document_id": true
},
{
"source_path": "windows/configuration/configure-windows-telemetry-in-your-organization.md",
"redirect_url": "/windows/configuration/configure-windows-diagnostic-data-in-your-organization",
"redirect_document_id": true
},
{
"source_path": "windows/configuration/EventName.md",
"redirect_url": "/windows/configuration/enhanced-telemetry-windows-analytics-events-and-fields",
"redirect_document_id": true

37
microsoft-365/docfx.json
View File

@ -1,37 +0,0 @@
{
"build": {
"content": [
{
"files": [
"**/*.md"
],
"exclude": [
"**/obj/**",
"**/includes/**",
"README.md",
"LICENSE",
"LICENSE-CODE",
"ThirdPartyNotices"
]
}
],
"resource": [
{
"files": [
"**/*.png",
"**/*.jpg"
],
"exclude": [
"**/obj/**",
"**/includes/**"
]
}
],
"overwrite": [],
"externalReference": [],
"globalMetadata": {},
"fileMetadata": {},
"template": [],
"dest": "microsoft-365"
}
}

2
store-for-business/whats-new-microsoft-store-business-education.md
View File

@ -11,7 +11,7 @@ ms.date: 1/8/2018
# What's new in Microsoft Store for Business and Education
Microsoft Store for Business and Education regularly releases new and improved feaures.
Microsoft Store for Business and Education regularly releases new and improved features.
## Latest updates for Store for Business and Education

10
windows/client-management/mdm/defender-csp.md
View File

@ -7,12 +7,15 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 06/26/2017
ms.date: 01/29/2018
---
# Defender CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
The following image shows the Windows Defender configuration service provider in tree format.
@ -310,6 +313,11 @@ Node that can be used to perform signature updates for Windows Defender.
Supported operations are Get and Execute.
<a href="" id="offlinescan"></a>**OfflineScan**
Added in Windows 10, next major update. OfflineScan action starts a Windows Defender offline scan on the computer where you run the command. This command causes the computer reboot and start in Windows Defender offline mode to begin the scan.
Supported operations are Get and Execute.
## Related topics

1256
windows/client-management/mdm/defender-ddf.md
View File

File diff suppressed because it is too large Load Diff

BIN
windows/client-management/mdm/images/provisioning-csp-defender.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 23 KiB

After

Width:  |  Height:  |  Size: 29 KiB

4
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1514,6 +1514,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, next major update.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added new node (OfflineScan) in Windows 10, next major update.</p>
</td></tr>
</tbody>
</table>

3
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -83,6 +83,9 @@ The following diagram shows the WindowsDefenderApplicationGuard configuration se
<a href="" id="installwindowsdefenderapplicationguard"></a>**InstallWindowsDefenderApplicationGuard**
<p style="margin-left: 20px">Initiates remote installation of Application Guard feature. Supported operations are Get and Execute.</p>
- Install - Will initiate feature install
- Uninstall - Will initiate feature uninstall
<a href="" id="audit"></a>**Audit**
<p style="margin-left: 20px">Interior node. Supported operation is Get</p>

4
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: high
author: jdeckerms
ms.date: 01/26/2018
ms.date: 01/31/2018
---
# Change history for Configure Windows 10
@ -26,6 +26,8 @@ New or changed topic | Description
[Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Added section for removing default apps from the taskbar.
[Manage Windows 10 connection endpoints](manage-windows-endpoints-version-1709.md) | New topic for Windows 10, version 1709 that explains the purpose for connections to Microsoft services and how to manage them.
[Configure Windows Spotlight on the lock screen](windows-spotlight.md) | Added section for resolution of custom lock screen images.
[Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Added section for automatic sign-in after restart on unmanaged devices.
## November 2017

BIN
windows/configuration/images/auto-signin.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

3
windows/configuration/lock-down-windows-10-to-specific-apps.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.date: 11/26/2018
ms.date: 01/31/2018
ms.author: jdecker
---
@ -52,6 +52,7 @@ If you don't want to use a provisioning package, you can deploy the configuratio
- The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
## Create XML file
Let's start by looking at the basic structure of the XML file.

10
windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.date: 10/16/2017
ms.date: 01/31/2018
---
# Set up a kiosk on Windows 10 Pro, Enterprise, or Education
@ -37,9 +37,15 @@ To return the device to the regular shell, see [Sign out of assigned access](#si
>[!NOTE]
>A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
 
## Using a local device as a kiosk
When your kiosk is a local device that is not managed by Active Directory or Azure Active Directory, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
If you want the kiosk account signed in automatically and the kiosk app launched when the device restarts, there is nothing you need to do.
If you do not want the kiosk account signed in automatically when the device restarts, you must change the default setting before you configure the device as a kiosk. Sign in with the account that you will assign as the kiosk account, go to **Settings** > **Accounts** > **Sign-in options**, and toggle the **Use my sign-in info to automatically finish setting up my device after an update or restart** setting to **Off**. After you change the setting, you can apply the kiosk configuration to the device.
![Screenshot of automatic sign-in setting](images/auto-signin.png)
<span id="wizard" />
## Set up a kiosk using Windows Configuration Designer

2
windows/deployment/update/waas-configure-wufb.md
View File

@ -28,7 +28,7 @@ ms.date: 10/13/2017
You can use Group Policy or your mobile device management (MDM) service to configure Windows Update for Business settings for your devices. The sections in this topic provide the Group Policy and MDM policies for Windows 10, version 1511 and above. The MDM policies use the OMA-URI setting from the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962.aspx).
>[!IMPORTANT]
>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-diagnostic-data-in-your-organization#configure-the-operating-system-diagnostic-data-level).
>For Windows Update for Business policies to be honored, the Diagnostic Data level of the device must be set to **1 (Basic)** or higher. If it is set to **0 (Security)**, Windows Update for Business policies will have no effect. For instructions, see [Configure the operating system diagnostic data level](https://docs.microsoft.com/windows/configuration/configure-windows-diagnostic-data-in-your-organization#diagnostic-data-levels).
Some Windows Update for Business policies are not applicable or behave differently for devices running Windows 10 Mobile Enterprise. Specifically, policies pertaining to Feature Updates will not be applied to Windows 10 Mobile Enterprise. All Windows 10 Mobile updates are recognized as Quality Updates, and can only be deferred or paused using the Quality Update policy settings. Additional information is provided in this topic and in [Deploy updates for Windows 10 Mobile Enterprise and Windows 10 IoT Mobile](waas-mobile-updates.md).

1
windows/threat-protection/TOC.md
View File

@ -254,6 +254,7 @@
#### [Enable Exploit protection](windows-defender-exploit-guard\enable-exploit-protection.md)
#### [Customize Exploit protection](windows-defender-exploit-guard\customize-exploit-protection.md)
##### [Import, export, and deploy Exploit protection configurations](windows-defender-exploit-guard\import-export-exploit-protection-emet-xml.md)
#### [Troubleshoot Exploit protection mitigations](windows-defender-exploit-guard\troubleshoot-exploit-protection-mitigations.md)
### [Attack surface reduction](windows-defender-exploit-guard\attack-surface-reduction-exploit-guard.md)
#### [Evaluate Attack surface reduction](windows-defender-exploit-guard\evaluate-attack-surface-reduction.md)
#### [Enable Attack surface reduction](windows-defender-exploit-guard\enable-attack-surface-reduction.md)

217
windows/threat-protection/windows-defender-exploit-guard/troubleshoot-exploit-protection-mitigations.md Normal file
View File

@ -0,0 +1,217 @@
---
title: Deploy Exploit protection mitigations across your organization
keywords: Exploit protection, mitigations, troubleshoot, import, export, configure, emet, convert, conversion, deploy, install
description: Remove unwanted Exploit protection mitigations.
search.product: eADQiWindows 10XVcnh
ms.pagetype: security
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: security
localizationpriority: medium
author: andreabichsel
ms.author: v-anbic
ms.date: 01/31/18
---
# Troubleshoot Exploit protection mitigations
**Applies to:**
- Windows 10, version 1709
**Audience**
- Enterprise security administrators
**Manageability available with**
- Windows Defender Security Center app
- PowerShell
When you create a set of Exploit protection mitigations (known as a configuration), you might find that the configuration export and import process does not remove all unwanted mitigations.
You can manually remove unwanted mitigations in Windows Defender Security Center, or you can use the following process to remove all mitigations and then import a baseline configuration file instead.
1. Remove all process mitigations with this PowerShell script:
```PowerShell
# Check if Admin-Privileges are available
function Test-IsAdmin {
([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")
}
# Delete ExploitGuard ProcessMitigations for a given key in the registry. If no other settings exist under the specified key,
# the key is deleted as well
function Remove-ProcessMitigations([Object] $Key, [string] $Name) {
Try {
if ($Key.GetValue("MitigationOptions")) {
Write-Host "Removing MitigationOptions for: " $Name
Remove-ItemProperty -Path $Key.PSPath -Name "MitigationOptions" -ErrorAction Stop;
}
if ($Key.GetValue("MitigationAuditOptions")) {
Write-Host "Removing MitigationAuditOptions for: " $Name
Remove-ItemProperty -Path $Key.PSPath -Name "MitigationAuditOptions" -ErrorAction Stop;
}
# Remove the FilterFullPath value if there is nothing else
if (($Key.SubKeyCount -eq 0) -and ($Key.ValueCount -eq 1) -and ($Key.GetValue("FilterFullPath"))) {
Remove-ItemProperty -Path $Key.PSPath -Name "FilterFullPath" -ErrorAction Stop;
}
# If the key is empty now, delete it
if (($Key.SubKeyCount -eq 0) -and ($Key.ValueCount -eq 0)) {
Write-Host "Removing empty Entry: " $Name
Remove-Item -Path $Key.PSPath -ErrorAction Stop
}
}
Catch {
Write-Host "ERROR:" $_.Exception.Message "- at ($MitigationItemName)"
}
}
# Delete all ExploitGuard ProcessMitigations
function Remove-All-ProcessMitigations {
if (!(Test-IsAdmin)) {
throw "ERROR: No Administrator-Privileges detected!"; return
}
Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options" | ForEach-Object {
$MitigationItem = $_;
$MitigationItemName = $MitigationItem.PSChildName
Try {
Remove-ProcessMitigations $MitigationItem $MitigationItemName
# "UseFilter" indicate full path filters may be present
if ($MitigationItem.GetValue("UseFilter")) {
Get-ChildItem -Path $MitigationItem.PSPath | ForEach-Object {
$FullPathItem = $_
if ($FullPathItem.GetValue("FilterFullPath")) {
$Name = $MitigationItemName + "-" + $FullPathItem.GetValue("FilterFullPath")
Write-Host "Removing FullPathEntry: " $Name
Remove-ProcessMitigations $FullPathItem $Name
}
# If there are no subkeys now, we can delete the "UseFilter" value
if ($MitigationItem.SubKeyCount -eq 0) {
Remove-ItemProperty -Path $MitigationItem.PSPath -Name "UseFilter" -ErrorAction Stop
}
}
}
if (($MitigationItem.SubKeyCount -eq 0) -and ($MitigationItem.ValueCount -eq 0)) {
Write-Host "Removing empty Entry: " $MitigationItemName
Remove-Item -Path $MitigationItem.PSPath -ErrorAction Stop
}
}
Catch {
Write-Host "ERROR:" $_.Exception.Message "- at ($MitigationItemName)"
}
}
}
# Delete all ExploitGuard System-wide Mitigations
function Remove-All-SystemMitigations {
if (!(Test-IsAdmin)) {
throw "ERROR: No Administrator-Privileges detected!"; return
}
$Kernel = Get-Item -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager\kernel"
Try {
if ($Kernel.GetValue("MitigationOptions"))
{ Write-Host "Removing System MitigationOptions"
Remove-ItemProperty -Path $Kernel.PSPath -Name "MitigationOptions" -ErrorAction Stop;
}
if ($Kernel.GetValue("MitigationAuditOptions"))
{ Write-Host "Removing System MitigationAuditOptions"
Remove-ItemProperty -Path $Kernel.PSPath -Name "MitigationAuditOptions" -ErrorAction Stop;
}
} Catch {
Write-Host "ERROR:" $_.Exception.Message "- System"
}
}
Remove-All-ProcessMitigations
Remove-All-SystemMitigations
```
2. Create and import an XML configuration file with the following default mitigations, as described in Import, export, and deploy Exploit Protection configurations:
```xml
<?xml version="1.0" encoding="UTF-8"?>
<root>
<SystemConfig/>
<AppConfig Executable="ExtExport.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="ie4uinit.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="ieinstal.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="ielowutil.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="ieUnatt.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="iexplore.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="mscorsvw.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
<AppConfig Executable="msfeedssync.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="mshta.exe">
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true"/>
</AppConfig>
<AppConfig Executable="ngen.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
<AppConfig Executable="ngentask.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
<AppConfig Executable="PresentationHost.exe">
<DEP Enable="true" OverrideDEP="false" EmulateAtlThunks="false"/>
<ASLR OverrideForceRelocateImages="false" ForceRelocateImages="false" Enable="true" OverrideBottomUp="false" HighEntropy="true" BottomUp="true"/>
<SEHOP Enable="true" OverrideSEHOP="false" TelemetryOnly="false"/>
<Heap OverrideHeap="false" TerminateOnError="true"/>
</AppConfig>
<AppConfig Executable="PrintDialog.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
<AppConfig Executable="PrintIsolationHost.exe"/>
<AppConfig Executable="runtimebroker.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
<AppConfig Executable="splwow64.exe"/>
<AppConfig Executable="spoolsv.exe"/>
<AppConfig Executable="svchost.exe"/>
<AppConfig Executable="SystemSettings.exe">
<ExtensionPoints OverrideExtensionPoint="false" DisableExtensionPoints="true"/>
</AppConfig>
</root>
```
If you havent already, it's a good idea to download and use the [Windows Security Baselines](https://docs.microsoft.com/en-us/windows/device-security/windows-security-baselines) to complete your Exploit protection customization.
## Related topics
- [Protect devices from exploits with Windows Defender Exploit Guard](exploit-protection-exploit-guard.md)
- [Comparison with Enhanced Mitigation Experience Toolkit](emet-exploit-protection-exploit-guard.md)
- [Evaluate Exploit protection](evaluate-exploit-protection.md)
- [Enable Exploit protection](enable-exploit-protection.md)
- [Configure and audit Exploit protection mitigations](customize-exploit-protection.md)
- [Import, export, and deploy Exploit protection configurations](import-export-exploit-protection-emet-xml.md)