From 5bce39ea1811650839de0e837588d34a7c1aa4e7 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 11 Jan 2022 15:57:04 +0530 Subject: [PATCH 01/85] fixed Acrolinx scores --- ...te-a-package-accelerator-with-powershell.md | 8 ++++---- .../appv-release-notes-for-appv-for-windows.md | 14 +++++++------- .../app-v/appv-technical-reference.md | 18 +++++++++--------- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 79b713f591..13e617e6bf 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). 2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +3. Ensure you have the .apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. 4. Enter the **New-AppvPackageAccelerator** cmdlet. The following parameters are required to use the package accelerator cmdlet: - *InstalledFilesPath* specifies the application installation path. - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the .appv package. + - *InputPackagePath* specifies the path to the.appv package. - *Path* specifies the output directory for the package. - The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media: + The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: ```PowerShell New-AppvPackageAccelerator -InputPackagePath -Installer -Path @@ -46,6 +46,6 @@ App-V Package Accelerators automatically sequence large, complex applications. A -## Related topics +## Related articles - [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md index bfabcf0c97..908f5748b5 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md @@ -20,13 +20,13 @@ ms.author: greglin The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607. ## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client -MSI packages that were generated using an App-V sequencer from previous versions of App-V (App-V versions 5.1 and earlier) include a check to validate that the App-V client is installed on client devices before allowing the MSI package to install. Now that the App-V client is installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail. +There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail. **Workaround**: 1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md). -2. Ensure that you have installed the **MSI Tools** included in the Windows 10 SDK, available as follows: +2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows: - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/en-us/windows/downloads). @@ -44,21 +44,21 @@ MSI packages that were generated using an App-V sequencer from previous versions `Update-AppvPackageMsi -MsiPackage "" -MsSdkPath ""` - where the path is to the new directory (**C:\MyMsiTools\ for this example**). + where the path is to the new directory (**C:\MyMsiTools\ for this example**). ## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10 -An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10. This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier. +An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10. This error occurs because the App-V 5.0 SP3 server doesn't understand the Windows 10-operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but isn't backported to versions of App-V 5.0 SP3 or earlier. **Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients. ## Custom configurations do not get applied for packages that will be published globally if they are set using the App-V Server If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration will not be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages will not have access to this custom configuration. -**Workaround**: Do one of the following: +**Workaround**: Implement one of the following tasks: -- Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration will be stored in each user’s profile and will be applied correctly. +- Assign the package to groups containing only user accounts. This assignation ensures that the package’s custom configuration will be stored in each user’s profile and will be applied correctly. -- Create a custom deployment configuration file and apply it to the package on the client using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V Dynamic Configuration](appv-dynamic-configuration.md) for more information. +- Create a custom deployment configuration file and apply it to the package on the client, using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V Dynamic Configuration](appv-dynamic-configuration.md) for more information. - Create a new package with the custom configuration using the App-V Sequencer. diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md index 378c6cf052..4eeb5962c1 100644 --- a/windows/application-management/app-v/appv-technical-reference.md +++ b/windows/application-management/app-v/appv-technical-reference.md @@ -24,21 +24,21 @@ This section provides reference information related to managing App-V. - [Performance Guidance for Application Virtualization](appv-performance-guidance.md) - Provides strategy and context for many performance optimizations. Not all practices will be applicable. However, these are tested and supported. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience. + Provides strategy and context for many performance optimizations. Not all practices will be applicable. However, these practices are tested and supported. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience. - [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md) Describes how the following App-V client operations affect the local operating system: - App-V files and data storage locations -- package registry -- package store behavior -- roaming registry and data -- client application lifecycle management -- integration of App-V packages -- dynamic configuration -- side-by-side assemblies -- client logging +- Package registry +- Package store behavior +- Roaming registry and data +- Client application lifecycle management +- Integration of App-V packages +- Dynamic configuration +- Side-by-side assemblies +- Client logging - [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md) From 441a66e050ebad0da1089e8b66b16fa1239e4904 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 11 Jan 2022 16:16:04 +0530 Subject: [PATCH 02/85] Update appv-release-notes-for-appv-for-windows.md --- .../app-v/appv-release-notes-for-appv-for-windows.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md index 908f5748b5..af731fd9e0 100644 --- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md +++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md @@ -109,9 +109,9 @@ In environments that are running the RDS Client or that have multiple concurrent **Workaround**: Have users log out and then log back in. ## Error message is erroneously displayed when the connection group is published only to the user -When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Please ensure that the package is added to the machine and published to the user.” +When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Ensure that the package is added to the machine and published to the user.” -**Workaround**: Do one of the following: +**Workaround**: Execute one of the following tasks: - Publish all packages in a connection group. @@ -119,7 +119,7 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed, - Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command. - Determine which packages are available to users and then run the **Repair-AppvClientPackage** command once for each package. Use Windows PowerShell cmdlets to do the following: + Determine which packages are available to users and then run the **Repair-AppvClientPackage** command once for each package. Use Windows PowerShell cmdlets to execute the following tasks: 1. Get all the packages in a connection group. @@ -128,7 +128,7 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed, 3. If the package is currently published, run **Repair-AppvClientPackage** on that package. ## Icons not displayed properly in Sequencer -Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32. +Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons is not 16x16 or 32x32. **Workaround**: Only use icons that are 16x16 or 32x32. From 7a36ba87e8d6f916cbaa91dafad567cef50e3ccc Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 12 Jan 2022 12:44:22 +0530 Subject: [PATCH 03/85] updates --- ...w-search-engine-customization-shortdesc.md | 27 ++++++++++-------- ...ure-additional-search-engines-shortdesc.md | 23 +++++++-------- .../configure-kiosk-mode-shortdesc.md | 28 +++++++++++-------- ...rning-off-required-extensions-shortdesc.md | 23 +++++++-------- 4 files changed, 57 insertions(+), 44 deletions(-) diff --git a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md index 4992a19eab..1ecba430cb 100644 --- a/windows/client-management/includes/allow-search-engine-customization-shortdesc.md +++ b/windows/client-management/includes/allow-search-engine-customization-shortdesc.md @@ -1,11 +1,16 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, users can execute the following tasks in Settings: +- Add new search engines +- Change the default search engine + +With this policy, you can prevent users from customizing the search engine in the Microsoft Edge browser. diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md index f4a61c024c..873d33a2f0 100644 --- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md +++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md @@ -1,11 +1,12 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, users can set a default search engine in the Microsoft Edge browser, using the Set default search engine policy. With this policy, you can configure up to five more search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md index 0247b490e6..c76de7864b 100644 --- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md +++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md @@ -1,11 +1,17 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +For the Microsoft Edge browser, configure a behavior that is to be exhibited in kiosk mode with assigned access. This behavior configuration is for Microsoft Edge as a single-app or as one of many apps running on the kiosk device. + +You can facilitate the following functionalities in the Microsoft Edge browser: +- Execution of InPrivate full screen +- Execution of InPrivate multi-tab with a tailored experience for kiosks +- Provision for normal browsing diff --git a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md index 7264330137..b7331dd725 100644 --- a/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md +++ b/windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md @@ -1,11 +1,12 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +The Microsoft Edge browser allows users to uninstall extensions, by default. When the users work with extensions that come under a policy that is enabled, they can configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any extra permissions requested by future updates of the extension get granted automatically. If - at this stage - you disable the policy, the list of extension package family names (PFNs) defined in this policy get ignored. From 48f678b7cdb5a9f4da7617566e0dc4dc04e5348f Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 09:30:11 +0530 Subject: [PATCH 04/85] Update appv-create-a-package-accelerator-with-powershell.md --- .../appv-create-a-package-accelerator-with-powershell.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 79b713f591..2583a8e7d4 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). 2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +3. Ensure you have the .Apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. 4. Enter the **New-AppvPackageAccelerator** cmdlet. The following parameters are required to use the package accelerator cmdlet: - *InstalledFilesPath* specifies the application installation path. - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the .appv package. + - *InputPackagePath* specifies the path to the.appv package. - *Path* specifies the output directory for the package. - The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media: + The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: ```PowerShell New-AppvPackageAccelerator -InputPackagePath -Installer -Path @@ -46,6 +46,6 @@ App-V Package Accelerators automatically sequence large, complex applications. A -## Related topics +## Related articles - [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) From eafb51f24a0ea3c5d7f87d2992c2fbb77abf6858 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 11:36:05 +0530 Subject: [PATCH 05/85] Acrolinx score improvement effort --- .../includes/provision-favorites-shortdesc.md | 30 ++++++++++++------- .../introduction-page-file.md | 2 +- .../disconnecting-from-mdm-unenrollment.md | 21 ++++++------- 3 files changed, 31 insertions(+), 22 deletions(-) diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md index 30b9677f92..77281a67f6 100644 --- a/windows/client-management/includes/provision-favorites-shortdesc.md +++ b/windows/client-management/includes/provision-favorites-shortdesc.md @@ -1,11 +1,19 @@ ---- -author: dansimp -ms.author: dansimp -ms.date: 10/02/2018 -ms.reviewer: -audience: itpro manager: dansimp -ms.prod: edge -ms.topic: include ---- - -By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. +--- +author: dansimp +ms.author: dansimp +ms.date: 10/02/2018 +ms.reviewer: +audience: itpro +manager: dansimp +ms.prod: edge +ms.topic: include +--- + +By default, you can customize the Favorites list in the Microsoft Edge browser. Whatever you customize becomes the standard list. + +> [!NOTE] +> The standard list of favorites can include folders. + +The favorites that you add also become part of this standard list. + +Once your customized Favorites list appears in the Microsoft Edge browser, you cannot customize it again, such as adding folders for organizing, and adding or removing any of the favorites configured. diff --git a/windows/client-management/introduction-page-file.md b/windows/client-management/introduction-page-file.md index 329d185fad..be5ce9c487 100644 --- a/windows/client-management/introduction-page-file.md +++ b/windows/client-management/introduction-page-file.md @@ -35,7 +35,7 @@ For example, the following Windows servers require page files: - Certificate servers - ADAM/LDS servers -This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory. +This requirement is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE for Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to ensure that the database cache can release memory if other services or applications request memory. For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed". diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index a9e4996ee9..f238066bb2 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -1,6 +1,6 @@ --- title: Disconnecting from the management infrastructure (unenrollment) -description: Disconnecting may be initiated either locally by the user from the phone or remotely by the IT admin using management server. +description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server. MS-HAID: - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_' - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment' @@ -18,15 +18,16 @@ ms.date: 06/26/2017 # Disconnecting from the management infrastructure (unenrollment) -Disconnecting may be initiated either locally by the user from the phone or remotely by the IT admin using management server. User-initiated disconnection is performed much like the initial connection, and it is initiated from the same location in the Setting Control Panel as creating the workplace account. Users may choose to disconnect for any number of reasons, including leaving the company or getting a new device and no longer needing access to their LOB apps on the old device. When an administrator initiates a disconnection, the enrollment client performs the disconnection during its next regular maintenance session. Administrators may choose to disconnect a user’s device after they’ve left the company or because the device is regularly failing to comply with the organization’s security settings policy. +The Disconnecting process is done either locally by the user who uses a phone or remotely by the IT administrator using management server. The user-initiated disconnection process is similar to the initial connection, wherein its initiation is from the same location in the Setting Control Panel as creating the workplace account. +The users choose to disconnect for any number of reasons, such as the ones described below: leaving the company or getting a new device or not needing access to their LOB apps on the old device, anymore. When an IT administrator initiates a disconnection, the enrollment client performs the disconnection during the next regular maintenance session. Administrators choose to disconnect users' device after they’ve left the company or because the device is regularly failing to comply with the organization’s security settings policy. -During disconnection, the client does the following: +During disconnection, the client executes the following tasks: - Removes the enterprise application token that allowed installing and running LOB apps. Any business applications associated with this enterprise token are removed as well. - Removes certificates that are configured by MDM server. -- Ceases enforcement of the settings policies that the management infrastructure has applied. +- Ceases enforcement of the settings policies applied by the management infrastructure. - Removes the device management client configuration and other setting configuration added by MDM server, including the scheduled maintenance task. The client remains dormant unless the user reconnects it to the management infrastructure. -- Reports successful initiated disassociation to the management infrastructure if the admin initiated the process. Note that in Windows, user-initiated disassociation is reported to the server as a best effort. +- Reports successfully initiated disassociation to the management infrastructure if the admin initiated the process. In Windows, a user-initiated disassociation is reported to the server as a best effort. ## In this topic @@ -40,7 +41,7 @@ During disconnection, the client does the following: ## User-initiated disconnection -In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will send a notification to the MDM server notifying that the server the account will be removed. This is a best effort action as no retry is built-in to ensure the notification is successfully sent to the device. +In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This is a best-effort action as no retry is built-in to ensure the notification is successfully sent to the device. This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work. @@ -126,7 +127,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device. -You can only use the Work Access page to unenroll under the following conditions: +You can only use the Work Access page to un-enroll under the following conditions: - Enrollment was done using bulk enrollment. - Enrollment was created using the Work Access page. @@ -135,11 +136,11 @@ You can only use the Work Access page to unenroll under the following conditions ## Unenrollment from Azure Active Directory Join -When a user is enrolled into MDM through Azure Active Directory Join and then disconnects the enrollment, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data. +When a user is enrolled into MDM through Azure Active Directory Join and later, the enrollment disconnects, there is no warning that the user will lose Windows Information Protection (WIP) data. The disconnection message does not indicate the loss of WIP data. ![aadj unenerollment.](images/azure-ad-unenrollment.png) -When a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be re-imaged. When devices are remotely unenrolled from MDM, the AAD association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state. +At the time a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state. Before remotely unenrolling corporate devices, you must ensure that there is at least one admin user on the device that is not part of the Azure tenant, otherwise the device will not have any admin user after the operation. @@ -148,7 +149,7 @@ In mobile devices, remote unenrollment for Azure Active Directory Joined devices ## IT admin–requested disconnection -The server requests an enterprise management disconnection request by issuing an Exec OMA DM SyncML XML command to the device using the DMClient configuration service provider’s Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DM client configuration topic. +The server requests an enterprise management disconnection by issuing an Exec OMA DM SyncML XML command to the device, using the DMClient configuration service provider’s Unenroll node during the next client-initiated DM session. The Data tag inside the Exec command should be the value of the provisioned DM server ProviderID. For more information, see the Enterprise-specific DMClient configuration topic. When the disconnection is completed, the user is notified that the device has been disconnected from enterprise management. From 19fd32f7c2c4ef4985892877f97e062822083e4c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 14:26:25 +0530 Subject: [PATCH 06/85] Acrolinx score --- .../mdm/disconnecting-from-mdm-unenrollment.md | 8 ++++---- .../mdm/enrollmentstatustracking-csp.md | 8 ++++---- .../mdm/esim-enterprise-management.md | 8 ++++---- .../mdm/policy-csp-admx-sdiageng.md | 4 ++-- .../mdm/policy-csp-servicecontrolmanager.md | 2 +- .../mdm/push-notification-windows-mdm.md | 8 ++++---- .../client-management/mdm/tenantlockdown-csp.md | 12 ++++++------ windows/client-management/mdm/tpmpolicy-csp.md | 14 +++++++------- 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md index f238066bb2..f3e3c24cf9 100644 --- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md +++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md @@ -41,12 +41,12 @@ During disconnection, the client executes the following tasks: ## User-initiated disconnection -In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This is a best-effort action as no retry is built-in to ensure the notification is successfully sent to the device. +In Windows, after the user confirms the account deletion command and before the account is deleted, the MDM client will notify to the MDM server that the account will be removed. This notification is a best-effort action as no retry is built-in to ensure the notification is successfully sent to the device. This action utilizes the OMA DM generic alert 1226 function to send a user an MDM unenrollment user alert to the MDM server after the device accepts the user unenrollment request, but before it deletes any enterprise data. The server should set the expectation that unenrollment may succeed or fail, and the server can check whether the device is unenrolled by either checking whether the device calls back at scheduled time or by sending a push notification to the device to see whether it responds back. If the server plans to send a push notification, it should allow for some delay to give the device the time to complete the unenrollment work. > [!NOTE] -> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, refer to the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/). +> The user unenrollment is an OMA DM standard. For more information about the 1226 generic alert, see the OMA Device Management Protocol specification (OMA-TS-DM\_Protocol-V1\_2\_1-20080617-A), available from the [OMA website](https://www.openmobilealliance.org/release/DM/V1_1_2-20031209-A/).   The vendor uses the Type attribute to specify what type of generic alert it is. For device initiated MDM unenrollment, the alert type is **com.microsoft:mdm.unenrollment.userrequest**. @@ -127,7 +127,7 @@ When the server initiates disconnection, all undergoing sessions for the enrollm If the user is enrolled into MDM using an Azure Active Directory (AAD Join or by adding a Microsoft work account), the MDM account will show up under the Work Access page. However, the **Disconnect** button is greyed out and not accessible. Users can remove that MDM account by removing the AAD association to the device. -You can only use the Work Access page to un-enroll under the following conditions: +You can only use the Work Access page to unenroll under the following conditions: - Enrollment was done using bulk enrollment. - Enrollment was created using the Work Access page. @@ -140,7 +140,7 @@ When a user is enrolled into MDM through Azure Active Directory Join and later, ![aadj unenerollment.](images/azure-ad-unenrollment.png) -At the time a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state. +During the process in which a device is enrolled into MDM through Azure Active Directory Join and then remotely unenrolled, the device may get into a state where it must be reimaged. When devices are remotely unenrolled from MDM, the Azure Active Directory association is also removed. This safeguard is in place to avoid leaving the corporated devices in unmanaged state. Before remotely unenrolling corporate devices, you must ensure that there is at least one admin user on the device that is not part of the Azure tenant, otherwise the device will not have any admin user after the operation. diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md index 3b4e865ccb..6cf9e1ad93 100644 --- a/windows/client-management/mdm/enrollmentstatustracking-csp.md +++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md @@ -1,6 +1,6 @@ --- title: EnrollmentStatusTracking CSP -description: Learn how to perform a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations. +description: Learn how to execute a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -11,14 +11,14 @@ ms.date: 05/21/2019 # EnrollmentStatusTracking CSP -During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device use until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar to configure ESP for blocking the device use until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status). +During Autopilot deployment, you can configure the Enrollment Status Page (ESP) to block the device usage until the required apps are installed. You can select the apps that must be installed before using the device. The EnrollmentStatusTracking configuration service provider (CSP) is used by Intune's agents, such as SideCar, to configure ESP for blocking the device usage until the required Win32 apps are installed. It tracks the installation status of the required policy providers and the apps they install and sends it to ESP, which displays the installation progress message to the user. For more information on ESP, see [Windows Autopilot Enrollment Status page](/windows/deployment/windows-autopilot/enrollment-status). -ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. See [DMClient CSP](dmclient-csp.md) for more information. +ESP uses the EnrollmentStatusTracking CSP along with the DMClient CSP to track the installation of different apps. The EnrollmentStatusTracking CSP tracks Win32 apps installations and DMClient CSP tracks MSI and Universal Windows Platform apps installations. In DMClient CSP, the **FirstSyncStatus/ExpectedMSIAppPackages** and **FirstSyncStatus/ExpectedModernAppPackages** nodes list the apps to track their installation. For more information, see [DMClient CSP](dmclient-csp.md). The EnrollmentStatusTracking CSP was added in Windows 10, version 1903. -The following shows the EnrollmentStatusTracking CSP in tree format. +The following example shows the EnrollmentStatusTracking CSP in tree format. ``` ./User/Vendor/MSFT EnrollmentStatusTracking diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md index f1dd261229..f3e01980bb 100644 --- a/windows/client-management/mdm/esim-enterprise-management.md +++ b/windows/client-management/mdm/esim-enterprise-management.md @@ -12,12 +12,12 @@ ms.topic: conceptual --- # How Mobile Device Management Providers support eSIM Management on Windows -The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management. +The eSIM Profile Management Solution places the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already-existing solution that customers are familiar with and use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management. If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps: - Onboard to Azure Active Directory -- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding as well as mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include: - - [HPE’s Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html) - - [IDEMIA’s The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub) +- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this capability to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Windows OMA-DM. This characteristic makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding and as a mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include: + - [HPE Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html) + - [IDEMIA The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub) - Assess solution type that you would like to provide your customers - Batch/offline solution - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices. diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md index d2b7755488..5b902e0ec5 100644 --- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md +++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md @@ -66,7 +66,7 @@ manager: dansimp -This policy setting allows users who are connected to the Internet to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" +This policy setting allows Internet-connected users to access and search troubleshooting content that is hosted on Microsoft content servers. Users can access online troubleshooting content from within the Troubleshooting Control Panel UI by clicking "Yes" when they are prompted by a message that states, "Do you want the most up-to-date troubleshooting content?" If you enable or do not configure this policy setting, users who are connected to the Internet can access and search troubleshooting content that is hosted on Microsoft content servers from within the Troubleshooting Control Panel user interface. @@ -116,7 +116,7 @@ This policy setting allows users to access and run the troubleshooting tools tha If you enable or do not configure this policy setting, users can access and run the troubleshooting tools from the Troubleshooting Control Panel. -If you disable this policy setting, users cannot access or run the troubleshooting tools from the Control Panel. +If this policy setting is disabled, the users cannot access or run the troubleshooting tools from the Control Panel. >[!Note] >This setting also controls a user's ability to launch standalone troubleshooting packs such as those found in .diagcab files. diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md index f8b22ff8c3..5b40aa9385 100644 --- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md +++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md @@ -58,7 +58,7 @@ This policy setting enables process mitigation options on svchost.exe processes. If you enable this policy setting, built-in system services hosted in svchost.exe processes will have stricter security policies enabled on them. -This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, and a policy disallowing dynamically generated code. +These stricter security policies include a policy requiring all binaries loaded in these processes to be signed by Microsoft, and a policy disallowing dynamically generated code. > [!IMPORTANT] > Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software). diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 13294f3ce5..0b8ad9e938 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -18,17 +18,17 @@ ms.date: 09/22/2017 # Push notification support for device management -The [DMClient CSP](dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](/previous-versions/windows/apps/hh913756(v=win.10)), a management server can request a device to establish a management session with the server through a push notification. A device is configured to support push by the management server by providing the device with a PFN for an application. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting). +The [DMClient CSP](dmclient-csp.md) supports the ability to configure push-initiated device management sessions. Using the [Windows Notification Services (WNS)](/previous-versions/windows/apps/hh913756(v=win.10)), a management server can request a device to establish a management session with the server through a push notification. A device is provided with a PFN for an application. This provision results in the device getting configured, to support a push to it by the management server. Once the device is configured, it registers a persistent connection with the WNS cloud (Battery Sense and Data Sense conditions permitting). -To initiate a device management session, the management server must first authenticate with WNS using its SID and client secret. Once authenticated, the server receives a token that it can use to initiate a raw push notification for any ChannelURI. When the management server wants to initiate a device management session with a device, it can utilize its token and the device ChannelURI and begin communicating with the device. +To initiate a device management session, the management server must first authenticate with WNS using its SID and client secret. Once authenticated, the server receives a token to initiate a raw push notification for any ChannelURI. When the management server wants to initiate a management session with a device, it can utilize the token and the device ChannelURI, and begin communicating with the device. For more information about how to get push credentials (SID and client secret) and PFN to use in WNS, see [Get WNS credentials and PFN for MDM push notification](#get-wns-credentials-and-pfn-for-mdm-push-notification). Because a device may not always be connected to the internet, WNS supports caching notifications for delivery to the device once it reconnects. To ensure your notification is cached for delivery, set the X-WNS-Cache-Policy header to Cache. Additionally, if the server wants to send a time-bound raw push notification, the server can use the X-WNS-TTL header that will provide WNS with a time-to-live binding so that the notification will expire after the time has passed. For more information, see [Raw notification overview (Windows Runtime apps)](/previous-versions/windows/apps/jj676791(v=win.10)). -Note the following restrictions related to push notifications and WNS: +The following restrictions are related to push notifications and WNS: -- Push for device management uses raw push notifications. This means that these raw push notifications do not support or utilize push notification payloads. +- Push for device management uses raw push notifications. This restriction means that these raw push notifications do not support or utilize push notification payloads. - Receipt of push notifications are sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated. - A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It is strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server will not attempt to use a ChannelURI that has expired. - Push is not a replacement for having a polling schedule. diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index 52db501db8..af816d6d88 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -16,12 +16,12 @@ manager: dansimp > [!WARNING] > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here. This CSP was added in Windows 10, version 1809. -The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant in case of accidental or intentional resets or wipes. +The TenantLockdown configuration service provider is used by the IT admin to lock a device to a tenant, which ensures that the device remains bound to the tenant if accidental or intentional resets or wipes occur. > [!NOTE] > The forced network connection is only applicable to devices after reset (not new). -The following shows the TenantLockdown configuration service provider in tree format. +The following example shows the TenantLockdown configuration service provider in tree format. ``` ./Vendor/MSFT TenantLockdown @@ -31,13 +31,13 @@ TenantLockdown The root node. **RequireNetworkInOOBE** -Specifies whether to require a network connection during the out-of-box experience (OOBE) at first logon. +Specifies whether to require a network connection during the out-of-box experience (OOBE) at first sign in. -When RequireNetworkInOOBE is true, when the device goes through OOBE at first logon or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option. +When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option. Value type is bool. Supported operations are Get and Replace. -- true - Require network in OOBE -- false - No network connection requirement in OOBE +- True - Require network in OOBE +- False - No network connection requirement in OOBE Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account. diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 6c01205868..0c7915fe7c 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -1,6 +1,6 @@ --- title: TPMPolicy CSP -description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. +description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -14,11 +14,11 @@ manager: dansimp # TPMPolicy CSP -The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. +The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on) from Windows and inbox applications to public IP addresses, unless directly intended by the user. This definition allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. The TPMPolicy CSP was added in Windows 10, version 1703. -The following shows the TPMPolicy configuration service provider in tree format. +The following example shows the TPMPolicy configuration service provider in tree format. ``` ./Vendor/MSFT TPMPolicy @@ -28,13 +28,13 @@ TPMPolicy

Defines the root node.

**IsActiveZeroExhaust** -

Boolean value that indicates whether network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). Default value is false. Some examples when zero exhaust is configured:

+

Boolean value that indicates that network traffic from the device to public IP addresses is not allowed unless directly intended by the user (zero exhaust). The default value is false. Examples of zero-exhaust configuration and the conditions it requires are described below:

  • There should be no traffic when machine is on idle. When the user is not interacting with the system/device, no traffic is expected.
    • -
  • There should be no traffic during installation of Windows and first logon when local ID is used.
    • -
  • Launching and using a local app (Notepad, Paint, and so on.) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, and so on.) should not send any traffic.
    • -
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, and so on.) to Microsoft.
    • +
  • There should be no traffic during installation of Windows and first sign in when local ID is used.
    • +
  • Launching and using a local app (Notepad, Paint, and so on) should not send any traffic. Similarly, performing common tasks (clicking on start menu, browsing folders, and so on.) should not send any traffic.
    • +
  • Launching and using Internet enabled apps should not send any unexpected traffic (for maintenance, diagnostic data, and so on) to Microsoft.
Here is an example: From fb92af87d79051b0c9ff2809e3521e0ecb405756 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 14:49:27 +0530 Subject: [PATCH 07/85] Update appv-create-a-package-accelerator-with-powershell.md --- .../appv-create-a-package-accelerator-with-powershell.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 13e617e6bf..6c752ffbf6 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). 2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Ensure you have the .apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +3. Ensure there's the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. 4. Enter the **New-AppvPackageAccelerator** cmdlet. The following parameters are required to use the package accelerator cmdlet: - *InstalledFilesPath* specifies the application installation path. - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the.appv package. + - *InputPackagePath* specifies the path to the .appv package. - *Path* specifies the output directory for the package. - The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: + The following example cmdlet shows how you can create a package accelerator with the .appv package and the installation media: ```PowerShell New-AppvPackageAccelerator -InputPackagePath -Installer -Path From b5fc4de8c076a943adb3cff1959663a4a5576a7b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 14:56:02 +0530 Subject: [PATCH 08/85] Update appv-create-a-package-accelerator-with-powershell.md --- .../appv-create-a-package-accelerator-with-powershell.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 6c752ffbf6..645ed56d14 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). 2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Ensure there's the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +3. Ensure there's the App-V package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. 4. Enter the **New-AppvPackageAccelerator** cmdlet. The following parameters are required to use the package accelerator cmdlet: - *InstalledFilesPath* specifies the application installation path. - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the .appv package. + - *InputPackagePath* specifies the path to the App-V package. - *Path* specifies the output directory for the package. - The following example cmdlet shows how you can create a package accelerator with the .appv package and the installation media: + The following example cmdlet shows how you can create a package accelerator with the App-V package and the installation media: ```PowerShell New-AppvPackageAccelerator -InputPackagePath -Installer -Path From eca7661e5574728be0d2cfc797d463b7b0153fc5 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Mon, 17 Jan 2022 15:04:29 +0530 Subject: [PATCH 09/85] Delete appv-create-a-package-accelerator-with-powershell.md --- ...e-a-package-accelerator-with-powershell.md | 51 ------------------- 1 file changed, 51 deletions(-) delete mode 100644 windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md deleted file mode 100644 index 2583a8e7d4..0000000000 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ /dev/null @@ -1,51 +0,0 @@ ---- -title: How to create a package accelerator by using Windows PowerShell (Windows 10/11) -description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications. -author: greg-lindsay -ms.pagetype: mdop, appcompat, virtualization -ms.mktglfcycl: deploy -ms.sitesec: library -ms.prod: w10 -ms.date: 07/10/2018 -ms.reviewer: -manager: dansimp -ms.author: greglin -ms.topic: article ---- -# How to create a package accelerator by using Windows PowerShell - -[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)] - -App-V Package Accelerators automatically sequence large, complex applications. Also, when you apply an App-V Package Accelerator, you don't have to manually install an application to create the virtualized package. - -## Create a package accelerator - -1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). -2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Ensure you have the .Apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. -4. Enter the **New-AppvPackageAccelerator** cmdlet. - - The following parameters are required to use the package accelerator cmdlet: - - - *InstalledFilesPath* specifies the application installation path. - - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the.appv package. - - *Path* specifies the output directory for the package. - - The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: - - ```PowerShell - New-AppvPackageAccelerator -InputPackagePath -Installer -Path - ``` - - You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet: - - - *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator. - - - - - -## Related articles - -- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) From 4f4395f6830fb2decab21853dbd87492d91b8b21 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Wed, 19 Jan 2022 22:51:05 +0530 Subject: [PATCH 10/85] Acrolinx score enhancement --- ...compatibility-administrator-users-guide.md | 4 +- ...se-management-strategies-and-deployment.md | 43 ++++++++------- ...ection-considerations-for-windows-to-go.md | 6 +-- .../deployment/planning/sua-users-guide.md | 2 +- .../using-the-sdbinstexe-command-line-tool.md | 4 +- .../planning/using-the-sua-wizard.md | 6 +-- .../planning/windows-10-compatibility.md | 10 ++-- .../windows-10-infrastructure-requirements.md | 15 +++--- ...ndows-to-go-frequently-asked-questions.yml | 4 +- .../deployment/update/plan-define-strategy.md | 4 +- .../usmt/understanding-migration-xml-files.md | 4 +- .../usmt-estimate-migration-store-size.md | 20 +++---- .../usmt/usmt-hard-link-migration-store.md | 12 ++--- ...usmt-identify-operating-system-settings.md | 16 +++--- .../deployment/usmt/usmt-scanstate-syntax.md | 8 +-- .../deployment/usmt/xml-file-requirements.md | 8 +-- ...t-to-microsoft-during-activation-client.md | 4 +- .../volume-activation/introduction-vamt.md | 12 ++--- .../manage-activations-vamt.md | 6 +-- .../scenario-proxy-activation-vamt.md | 14 ++--- .../volume-activation/vamt-step-by-step.md | 4 +- .../windows-deployment-scenarios-and-tools.md | 52 +++++++++---------- 22 files changed, 132 insertions(+), 126 deletions(-) diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index f0d03186b1..e2e505838d 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -27,7 +27,7 @@ ms.custom: seo-marvel-mar2020 - Windows Server 2012 - Windows Server 2008 R2 -The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides the following: +The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides: - Compatibility fixes, compatibility modes, and AppHelp messages that you can use to resolve specific compatibility issues. @@ -48,4 +48,4 @@ The following flowchart shows the steps for using the Compatibility Administrato |--- |--- | |[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)|This section provides information about using the Compatibility Administrator tool.| |[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)|This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.| -|[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)|You must deploy your customized database (.Sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. Including, by using a logon script, by using Group Policy, or by performing file copy operations.| \ No newline at end of file +|[Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md)|Ensure that you deploy your customized database (.Sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including, by using a logon script, by using Group Policy, or by performing file copy operations.| \ No newline at end of file diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 18f52b5803..fae3bcf0a8 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. +description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -28,40 +28,43 @@ ms.custom: seo-marvel-mar2020 - Windows Server 2012 - Windows Server 2008 R2 -After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches: +To use fixes in application-compatibility mitigation strategy, define a strategy to manage your custom compatibility-fix database. Typically, you can use one of the two following approaches: - Deploying your compatibility fixes as part of an application-installation package. - Deploying your compatibility fixes through a centralized compatibility-fix database. -Regardless of which approach you decide to use in your organization, Microsoft provides the following general recommendations for improving the management of your custom compatibility-fix databases: +Microsoft provides general recommends the following remedies for improving the management of your custom compatibility-fix databases. -- **Define standards for when you will apply compatibility fixes.** +> [!NOTE] +> These recommendations are not based on irrespective of the approach you decide to use. The following are the general recommendations. - You must define the standards and scenarios for using compatibility fixes, based on your specific business and technology needs. +- **Define standards for when you will apply compatibility fixes** -- **Define standards for your custom compatibility-fix databases.** + Ensure that the standards and scenarios for using compatibility fixes are defined, based on your specific business and technology needs. - You must define how to associate your compatibility fixes to particular applications. For example, you might want to ensure that your compatibility fixes always include a version check, so that a fix will not be applied to newer versions of your applications. +- **Define standards for your custom compatibility-fix databases** -- **Define your resources responsible for addressing questions and enforcing your standards.** + Compatibility fixes must include a version check, so that mapping to particular applications becomes easy. Ensure that your compatibility fixes always, so that the fix won't be applied to newer versions of your applications. - You must determine who will be responsible for staying current with the technology and standards related to your compatibility fixes and custom compatibility-fix databases. As your databases are managed over time, you must ensure that someone in your organization stays current with the relevant technology. +- **Define your resources responsible for addressing questions and enforcing your standards** + + Ensure you determine who will be responsible for staying current with the technology and standards that are related to your compatibility fixes and custom compatibility-fix databases. As your databases are managed over time, you must ensure that someone in your organization stays current with the relevant technology. ## Strategies for Deploying Your Compatibility Fixes -We recommend that you use one of two strategies to deploy your compatibility fixes into your organization. They are: +We recommend the usage of one of the two strategies to deploy your compatibility fixes into your organization. They are: - Deploying your compatibility fixes as part of an application-installation package. - Deploying your compatibility fixes through a centralized compatibility-fix database. -You must determine which method best meets your organization's deployment needs. +Determine which method best meets your organization's deployment needs. ### Deploying Fixes as Part of an Application-Installation Package -One strategy for deploying compatibility fixes is to create a custom compatibility-fix database that contains a single entry that is applied directly to the application-installation package. While this is the most straightforward method of deployment, it has been shown that this method can become overly complex, especially if you are fixing a large number of applications. +One strategy to deploy compatibility fixes is to create a custom compatibility-fix database that contains a single entry that is applied directly to the application-installation package. While this is the most straightforward method of deployment, it has been shown that this method can become overly complex, especially if you are fixing a large number of applications. If the following considerations apply to your organization, you should avoid this strategy and instead consider using a centralized compatibility-fix database, as described in the next section. @@ -114,7 +117,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. +1. Store your custom compatibility-fix database (.sib file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -122,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th - **Using a Windows Installer package and a custom script** - You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. + You can package your .sib file and a custom deployment script into a file with the .msi extension, and then deploy the .msi file into your organization. > [!IMPORTANT] > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: @@ -131,16 +134,16 @@ In order to meet the two requirements above, we recommend that you use one of th - **Using a network share and a custom script** -You can store your .sdb file on your network share and then call to a script that resides on your specified computers. +You can store the .sib file on your network share, and then call to a script available on your specified computers. > [!IMPORTANT] -> You must ensure that you call the script at a time when it will receive elevated rights. For example, you should call the script by using computer startup scripts instead of a user logon script. You must also ensure that the installation of the custom compatibility-fix database occurs with Administrator rights. +> Ensure that you call the script at a time when it can receive elevated rights. For example, you should call the script by using computer startup scripts instead of a user logon script. You must also ensure that the installation of the custom compatibility-fix database occurs with Administrator rights. -### Example Script for an Installation of the .sdb File based on an .msi File +### Example Script for installation of .sib File based on .msi File -The following examples show an installation of a custom compatibility-fix database based on an .msi file. +The following examples show an installation of a custom compatibility-fix database based on a .msi file. ``` 'InstallSDB.vbs @@ -161,7 +164,7 @@ End Function ### Initial Deployment and Updates -Most of your testing of application-compatibility issues will happen prior to the deployment of a new Windows operating system into your environment. As such, a common approach is to include the custom compatibility-fix database, which includes all of your known issues, in your corporate image. Then, as you update your compatibility-fix database, you can provide the updates by using one of the two mechanisms described in the "Deploying Your Custom Compatibility Fix Databases" section earlier in this topic. +Application-compatibility is tested, from which issues are reported, even before a new Windows operating system is deployed. To handle these issues, include the custom compatibility-fix database, which includes all of your known issues, in your corporate image. Later, update your compatibility-fix database; provide the updates by using one of the two mechanisms that are described in the "Deploying Your Custom Compatibility Fix Databases" section. -## Related topics +## Related articles [Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md) diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index cf91886a29..a40bab3ece 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -53,20 +53,20 @@ If you are using a host computer running Windows 7 that has BitLocker enabled, We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an Auto-Play prompt will not be displayed to the user. This reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. -To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. +To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)). ## Security certifications for Windows To Go -Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider’s specific hardware environment. For more information about Windows security certifications, see the following topics. +Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider’s specific hardware environment. For more information about Windows security certifications, see the following articles. - [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria) - [FIPS 140 Evaluation](/windows/security/threat-protection/fips-140-validation) -## Related topics +## Related articles [Windows To Go: feature overview](windows-to-go-overview.md) diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index d3fad3aced..83926ee905 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -32,7 +32,7 @@ You can use Standard User Analyzer (SUA) to test your applications and monitor A You can use SUA in either of the following ways: -- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for additional analysis. +- **Standard User Analyzer Wizard.** A wizard that guides you through a step-by-step process to locate and fix issues, without options for more analysis. - **Standard User Analyzer Tool.** A full-function tool in which you can perform in-depth analysis and fix issues. diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index 3369ff0c1e..46307344ea 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -28,7 +28,7 @@ ms.topic: article - Windows Server 2012 - Windows Server 2008 R2 -You must deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations. +Deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations. After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application. @@ -69,6 +69,6 @@ The following table describes the available command-line options. |-g *GUID*|Specifies the customized database to uninstall by a globally unique identifier (GUID).

For example,
`sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3`| |-n *"name"*|Specifies the customized database to uninstall by file name.

For example,
`sdbinst.exe -n "My_Database"`| -## Related topics +## Related articles [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index 4ee4675b0d..bcbda77946 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -42,7 +42,7 @@ The following flowchart shows the process of using the SUA Wizard. **To test an application by using the SUA Wizard** -1. On the computer where the SUA Wizard is installed, log on by using a non-administrator account. +1. On the computer where the SUA Wizard is installed, sign in by using a non-administrator account. 2. Run the Standard User Analyzer Wizard. @@ -76,9 +76,9 @@ The following flowchart shows the process of using the SUA Wizard. The SUA Wizard closes the issue as resolved on the local computer. - If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer additional remedies. If the additional remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md). + If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md). -## Related topics +## Related articles [SUA User's Guide](sua-users-guide.md)   diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md index 1689fef566..1544a8ad6a 100644 --- a/windows/deployment/planning/windows-10-compatibility.md +++ b/windows/deployment/planning/windows-10-compatibility.md @@ -27,7 +27,7 @@ Windows 10 will be compatible with most existing PC hardware; most devices runn For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10. -Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues. +Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Those applications that interface with Windows at a low level, those applications that use undocumented APIs, or those that do not follow recommended coding practices could experience issues. Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store. @@ -36,13 +36,13 @@ For web apps and sites, modern HTML5-based sites should also have a high degree ## Recommended application testing process -Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to leverage more optimized testing processes, which reflects the higher levels of compatibility that are expected. At a high level: +Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level: -- Identify mission-critical applications and websites, those that are absolutely essential to the organization’s operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release. +- Identify mission-critical applications and websites, those applications and websites that are essential to the organization’s operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release. -- For less critical applications, leverage an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines. +- For less critical applications, apply an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines. -## Related topics +## Related articles [Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md) diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md index 005813b401..b10e9e5164 100644 --- a/windows/deployment/planning/windows-10-infrastructure-requirements.md +++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md @@ -1,6 +1,6 @@ --- title: Windows 10 infrastructure requirements (Windows 10) -description: Review the specific infrastructure requirements to deploy and manage Windows 10, prior to significant Windows 10 deployments within your organization. +description: Review the infrastructure requirements for deployment and management of Windows 10, prior to significant Windows 10 deployments within your organization. ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64 ms.reviewer: manager: laurawi @@ -22,11 +22,11 @@ ms.topic: article - Windows 10 -There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. +There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place. ## High-level requirements -For initial Windows 10 deployments, as well as subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. +For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage. For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.) @@ -72,7 +72,10 @@ Windows Server Update Services (WSUS) requires some additional configuration to WSUS product list with Windows 10 choices -Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.) +Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's update. Consider using “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)) for more information. + +> [!NOTE] +> The usage of "express installation" packages will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS. ## Activation @@ -93,9 +96,9 @@ Additionally, new product keys will be needed for all types of volume license ac - For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key. - For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.) -Note that Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. +Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both. -## Related topics +## Related articles [Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)
[Windows 10 deployment considerations](windows-10-deployment-considerations.md)
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index 408bcd13d0..a912d623b5 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -56,7 +56,7 @@ summary: | - [Why can't I enable BitLocker from Windows To Go Creator?](#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-) - - [What power states does Windows To Go support?](#what-power-states-does-windows-to-go-support-) + - [What power states do Windows To Go support?](#what-power-states-does-windows-to-go-support-) - [Why is hibernation disabled in Windows To Go?](#why-is-hibernation-disabled-in-windows-to-go-) @@ -120,7 +120,7 @@ sections: - question: | Does Windows To Go rely on virtualization? answer: | - No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It is just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. + No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure. - question: | Who should use Windows To Go? diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md index 289cffc216..4ae3eb751c 100644 --- a/windows/deployment/update/plan-define-strategy.md +++ b/windows/deployment/update/plan-define-strategy.md @@ -21,7 +21,7 @@ ms.collection: m365initiative-coredeploy Traditionally, organizations treated the deployment of operating system updates (especially feature updates) as a discrete project that had a beginning, a middle, and an end. A release was "built" (usually in the form of an image) and then distributed to users and their devices. -Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an additional 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. +Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an extra 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release. Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly. @@ -41,6 +41,6 @@ This cadence might be most suitable for you if any of these conditions apply: - You want to wait and see how successful other companies are at adopting a Windows 10 feature update. -- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get additional servicing for Windows 10 (30 months of servicing compared to 18 months). +- You want to go quickly with feature updates, and want the ability to skip a feature update while keeping Windows 10 serviced in case business priorities change. Aligning to the Windows 10 feature update released in the second half of each calendar year, you get extra servicing for Windows 10 (30 months of servicing compared to 18 months). diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md index f6a8ab4221..4c54794786 100644 --- a/windows/deployment/usmt/understanding-migration-xml-files.md +++ b/windows/deployment/usmt/understanding-migration-xml-files.md @@ -168,14 +168,14 @@ The default MigUser.xml file does not migrate the following: - ACLS for files in folders outside the user profile. -You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. +You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer. > [!NOTE] > Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document. ## Using multiple XML files -You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with additional migration rules. +You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with more migration rules. |XML migration file|Modifies the following components:| |--- |--- | diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md index 51ea6051cb..7d7d97e2cd 100644 --- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md +++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md @@ -24,7 +24,7 @@ The disk space requirements for a migration are dependent on the size of the mig - [Hard Disk Space Requirements](#bkmk-spacereqs). Describes the disk space requirements for the migration store and other considerations on the source and destination computers. -- [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how big the migration store will be on a particular computer. +- [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer. - [Estimate Migration Store Size](#bkmk-estmigstoresize). Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure. @@ -35,13 +35,13 @@ The disk space requirements for a migration are dependent on the size of the mig - **Source Computer.** The source computer needs enough available space for the following: - - [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. Provided that every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available. + - [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available. - - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool. + - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool. - - [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be quite large is when non-NTFS file systems exist on the system and contain data being migrated. + - [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be large is when non-NTFS file systems exist on the system and contain data being migrated. -- [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following: +- [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following components: - [Operating system.](#bkmk-estmigstoresize) @@ -49,12 +49,12 @@ The disk space requirements for a migration are dependent on the size of the mig - [Data being migrated.](#bkmk-estmigstoresize) It is important to consider that in addition to the files being migrated, registry information will also require hard disk space for storage. - - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Additional disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool. + - [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool. ## Calculate Disk Space Requirements using the ScanState Tool -You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day to day use so it is recommended that you use the calculations as an estimate when planning your migration. +You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day-to-day use so it is recommended that you use the calculations as an estimate when planning your migration. **To run the ScanState tool on the source computer with USMT installed,** @@ -82,7 +82,7 @@ You can use the ScanState tool to calculate the disk space requirements for a pa The migration store will not be created by running this command, but `StorePath` is a required parameter. -The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). +The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md). **Note**   To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *<path to a file>* is still available in USMT. @@ -108,7 +108,7 @@ Additionally, USMT performs a compliance check for a required minimum of 250 MB ## Estimate Migration Store Size -Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate these is to survey several computers to arrive at an average for the size of the store that you will need. +Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you will need. The amount of space that is required in the store will vary, depending on the local storage strategies your organization uses. For example, one key element that determines the size of migration data sets is e-mail storage. If e-mail is stored centrally, data sets will be smaller. If e-mail is stored locally, such as offline-storage files, data sets will be larger. Mobile users will typically have larger data sets than workstation users. You should perform tests and inventory the network to determine the average data set size in your organization. @@ -123,7 +123,7 @@ When trying to determine how much disk space you will need, consider the followi - **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You do not need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration. -- **User system settings** Five megabytes is usually adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB. +- **User system settings** Five megabytes is adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB. ## Related topics diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md index 02c53344c8..9bb6d2ba32 100644 --- a/windows/deployment/usmt/usmt-hard-link-migration-store.md +++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md @@ -16,7 +16,7 @@ ms.topic: article # Hard-Link Migration Store -A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this is why it is best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. +A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this functionality is what makes *hard-link migration store* best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios. ## In this topic @@ -50,7 +50,7 @@ You can use a hard-link migration store when your planned migration meets both o - You are upgrading the operating system on the same volume of the computer. -You cannot use a hard-link migration store if your planned migration includes any of the following: +You cannot use a hard-link migration store if your planned migration includes any of the following tasks: - You are migrating data from one computer to a second computer. @@ -62,7 +62,7 @@ You cannot use a hard-link migration store if your planned migration includes an The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario. -When you create a hard link, you give an existing file an additional path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These are two paths to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. +When you create a hard link, you give an existing file one more path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These two paths relate to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file. > [!NOTE] > A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario. @@ -76,11 +76,11 @@ As a best practice, we recommend that you delete the hard-link migration store a > [!IMPORTANT] > Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss. -Keeping the hard-link migration store can result in additional disk space being consumed or problems with some applications for the following reasons: +Keeping the hard-link migration store can result in extra disk space being consumed or problems with some applications for the following reasons: - Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file. -- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up additional disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files. +- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up more disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files. - Editing the file by using different paths simultaneously may result in data corruption. @@ -131,7 +131,7 @@ The drive you specify on the command line for the hard-link migration store is i ### Location Modifications -Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes. +Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This impact is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes. ### Migrating Encrypting File System (EFS) Certificates and Files diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md index 8165a6d8c3..c6f264b11d 100644 --- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md +++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md @@ -17,27 +17,27 @@ ms.topic: article # Identify Operating System Settings -When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following: +When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following parameters: -- **Apperance.** +- **Appearance.** - This includes items such as wallpaper, colors, sounds, and the location of the taskbar. + The appearance factor includes items such as wallpaper, colors, sounds, and the location of the taskbar. - **Action.** - This includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it. + The action factor includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it. - **Internet.** - These are the settings that let you connect to the Internet and control how your browser operates. This includes items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings. + The Internet factor includes the settings that let you connect to the Internet and control how your browser operates. The settings include items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings. - **Mail.** - This includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts. + The mail factor includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts. -To help you decide which settings to migrate, you should consider any previous migration experiences as well as the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of. +To help you decide which settings to migrate, you should consider any previous migration experiences and the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of. -You should migrate any settings that users need to get their jobs done, those that make the work environment comfortable, and those that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider that users can spend a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process. +You should migrate any settings that users need to get their jobs done, those settings that make the work environment comfortable, and those settings that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider the factor of users spending a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process. **Note**   For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md). diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md index 37fb5cbc81..5034c08b18 100644 --- a/windows/deployment/usmt/usmt-scanstate-syntax.md +++ b/windows/deployment/usmt/usmt-scanstate-syntax.md @@ -48,7 +48,7 @@ Before you run the **ScanState** command, note the following: - Unless otherwise noted, you can use each option only once when running a tool on the command line. -- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any additional configuration. +- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any extra configuration. - The [Incompatible Command-Line Options](#bkmk-iclo) table lists which options you can use together and which command-line options are incompatible. @@ -142,7 +142,7 @@ USMT provides several options that you can use to analyze problems that occur du | **/l:**[*Path*]*FileName* | Specifies the location and name of the ScanState log.

You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can use the **/v** option to adjust the amount of output.

If you run the **ScanState** or **LoadState** commands from a shared network resource, you must specify this option or USMT will fail with the following error: "USMT was unable to create the log file(s)". To fix this issue, use the /**l: scan.log** command. | | **/v:***<VerbosityLevel>* | **(Verbosity)**

Enables verbose output in the ScanState log file. The default value is 0.

You can set the *VerbosityLevel* to one of the following levels:

  • **0** - Only the default errors and warnings are enabled.
  • **1** - Enables verbose output.
  • **4** - Enables error and status output.
  • **5** - Enables verbose and status output.
  • **8** - Enables error output to a debugger.
  • **9** - Enables verbose output to a debugger.
  • **12** - Enables error and status output to a debugger.
  • **13** - Enables verbose, status, and debugger output.

For example:
`scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`| | /**progress**:[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` | -| **/c** | When this option is specified, the **ScanState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the **ScanState** command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the **/c** option, the **ScanState** command will exit on the first error.

You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the /**c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /**genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | +| **/c** | When this option is specified, the **ScanState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the **ScanState** command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the **/c** option, the **ScanState** command will exit on the first error.

You can use the new <**ErrorControl**> section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the Config.xml file enables the /**c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /**genconfig** option now generates a sample <**ErrorControl**> section that is enabled by specifying error messages and desired behaviors in the Config.xml file. | | **/r:***<TimesToRetry>* | **(Retry)**

Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.

While storing the user state, the **/r** option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. | | **/w:***<SecondsBeforeRetry>* | **(Wait)**

Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. | | **/p:***<pathToFile>* | When the **ScanState** command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:
`Scanstate.exe C:\MigrationLocation [additional parameters]`
`/p:"C:\MigrationStoreSize.xml"`

For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).

To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the **/p** option, without specifying *"pathtoafile"*, in USMT. If you specify only the **/p** option, the storage space estimations are created in the same manner as with USMT3.x releases. | @@ -156,7 +156,7 @@ By default, all users are migrated. The only way to specify which users to inclu |-----|-----| | /**all** | Migrates all of the users on the computer.

USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /**ue** or /**uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /**all** option, you cannot also use the /**ui**, /**ue** or /**uel** options. | | /**ui**:*<DomainName>*\*<UserName>*
or
/**ui**:*<ComputerName>*\*<LocalUserName>* | **(User include)**

Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /**ue** or /**uel** options. You can specify multiple /**ui** options, but you cannot use the /**ui** option with the /**all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks.
**Note**
If a user is specified for inclusion with the /**ui** option, and also is specified to be excluded with either the /**ue** or /**uel** options, the user will be included in the migration.

For example:
  • To include only User2 from the Fabrikam domain, type:
    `/ue:*\* /ui:fabrikam\user2`
  • To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:
    `/uel:30 /ui:fabrikam\*`
    In this example, a user account from the Contoso domain that was last modified two months ago will not be migrated.

For more examples, see the descriptions of the /**ue** and /**ui** options in this table. | -| /**uel**:*<NumberOfDays>*
or
/**uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The /**uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

You can specify a number of days or you can specify a date. You cannot use this option with the /**all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged on to another computer, that logon instance is not considered by USMT.
**Note**
The /**uel** option is not valid in offline migrations.
  • **/uel:0** migrates any users who are currently logged on.
  • **/uel:90** migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • **/uel:1** migrates users whose account has been modified within the last 24 hours.
  • **/uel:2002/1/15** migrates users who have logged on or been modified January 15, 2002 or afterwards.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | +| /**uel**:*<NumberOfDays>*
or
/**uel**:*<YYYY/MM/DD>*
or
**/uel:0** | **(User exclude based on last logon)**

Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The /**uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.

You can specify the number of days or you can specify a date. You cannot use this option with the /**all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance is not considered by USMT.
**Note**
The /**uel** option is not valid in offline migrations.
  • **/uel:0** migrates any users who are currently logged on.
  • **/uel:90** migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.
  • **/uel:1** migrates users whose account has been modified within the last 24 hours.
  • **/uel:2002/1/15** migrates users who have logged on or been modified January 15, 2002 or afterwards.

For example:
`scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` | | /**ue**:*<DomainName>*\*<UserName>*
-or-

/**ue**:*<ComputerName>*\*<LocalUserName>* | **(User exclude)**

Excludes the specified users from the migration. You can specify multiple /**ue** options. You cannot use this option with the /**all** option. *<DomainName>* and *<UserName>* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.

For example:
`scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` | ## How to Use /ui and /ue @@ -184,7 +184,7 @@ The /**uel** option takes precedence over the /**ue** option. If a user has logg |--- |--- | |Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`| |Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`| -|Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:
  • On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`
  • On the **LoadState** command line, type: `/ue:contoso\user1`
| +|Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following commands:
  • On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`
  • On the **LoadState** command line, type: `/ue:contoso\user1`
| |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`| ## Encrypted File Options diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md index f5afeaa069..468776c419 100644 --- a/windows/deployment/usmt/xml-file-requirements.md +++ b/windows/deployment/usmt/xml-file-requirements.md @@ -1,6 +1,6 @@ --- title: XML File Requirements (Windows 10) -description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration urlid. +description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration URL ID. ms.assetid: 4b567b50-c50a-4a4f-8684-151fe3f8275f ms.reviewer: manager: laurawi @@ -19,20 +19,20 @@ ms.topic: article When creating custom .xml files, note the following requirements: -- **The file must be in Unicode Transformation Format-8 (UTF-8).** You must save the file in this format, and you must specify the following syntax at the beginning of each .xml file: +- **The file must be in Unicode Transformation Format-8 (UTF-8).** Save the file in this format, and you must specify the following syntax at the beginning of each .xml file: ``` xml ``` -- **The file must have a unique migration urlid**. The urlid of each file that you specify on the command line must be different. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following syntax at the beginning of each file: +- **The file must have a unique migration URL ID**. The URL ID of each file that you specify on the command line must be different. If two migration .xml files have the same URL ID, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the URL ID to define the components within the file. For example, you must specify the following syntax at the beginning of each file: ``` xml ``` -- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This is because the Config.xml file defines the components by the display name and the migration urlid. For example, specify the following syntax: +- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This condition is because the Config.xml file defines the components by the display name and the migration URL ID. For example, specify the following syntax: ``` xml My Application diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index 19d405b786..b36419cb21 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -49,7 +49,7 @@ When you activate a computer running Windows 10, the following information is s - Volume serial number (hashed) of the hard disk drive - The result of the activation check - This includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled: + This result includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled: - The activation exploit’s identifier - The activation exploit’s current state, such as cleaned or quarantined @@ -63,7 +63,7 @@ Standard computer information is also sent, but your computer’s IP address is ## Use of information Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers. -For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879). +For more information, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879). ## See also diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 91d2d8540b..d5d2c105b5 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -17,7 +17,7 @@ ms.topic: article # Introduction to VAMT -The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012. +The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, or Windows Server 2012. > [!NOTE] > VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. @@ -34,20 +34,20 @@ The Volume Activation Management Tool (VAMT) enables network administrators and You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios: - **Online activation.** Many enterprises maintain a single Windows system image or Office installation package for deployment across the enterprise. Occasionally there is also a need to use retail product keys in special situations. Online activation enables you to activate over the Internet any products installed with MAK, KMS host, or retail product keys on one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation.** This activation method enables you to perform volume activation for products installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS Host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs Internet access. You can also activate products installed on computers in a workgroup that is completely isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the Internet-connected VAMT host. +- **Proxy activation.** This activation method enables you to perform volume activation for products installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS Host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs Internet access. You can also activate products installed on computers in a workgroup that is isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the Internet-connected VAMT host. ## Managing Key Management Service (KMS) Activation -In addition to MAK or retail activation, you can use VAMT to perform volume activation using the Key Management Service (KMS). VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by Volume License editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 as well as Microsoft Office 2010.\ +In addition to MAK or retail activation, you can use VAMT to perform volume activation using the Key Management Service (KMS). VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by Volume License editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 and Microsoft Office 2010.\ VAMT treats a KMS Host key (CSVLK) product key identically to a retail-type product key; therefore, the experience for product key entry and activation management are identical for both these product key types. ## Enterprise Environment -VAMT is commonly implemented in enterprise environments. The following illustrates three common environments—Core Network, Secure Zone, and Isolated Lab. +VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments—Core Network, Secure Zone, and Isolated Lab. ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg) -In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection. +In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have extra firewall protection. The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab. ## VAMT User Interface @@ -60,7 +60,7 @@ VAMT provides a single, graphical user interface for managing activations, and f - **Adding and removing computers.** You can use VAMT to discover computers in the local environment. VAMT can discover computers by querying AD DS, workgroups, by individual computer name or IP address, or via a general LDAP query. - **Discovering products.** You can use VAMT to discover Windows, Windows Server, Office, and select other products installed on the client computers. -- **Monitoring activation status.** You can collect activation information about each product, including the last 5 characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information. +- **Monitoring activation status.** You can collect activation information about each product, including the last five characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information. - **Managing product keys.** You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs. - **Managing activation data.** VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index e1e2f2151e..6c96637ddf 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -1,6 +1,6 @@ --- title: Manage Activations (Windows 10) -description: Learn how to manage activations and how to activate a client computer by using a variety of activation methods. +description: Learn how to manage activations and how to activate a client computer by using various activation methods. ms.assetid: 53bad9ed-9430-4f64-a8de-80613870862c ms.reviewer: manager: laurawi @@ -17,7 +17,7 @@ ms.topic: article # Manage Activations -This section describes how to activate a client computer, by using a variety of activation methods. +This section describes how to activate a client computer, by using various activation methods. ## In this Section @@ -25,7 +25,7 @@ This section describes how to activate a client computer, by using a variety of |------|------------| |[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. | |[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that do not have Internet access. | -|[Perform KMS Activation](kms-activation-vamt.md) |Describes how perform volume activation using the Key Management Service (KMS). | +|[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). | |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. | |[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to online activate an Active Directory forest. | |[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that is not connected to the Internet. | diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index d3b906680d..3e9a42c319 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -17,7 +17,7 @@ ms.topic: article # Scenario 2: Proxy Activation -In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups which are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has Internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario: +In this scenario, the Volume Activation Management Tool (VAMT) is used to activate products that are installed on workgroup computers in an isolated lab environment. For workgroups that are isolated from the larger network, you can perform proxy activation of Multiple Activation Keys (MAKs), KMS Host keys (CSVLKs), Generic Volume License Keys (GVLKs) (or KMS client keys), or retail keys. Proxy activation is performed by installing a second instance of VAMT on a computer in the isolated workgroup. You can then use removable media to transfer VAMT Computer Information Lists (CILXs) between the instance of VAMT in the isolated workgroup and another VAMT host that has Internet access. The following diagram shows a Multiple Activation Key (MAK) proxy activation scenario: ![VAMT MAK proxy activation scenario.](images/dep-win8-l-vamt-makproxyactivationscenario.jpg) @@ -45,9 +45,9 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa 2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. 3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that both IPv4 and IPv6addressing are supported. + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. 4. Click **Search**. The **Finding Computers** window appears and displays the search progress as the computers are located. @@ -70,9 +70,9 @@ You can sort the list of products so that it is easier to find the computers tha To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: - To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** ley and select each computer for which you want to collect the status information. +- To select computers that are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. +- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. **Note** @@ -91,9 +91,9 @@ To collect the status from select computers in the database, you can select comp 1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. 2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. 4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. 6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index ef45dc1c96..da420e7365 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -25,9 +25,9 @@ This section provides step-by-step instructions on implementing the Volume Activ |------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. | -|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | +|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | -## Related topics +## Related articles - [Introduction to VAMT](introduction-vamt.md)     diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 70d738e262..1a4195b593 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -18,16 +18,16 @@ ms.collection: highpri # Windows 10 deployment scenarios and tools -To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. +To successfully deploy the Windows 10 operating system and applications for your organization, you must know about the available tools to help with the process. In this article, you will learn about the most commonly used tools for Windows 10 deployment. -Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these are just tools and not a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) or [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) that you get the complete deployment solution. +Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these tools are not a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) or [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) that you get the complete deployment solution. -In this topic, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations +In this article, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations ## Windows Assessment and Deployment Kit -Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md). +Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more information, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md). ![figure 1.](images/win-10-adk-select.png) @@ -43,7 +43,7 @@ DISM services online and offline images. For example, with DISM you can install Dism.exe /Online /Enable-Feature /FeatureName:NetFX3 /All /Source:D:\Sources\SxS /LimitAccess ``` -In Windows 10, you can use Windows PowerShell for many of the functions performed by DISM.exe. The equivalent command in Windows 10 using PowerShell is: +In Windows 10, you can use Windows PowerShell for many of the functions done by DISM.exe. The equivalent command in Windows 10 using PowerShell is: ``` syntax Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All @@ -67,9 +67,9 @@ Occasionally, we find that customers are wary of USMT because they believe it re USMT includes several command-line tools, the most important of which are ScanState and LoadState: -- **ScanState.exe.** This performs the user-state backup. -- **LoadState.exe.** This performs the user-state restore. -- **UsmtUtils.exe.** This supplements the functionality in ScanState.exe and LoadState.exe. +- **ScanState.exe.** This tool performs the user-state backup. +- **LoadState.exe.** This tool performs the user-state restore. +- **UsmtUtils.exe.** This tool supplements the functionality in ScanState.exe and LoadState.exe. In addition to these tools, there are also XML templates that manage which data is migrated. You can customize the templates, or create new ones, to manage the backup process at a high level of detail. USMT uses the following terms for its templates: @@ -85,20 +85,20 @@ USMT supports capturing data and settings from Windows Vista and later, and rest By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings: -- Folders from each profile, including those from user profiles as well as shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated. -- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. +- Folders from each profile, including those folders from user profiles, and shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated. +- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv,dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. - **Note**   - The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default. + > [!NOTE] + > The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default. - Operating system component settings - Application settings -These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more information on the USMT overall, see the [USMT technical reference](./usmt/usmt-reference.md). +These settings are the ones migrated by the default MigUser.xml and MigApp.xml templates. For more information on what USMT migrates, see [What does USMT migrate?](./usmt/usmt-what-does-usmt-migrate.md) For more information on the USMT overall, see the [USMT technical reference](./usmt/usmt-reference.md). ### Windows Imaging and Configuration Designer -Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This is particularly useful for setting up new devices, without the need for re-imaging the device with a custom image. +Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This tool is useful for setting up new devices, without the need for re-imaging the device with a custom image. ![figure 4.](images/windows-icd.png) @@ -108,7 +108,7 @@ For more information, see [Windows Imaging and Configuration Designer](/windows/ ### Windows System Image Manager (Windows SIM) -Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don’t need Windows SIM very often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall. +Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or Configuration Manager, you don’t need Windows SIM often because those systems automatically update the Unattend.xml file during the deployment, greatly simplifying the process overall. ![figure 7.](images/mdt-11-fig07.png) @@ -168,7 +168,7 @@ In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/wind ### Trivial File Transfer Protocol (TFTP) configuration -In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—was not user friendly. In Windows Server 2012, this has become much easier to do as it can be configured as a setting. +In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so — editing the registry — was not user friendly. In Windows Server 2012, this modification in settings has become much easier to do as it can be configured as a setting. Also, there are a few new features related to TFTP performance: @@ -210,7 +210,7 @@ The SCM console showing a baseline configuration for a fictional client's comput ## Microsoft Desktop Optimization Pack -MDOP is a suite of technologies available to Software Assurance customers through an additional subscription. +MDOP is a suite of technologies available to Software Assurance customers through another subscription. The following components are included in the MDOP suite: @@ -267,29 +267,29 @@ With UEFI, you can benefit from: - **Faster boot time.** UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate. - **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start. - **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS. -- **CPU-independent architecture.** Even if BIOS can run both 32- and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS. +- **CPU-independent architecture.** Even if BIOS can run both 32-bit and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS. - **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment. - **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors. - **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader. ### Versions -UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a small number of machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later. +UEFI Version 2.3.1B is the version required for Windows 8 and later logo compliance. Later versions have been released to address issues; a few machines may need to upgrade their firmware to fully support the UEFI implementation in Windows 8 and later. ### Hardware support for UEFI In regard to UEFI, hardware is divided into four device classes: -- **Class 0 devices.** This is the UEFI definition for a BIOS, or non-UEFI, device. -- **Class 1 devices.** These devices behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured. -- **Class 2 devices.** These devices have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available. -- **Class 3 devices.** These are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS. +- **Class 0 devices.** The device of this class is the UEFI definition for a BIOS, or non-UEFI, device. +- **Class 1 devices.** The devices of this class behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured. +- **Class 2 devices.** The devices of this class have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available. +- **Class 3 devices.** The devices of this class are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS. ### Windows support for UEFI Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers. -With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. +With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This limitation means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. ### How UEFI is changing operating system deployment @@ -297,12 +297,12 @@ There are many things that affect operating system deployment as soon as you run - Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS. - When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa. -- When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4GB. +- When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4 GB. - UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit). For more information on UEFI, see the [UEFI firmware](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)) overview and related resources. -## Related topics +## Related articles [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md) \ No newline at end of file From 332f1f3c3fc28244ab93489814c9b2db8e1d3d19 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 20 Jan 2022 12:05:37 +0530 Subject: [PATCH 11/85] Acrolinx issues fixed --- ...abase-management-strategies-and-deployment.md | 16 ++++++++-------- ...rotection-considerations-for-windows-to-go.md | 6 +++--- .../using-the-sdbinstexe-command-line-tool.md | 2 +- .../deployment/planning/using-the-sua-wizard.md | 4 ++-- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index fae3bcf0a8..29b77be77b 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -49,7 +49,7 @@ Microsoft provides general recommends the following remedies for improving the m - **Define your resources responsible for addressing questions and enforcing your standards** - Ensure you determine who will be responsible for staying current with the technology and standards that are related to your compatibility fixes and custom compatibility-fix databases. As your databases are managed over time, you must ensure that someone in your organization stays current with the relevant technology. + Ensure you determine who will be responsible for staying current with the technology and standards that are related to your compatibility fixes and custom compatibility-fix databases. As your databases are managed over time, ensure that someone in your organization stays current with the relevant technology. ## Strategies for Deploying Your Compatibility Fixes @@ -64,7 +64,7 @@ Determine which method best meets your organization's deployment needs. ### Deploying Fixes as Part of an Application-Installation Package -One strategy to deploy compatibility fixes is to create a custom compatibility-fix database that contains a single entry that is applied directly to the application-installation package. While this is the most straightforward method of deployment, it has been shown that this method can become overly complex, especially if you are fixing a large number of applications. +One strategy to deploy compatibility fixes is to create a custom compatibility-fix database that contains a single entry that is applied directly to the application-installation package. While this method is the most straightforward one for deployment, it has been shown that this method can become overly complex, especially if you are fixing a large number of applications. If the following considerations apply to your organization, you should avoid this strategy and instead consider using a centralized compatibility-fix database, as described in the next section. @@ -74,7 +74,7 @@ If the following considerations apply to your organization, you should avoid thi - **Will you be able to track which applications are installed on which computer?** - You might determine that your initial set of compatibility fixes is not comprehensive, and that you must deploy an updated version of the compatibility-fix database to resolve the additional issues. If you deployed the initial set by using the application-installation package, you will be required to locate each client computer that is running the application and replace the compatibility fix. + You might determine that your initial set of compatibility fixes is not comprehensive, and that you must deploy an updated version of the compatibility-fix database to resolve the other issues. If you deployed the initial set by using the application-installation package, you will be required to locate each client computer that is running the application and replace the compatibility fix. ### Deploying Fixes Through a Centralized Compatibility-Fix Database @@ -82,23 +82,23 @@ The other recommended strategy for deploying compatibility fixes into your organ This approach tends to work best for organizations that have a well-developed deployment infrastructure in place, with centralized ownership of the process. We recommend that you consider the following before using this approach: -- Does your organization have the tools required to deploy and update a compatibility-fix database for all of the effected computers? +- Does your organization have the tools required to deploy and update a compatibility-fix database for all of the affected computers? If you intend to manage a centralized compatibility-fix database, you must verify that your organization has the required tools to deploy and update all of the affected computers in your organization. - Do you have centralized resources that can manage and update the centralized compatibility-fix database? - You must ensure that you have identified the appropriate owners for the deployment process, for the applications, and for the database updates, in addition to determining the process by which compatibility issues can be deployed to specific computers. + Ensure that you have identified the appropriate owners for the deployment process, for the applications, and for the database updates, in addition to determining the process by which compatibility issues can be deployed to specific computers. ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This provision enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** 1. Verify that your application-compatibility testers are performing their tests on computers with the latest version of your compatibility-fix database. For example, Custom DB1. -2. If the tester determines that an application requires an additional compatibility fix that is not a part of the original compatibility-fix database, he or she must create a new custom compatibility database with all of the required information for that single fix. For example, Custom DB2. +2. If the tester determines that an application requires an extra compatibility fix that is not a part of the original compatibility-fix database, the tester must create a new custom compatibility database with all of the required information for that single fix, for example, Custom DB2. 3. The tester applies the new Custom DB2 information to the application and then tests for both the functionality and integration, to ensure that the compatibility issues are addressed. @@ -128,7 +128,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sib file and a custom deployment script into a file with the .msi extension, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > Ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index a40bab3ece..4bfd9b2dd9 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -32,12 +32,12 @@ One of the most important requirements to consider when you plan your Windows To As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement. -If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)). +If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)). ## BitLocker -We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. +We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace. @@ -51,7 +51,7 @@ If you are using a host computer running Windows 7 that has BitLocker enabled, ## Disk discovery and data leakage -We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an Auto-Play prompt will not be displayed to the user. This reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. +We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive will not appear in Windows Explorer and an Auto-Play prompt will not be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md index 46307344ea..02820bf6da 100644 --- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md +++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md @@ -63,7 +63,7 @@ The following table describes the available command-line options. |Option|Description| |--- |--- | |-?|Displays the Help for the Sdbinst.exe tool.

For example,
`sdbinst.exe -?`| -|-p|Allows SDBs installation with Patches.

For example,
`sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb`| +|-p|Allows SDBs' installation with Patches.

For example,
`sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb`| |-q|Does a silent installation with no visible window, status, or warning information. Fatal errors appear only in Event Viewer (Eventvwr.exe).

For example,
`sdbinst.exe -q`| |-u *filepath*|Does an uninstallation of the specified database.

For example,
`sdbinst.exe -u C:\example.sdb`| |-g *GUID*|Specifies the customized database to uninstall by a globally unique identifier (GUID).

For example,
`sdbinst.exe -g 6586cd8f-edc9-4ea8-ad94-afabea7f62e3`| diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index bcbda77946..015122670a 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -34,7 +34,7 @@ For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool. ## Testing an Application by Using the SUA Wizard -You must install Application Verifier before you can use the SUA Wizard. If Application Verifier is not installed on the computer that is running the SUA Wizard, the SUA Wizard notifies you. You must also install the Microsoft® .NET Framework 3.5 or later before you can use the SUA Wizard. +Install Application Verifier before you can use the SUA Wizard. If Application Verifier is not installed on the computer that is running the SUA Wizard, the SUA Wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA Wizard. The following flowchart shows the process of using the SUA Wizard. @@ -76,7 +76,7 @@ The following flowchart shows the process of using the SUA Wizard. The SUA Wizard closes the issue as resolved on the local computer. - If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md). + If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md). ## Related articles [SUA User's Guide](sua-users-guide.md) From cc0bad2918b2bacdeb0f6e64990923fc82fa90ff Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 20 Jan 2022 13:35:08 +0530 Subject: [PATCH 12/85] Acrolinx issues fixed --- .../deployment/planning/sua-users-guide.md | 2 +- .../planning/using-the-sua-wizard.md | 30 +++++++++---------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index 83926ee905..e8e6f31b30 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -40,7 +40,7 @@ You can use SUA in either of the following ways: |Topic|Description| |--- |--- | -|[Using the SUA Wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.| +|[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.| |[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.| diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index 015122670a..63fe07dfd7 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -1,6 +1,6 @@ --- -title: Using the SUA Wizard (Windows 10) -description: The Standard User Analyzer (SUA) Wizard, although it does not offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues. +title: Using the SUA wizard (Windows 10) +description: The Standard User Analyzer (SUA) wizard, although it does not offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues. ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c ms.reviewer: manager: laurawi @@ -15,7 +15,7 @@ ms.date: 04/19/2017 ms.topic: article --- -# Using the SUA Wizard +# Using the SUA wizard **Applies to** @@ -27,30 +27,30 @@ ms.topic: article - Windows Server 2012 - Windows Server 2008 R2 -The Standard User Analyzer (SUA) Wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA Wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions. +The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions. For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.md). -## Testing an Application by Using the SUA Wizard +## Testing an Application by Using the SUA wizard -Install Application Verifier before you can use the SUA Wizard. If Application Verifier is not installed on the computer that is running the SUA Wizard, the SUA Wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA Wizard. +Install Application Verifier before you can use the SUA wizard. If Application Verifier is not installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard. -The following flowchart shows the process of using the SUA Wizard. +The following flowchart shows the process of using the SUA wizard. ![act sua wizard flowchart.](images/dep-win8-l-act-suawizardflowchart.jpg) -**To test an application by using the SUA Wizard** +**To test an application by using the SUA wizard** -1. On the computer where the SUA Wizard is installed, sign in by using a non-administrator account. +1. On the computer where the SUA wizard is installed, sign in by using a non-administrator account. -2. Run the Standard User Analyzer Wizard. +2. Run the Standard User Analyzer wizard. 3. Click **Browse for Application**, browse to the folder that contains the application that you want to test, and then double-click the executable file for the application. 4. Click **Launch**. - If you are prompted, elevate your permissions. The SUA Wizard may require elevation of permissions to correctly diagnose the application. + If you are prompted, elevate your permissions. The SUA wizard may require elevation of permissions to correctly diagnose the application. If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. @@ -58,11 +58,11 @@ The following flowchart shows the process of using the SUA Wizard. 6. After you finish testing, exit the application. - The SUA Wizard displays a message that asks whether the application ran without any issues. + The SUA wizard displays a message that asks whether the application ran without any issues. 7. Click **No**. - The SUA Wizard shows a list of potential remedies that you might use to fix the application. + The SUA wizard shows a list of potential remedies that you might use to fix the application. 8. Select the fixes that you want to apply, and then click **Launch**. @@ -70,11 +70,11 @@ The following flowchart shows the process of using the SUA Wizard. 9. Test the application again, and after you finish testing, exit the application. - The SUA Wizard displays a message that asks whether the application ran without any issues. + The SUA wizard displays a message that asks whether the application ran without any issues. 10. If the application ran correctly, click **Yes**. - The SUA Wizard closes the issue as resolved on the local computer. + The SUA wizard closes the issue as resolved on the local computer. If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md). From 4cd66bf706bc149717552613573ed5bab5199b75 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 20 Jan 2022 15:16:54 +0530 Subject: [PATCH 13/85] Resolved suggestions --- ...ix-information-sent-to-microsoft-during-activation-client.md | 1 + windows/deployment/windows-deployment-scenarios-and-tools.md | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index b36419cb21..58c3926442 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -1,5 +1,6 @@ --- title: Appendix Information sent to Microsoft during activation (Windows 10) +description: Learn about the information sent to Microsoft during activation. ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8 ms.reviewer: manager: laurawi diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 1a4195b593..84d317c451 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -138,7 +138,7 @@ Windows PE is a “Lite” version of Windows 10 and was created to act as a dep The key thing to know about Windows PE is that, like the operating system, it needs drivers for at least network and storage devices in each PC. Luckily Windows PE includes the same drivers as the full Windows 10 operating system, which means much of your hardware will work out of the box. -![figure 7.](images/mdt-11-fig09.png) +![Figure no. 7.](images/mdt-11-fig09.png) A machine booted with the Windows ADK default Windows PE boot image. From 2455056eb6ad50ae6cf15af3514861a37a89a84d Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 20 Jan 2022 15:20:19 +0530 Subject: [PATCH 14/85] Update appendix-information-sent-to-microsoft-during-activation-client.md --- ...dix-information-sent-to-microsoft-during-activation-client.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index 58c3926442..e67fd3d3d5 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -5,7 +5,6 @@ ms.assetid: 4bfff495-07d0-4385-86e3-7a077cbd64b8 ms.reviewer: manager: laurawi ms.author: greglin -description: keywords: vamt, volume activation, activation, windows activation ms.prod: w10 ms.mktglfcycl: deploy From b6390b76a97cdf39018aa4c54709626365f81c83 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 20 Jan 2022 16:56:37 +0530 Subject: [PATCH 15/85] Update import-export-vamt-data.md --- .../volume-activation/import-export-vamt-data.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 502813e80e..68bf78eeba 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -1,6 +1,6 @@ --- -title: Import and Export VAMT Data (Windows 10) -description: Learn how to use the Volume Activation Management Tool (VAMT) to import product-activation data from a .cilx or .cil file into SQL Server. +title: Import and Export Volume Activation Management Tool (VAMT) Data (Windows 10) +description: Learn how to use the VAMT to import product-activation data from a .cilx or .cil file into SQL Server. ms.assetid: 09a2c595-1a61-4da6-bd46-4ba8763cfd4f ms.reviewer: manager: laurawi @@ -15,15 +15,15 @@ ms.date: 04/25/2017 ms.topic: article --- -# Import and Export VAMT Data +# Import and Export Volume Activation Management Tool (VAMT) Data You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a Computer Information List (.cilx or .cil) file into SQL Server, and to export product-activation data into a .cilx file. A .cilx file is an XML file that stores computer and product-activation data. You can import data or export data during the following scenarios: - Import and merge data from previous versions of VAMT. -- Export data to use to perform proxy activations. +- Export data to perform proxy activations. **Warning**   -Editing a .cilx file using an application other than VAMT can corrupt the .cilx file and is not supported. +Editing a .cilx file through an application other than VAMT can corrupt the .cilx file; and this method is not supported. ## Import VAMT Data @@ -37,7 +37,7 @@ Editing a .cilx file using an application other than VAMT can corrupt the .cilx Exporting VAMT data from a non-Internet-connected VAMT host computer is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a .cilx file: 1. In the left-side pane, you can click a product you want to export data for, or click **Products** if the list contains data for all products. -2. If you want to export only part of the data in a product list, in the product list view in the center pane select the products you want to export. +2. If you want to export only part of the data in a product list, in the product-list view in the center pane, select the products you want to export. 3. In the right-side **Actions** pane on, click **Export list** to open the **Export List** dialog box. 4. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file. 5. Under **Export options**, select one of the following data-type options: @@ -47,6 +47,6 @@ Exporting VAMT data from a non-Internet-connected VAMT host computer is the firs 6. If you have selected products to export, select the **Export selected product rows only** check box. 7. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. -## Related topics +## Related articles - [Perform Proxy Activation](proxy-activation-vamt.md) From 49bcc34ac86b6de75242b67c77f1630c714e519b Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 25 Jan 2022 22:06:46 +0530 Subject: [PATCH 16/85] Update whats-new-windows-10-version-21H1.md --- .../whats-new-windows-10-version-21H1.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md index 06aade74c5..62cf673267 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H1.md +++ b/windows/whats-new/whats-new-windows-10-version-21H1.md @@ -24,7 +24,7 @@ This article lists new and updated features and content that is of interest to I Windows 10, version 21H1 is a scoped set of features for select performance improvements, enterprise features, and quality enhancements. As an [H1-targeted release](/lifecycle/faq/windows#what-is-the-servicing-timeline-for-a-version--feature-update--of-windows-10-), 21H1 is serviced for 18 months from the release date for devices running Windows 10 Enterprise or Windows 10 Education editions. -For details on how to update your device, or the devices in your organization, see [How to get the Windows 10 May 2021 Update](https://blogs.windows.com/windowsexperience/?p=175674). Devices running Windows 10, versions 2004 and 20H2 have the ability to update quickly to version 21H1 via an enablement package. For more details, see [Feature Update through Windows 10, version 21H1 Enablement Package](https://support.microsoft.com/help/5000736). +For details on how to update your device, or the devices in your organization, see [How to get the Windows 10 May 2021 Update](https://blogs.windows.com/windowsexperience/?p=175674). Devices running Windows 10, versions 2004 and 20H2, have the ability to update quickly to version 21H1 via an enablement package. For more information, see [Feature Update through Windows 10, version 21H1 Enablement Package](https://support.microsoft.com/help/5000736). ## Servicing @@ -42,13 +42,13 @@ A new [resolved issues](/mem/autopilot/resolved-issues) article is available tha A new Intune remote action: **Collect diagnostics**, lets you collect the logs from corporate devices without interrupting or waiting for the end user. For more information, see [Collect diagnostics remote action](/mem/intune/fundamentals/whats-new#collect-diagnostics-remote-action). -Intune has also added capabilities to [Role-based access control](/mem/intune/fundamentals/whats-new#role-based-access-control) (RBAC) that can be used to further define profile settings for the Enrollment Status Page (ESP). For more information see [Create Enrollment Status Page profile and assign to a group](/mem/intune/enrollment/windows-enrollment-status#create-enrollment-status-page-profile-and-assign-to-a-group). +Intune has also added capabilities to [Role-based access control](/mem/intune/fundamentals/whats-new#role-based-access-control) (RBAC) that can be used to further define profile settings for the Enrollment Status Page (ESP). For more information,, see [Create Enrollment Status Page profile and assign to a group](/mem/intune/enrollment/windows-enrollment-status#create-enrollment-status-page-profile-and-assign-to-a-group). For a full list of what's new in Microsoft Intune, see [What's new in Microsoft Intune](/mem/intune/fundamentals/whats-new). ### Windows Assessment and Deployment Toolkit (ADK) -There is no new ADK for Windows 10, version 21H1. The ADK for Windows 10, version 2004 will also work with Windows 10, version 21H1. For more information, see [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). +There's no new ADK for Windows 10, version 21H1. The ADK for Windows 10, version 2004 will also work with Windows 10, version 21H1. For more information, see [Download and install the Windows ADK](/windows-hardware/get-started/adk-install). ## Device management @@ -74,7 +74,7 @@ The new Chromium-based [Microsoft Edge](https://www.microsoft.com/edge/business) ## General fixes -See the [Windows Insider blog](https://blogs.windows.com/windows-insider/2021/02/17/releasing-windows-10-build-19042-844-20h2-to-beta-and-release-preview-channels/) for more information. +For more information on the general fixes, see the [Windows Insider blog](https://blogs.windows.com/windows-insider/2021/02/17/releasing-windows-10-build-19042-844-20h2-to-beta-and-release-preview-channels/). This release includes the following enhancements and issues fixed: @@ -88,7 +88,7 @@ This release includes the following enhancements and issues fixed: - an issue that might cause video playback to flicker when rendering on certain low-latency capable monitors. - an issue that sometimes prevents the input of strings into the Input Method Editor (IME). - an issue that exhausts resources because Desktop Windows Manager (DWM) leaks handles and virtual memory in Remote Desktop sessions. -- a stop error that occurs at start up. +- a stop error that occurs at the start. - an issue that might delay a Windows Hello for Business (WHfB) Certificate Trust deployment when you open the Settings-> Accounts-> Sign-in Options page. - an issue that might prevent some keyboard keys from working, such as the home, Ctrl, or left arrow keys when you set the Japanese IME input mode to Kana. - removed the history of previously used pictures from a user account profile. @@ -104,8 +104,8 @@ This release includes the following enhancements and issues fixed: - an issue that prevents wevtutil from parsing an XML file. - failure to report an error when the Elliptic Curve Digital Signature Algorithm (ECDSA) generates invalid keys of 163 bytes instead of 165 bytes. - We added support for using the new Chromium-based Microsoft Edge as the assigned access single kiosk app. Now, you can also customize a breakout key sequence for single app kiosks. For more information, see Configure Microsoft Edge kiosk mode. -- User Datagram Protocol (UDP) broadcast packets that are larger than the maximum transmission unit (MTU). Devices that receive these packets discard them because the checksum is not valid. -- the WinHTTP AutoProxy service does not comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. +- User Datagram Protocol (UDP) broadcast packets that are larger than the maximum transmission unit (MTU). Devices that receive these packets discard them because the checksum isn't valid. +- the WinHTTP AutoProxy service doesn't comply with the value set for the maximum Time To Live (TTL) on the Proxy Auto-Configuration (PAC) file. This prevents the cached file from updating dynamically. - We improved the ability of the WinHTTP Web Proxy Auto-Discovery Service to ignore invalid Web Proxy Auto-Discovery Protocol (WPAD) URLs that the Dynamic Host Configuration Protocol (DHCP) server returns. - We displayed the proper Envelope media type as a selectable output paper type for Universal Print queues. - We ended the display of a random paper size for a printer when it uses the Microsoft Internet Printing Protocol (IPP) Class Driver. @@ -122,7 +122,7 @@ This release includes the following enhancements and issues fixed: * Default value = 1; enables the log. * Value other than 1; disables the log. - If this key does not exist, it will be created automatically. + If this key doesn't exist, it will be created automatically. To take effect, any change to **dfslog/RootShareAcquireSuccessEvent** in the registry requires that you restart the DFSN service. - We updated the Open Mobile Alliance (OMA) Device Management (DM) sync protocol by adding a check-in reason for requests from the client to the server. The check-in reason will allow the mobile device management (MDM) service to make better decisions about sync sessions. With this change, the OMA-DM service must negotiate a protocol version of 4.0 with the Windows OMA-DM client. - We turned off token binding by default in Windows Internet (WinINet). @@ -137,4 +137,4 @@ This release includes the following enhancements and issues fixed: [What's New in Windows 10](./index.yml): See what’s new in other versions of Windows 10.
[Announcing more ways we’re making app development easier on Windows](https://blogs.windows.com/windowsdeveloper/2020/09/22/kevin-gallo-microsoft-ignite-2020/): Simplifying app development in Windows.
[Features and functionality removed in Windows 10](/windows/deployment/planning/windows-10-removed-features): Removed features.
-[Windows 10 features we’re no longer developing](/windows/deployment/planning/windows-10-deprecated-features): Features that are not being developed.
+[Windows 10 features we’re no longer developing](/windows/deployment/planning/windows-10-deprecated-features): Features that aren't being developed.
From c451f4c8eb50c0bc3331f09a68475cd1b8ae0192 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Tue, 25 Jan 2022 22:28:22 +0530 Subject: [PATCH 17/85] updates --- .../includes/configure-additional-search-engines-shortdesc.md | 2 +- .../includes/configure-kiosk-mode-shortdesc.md | 2 +- .../includes/provision-favorites-shortdesc.md | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md index 873d33a2f0..8b7bc5ad00 100644 --- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md +++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md @@ -9,4 +9,4 @@ ms.prod: edge ms.topic: include --- -By default, users can set a default search engine in the Microsoft Edge browser, using the Set default search engine policy. With this policy, you can configure up to five more search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. +Users can set a default search engine in the Microsoft Edge browser, using the Set default search engine policy. With this policy, the users can configure up to five more search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md index c76de7864b..f2bddfe2b7 100644 --- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md +++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md @@ -9,7 +9,7 @@ ms.prod: edge ms.topic: include --- -For the Microsoft Edge browser, configure a behavior that is to be exhibited in kiosk mode with assigned access. This behavior configuration is for Microsoft Edge as a single-app or as one of many apps running on the kiosk device. +Configure a behavior to be displayed by the Microsoft Edge browser in kiosk mode with assigned access. This behavior configuration is for Microsoft Edge as a single-app or as one of many apps running on the kiosk device. You can facilitate the following functionalities in the Microsoft Edge browser: - Execution of InPrivate full screen diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md index 77281a67f6..79fca42087 100644 --- a/windows/client-management/includes/provision-favorites-shortdesc.md +++ b/windows/client-management/includes/provision-favorites-shortdesc.md @@ -9,11 +9,11 @@ ms.prod: edge ms.topic: include --- -By default, you can customize the Favorites list in the Microsoft Edge browser. Whatever you customize becomes the standard list. +You can customize the Favorites list in the Microsoft Edge browser. Whatever you customize becomes the standard list. > [!NOTE] > The standard list of favorites can include folders. The favorites that you add also become part of this standard list. -Once your customized Favorites list appears in the Microsoft Edge browser, you cannot customize it again, such as adding folders for organizing, and adding or removing any of the favorites configured. +Once your customized Favorites list appears in the Microsoft Edge browser, you can't customize it again, such as adding folders for organizing, and adding or removing any of the favorites configured. From ee369e88ff1fb45646d758c2be1ed1ca069adbc4 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 25 Jan 2022 09:18:42 -0800 Subject: [PATCH 18/85] Revert "Delete appv-create-a-package-accelerator-with-powershell.md" This reverts commit eca7661e5574728be0d2cfc797d463b7b0153fc5. --- ...e-a-package-accelerator-with-powershell.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md new file mode 100644 index 0000000000..2583a8e7d4 --- /dev/null +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -0,0 +1,51 @@ +--- +title: How to create a package accelerator by using Windows PowerShell (Windows 10/11) +description: Learn how to create an App-v Package Accelerator by using Windows PowerShell. App-V Package Accelerators automatically sequence large, complex applications. +author: greg-lindsay +ms.pagetype: mdop, appcompat, virtualization +ms.mktglfcycl: deploy +ms.sitesec: library +ms.prod: w10 +ms.date: 07/10/2018 +ms.reviewer: +manager: dansimp +ms.author: greglin +ms.topic: article +--- +# How to create a package accelerator by using Windows PowerShell + +[!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)] + +App-V Package Accelerators automatically sequence large, complex applications. Also, when you apply an App-V Package Accelerator, you don't have to manually install an application to create the virtualized package. + +## Create a package accelerator + +1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). +2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. +3. Ensure you have the .Apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +4. Enter the **New-AppvPackageAccelerator** cmdlet. + + The following parameters are required to use the package accelerator cmdlet: + + - *InstalledFilesPath* specifies the application installation path. + - *Installer* specifies the path to the application installer media. + - *InputPackagePath* specifies the path to the.appv package. + - *Path* specifies the output directory for the package. + + The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: + + ```PowerShell + New-AppvPackageAccelerator -InputPackagePath -Installer -Path + ``` + + You can also use the following optional parameter with the **New-AppvPackageAccelerator** cmdlet: + + - *AcceleratorDescriptionFile* specifies the path to user-created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be included in the package created by the package accelerator. + + + + + +## Related articles + +- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) From f3374156614d5f07fa3c80064bb76a49b18e94b8 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Tue, 25 Jan 2022 09:23:44 -0800 Subject: [PATCH 19/85] Update appv-create-a-package-accelerator-with-powershell.md undo changes --- .../appv-create-a-package-accelerator-with-powershell.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md index 2583a8e7d4..79b713f591 100644 --- a/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md +++ b/windows/application-management/app-v/appv-create-a-package-accelerator-with-powershell.md @@ -22,17 +22,17 @@ App-V Package Accelerators automatically sequence large, complex applications. A 1. Install the App-V sequencer. For more information about installing the sequencer, see [How to install the sequencer](appv-install-the-sequencer.md). 2. To open a Windows PowerShell console, select **Start** and enter **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. -3. Ensure you have the .Apps package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. +3. Make sure that you have the .appv package to create an accelerator from the installation media or installation files. You can also optionally use a readme file for the accelerator's users to reference. 4. Enter the **New-AppvPackageAccelerator** cmdlet. The following parameters are required to use the package accelerator cmdlet: - *InstalledFilesPath* specifies the application installation path. - *Installer* specifies the path to the application installer media. - - *InputPackagePath* specifies the path to the.appv package. + - *InputPackagePath* specifies the path to the .appv package. - *Path* specifies the output directory for the package. - The following example cmdlet shows how you can create a package accelerator with .app package and the installation media: + The following example cmdlet shows how you can create a package accelerator with an .appv package and the installation media: ```PowerShell New-AppvPackageAccelerator -InputPackagePath -Installer -Path @@ -46,6 +46,6 @@ App-V Package Accelerators automatically sequence large, complex applications. A -## Related articles +## Related topics - [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md) From d809a4ec8d8f0f1396e9a3aaa1dbad12def4f4c1 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 13:27:02 +0530 Subject: [PATCH 20/85] resolved Acrolinx check failures --- .../configure-additional-search-engines-shortdesc.md | 8 +++++++- .../includes/configure-kiosk-mode-shortdesc.md | 7 ++++++- .../includes/provision-favorites-shortdesc.md | 12 +++++++----- 3 files changed, 20 insertions(+), 7 deletions(-) diff --git a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md index 8b7bc5ad00..cd9e9d9751 100644 --- a/windows/client-management/includes/configure-additional-search-engines-shortdesc.md +++ b/windows/client-management/includes/configure-additional-search-engines-shortdesc.md @@ -9,4 +9,10 @@ ms.prod: edge ms.topic: include --- -Users can set a default search engine in the Microsoft Edge browser, using the Set default search engine policy. With this policy, the users can configure up to five more search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines. +The Set default search engine policy enables the users to: + +- Set a default search engine +- Configure up to five more search engines, and set any one of them as the default + +If you previously enabled this policy and now want to disable it, doing so results in deletion of all the configured search engines + diff --git a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md index f2bddfe2b7..8397ff7c18 100644 --- a/windows/client-management/includes/configure-kiosk-mode-shortdesc.md +++ b/windows/client-management/includes/configure-kiosk-mode-shortdesc.md @@ -9,7 +9,12 @@ ms.prod: edge ms.topic: include --- -Configure a behavior to be displayed by the Microsoft Edge browser in kiosk mode with assigned access. This behavior configuration is for Microsoft Edge as a single-app or as one of many apps running on the kiosk device. +You can define a behavior for the Microsoft Edge browser, which it shall display when part of many applications running on a kiosk device. + +> [!NOTE] +> You can define the browser's behavior only if you have the assigned access privileges. + +You can also define a behavior when Microsoft Edge serves as a single application. You can facilitate the following functionalities in the Microsoft Edge browser: - Execution of InPrivate full screen diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md index 79fca42087..1798b33e43 100644 --- a/windows/client-management/includes/provision-favorites-shortdesc.md +++ b/windows/client-management/includes/provision-favorites-shortdesc.md @@ -9,11 +9,13 @@ ms.prod: edge ms.topic: include --- -You can customize the Favorites list in the Microsoft Edge browser. Whatever you customize becomes the standard list. +You can customize the Favorites list in the Microsoft Edge browser. Customization of the favorites list includes: -> [!NOTE] -> The standard list of favorites can include folders. +- Creating a standard list + - This standard list includes: + - Folders (which you can add) + - the list of favorites that you manually add, after creating the standard list -The favorites that you add also become part of this standard list. +This customized favorite is the final version. -Once your customized Favorites list appears in the Microsoft Edge browser, you can't customize it again, such as adding folders for organizing, and adding or removing any of the favorites configured. +You can't add folders again for organizing, and adding or removing any of the favorites configured. From 575edbd89e4b3a7cf37d0af054d6d092720fb3bb Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 13:31:50 +0530 Subject: [PATCH 21/85] resolved Acrolinx check failure --- .../client-management/includes/provision-favorites-shortdesc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/includes/provision-favorites-shortdesc.md b/windows/client-management/includes/provision-favorites-shortdesc.md index 1798b33e43..2ddbc5c6d7 100644 --- a/windows/client-management/includes/provision-favorites-shortdesc.md +++ b/windows/client-management/includes/provision-favorites-shortdesc.md @@ -18,4 +18,4 @@ You can customize the Favorites list in the Microsoft Edge browser. Customizatio This customized favorite is the final version. -You can't add folders again for organizing, and adding or removing any of the favorites configured. + From fc90ef4fd07c6d68f517cfeeab0195b7bf8366f8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 13:43:50 +0530 Subject: [PATCH 22/85] resolved Acrolinx check failure --- .../mdm/push-notification-windows-mdm.md | 26 +++++++++---------- .../mdm/tenantlockdown-csp.md | 4 +-- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md index 0b8ad9e938..43c7d7baf5 100644 --- a/windows/client-management/mdm/push-notification-windows-mdm.md +++ b/windows/client-management/mdm/push-notification-windows-mdm.md @@ -28,27 +28,27 @@ Because a device may not always be connected to the internet, WNS supports cachi The following restrictions are related to push notifications and WNS: -- Push for device management uses raw push notifications. This restriction means that these raw push notifications do not support or utilize push notification payloads. -- Receipt of push notifications are sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated. -- A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It is strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server will not attempt to use a ChannelURI that has expired. -- Push is not a replacement for having a polling schedule. +- Push for device management uses raw push notifications. This restriction means that these raw push notifications don't support or utilize push notification payloads. +- Receipt of push notifications is sensitive to the Battery Saver and Data Sense settings on the device. For example, if the battery drops below certain thresholds, the persistent connection of the device with WNS will be terminated. Additionally, if the user is utilizing Data Sense and has exceeded their monthly allotment of data, the persistent connection of the device with WNS will also be terminated. +- A ChannelURI provided to the management server by the device is only valid for 30 days. The device automatically renews the ChannelURI after 15 days and triggers a management session on successful renewal of the ChannelURI. It's strongly recommended that, during every management session, the management server queries the ChannelURI value to ensure that it has received the latest value. This will ensure that the management server won't attempt to use a ChannelURI that has expired. +- Push isn't a replacement for having a polling schedule. - WNS reserves the right to block push notifications to your PFN if improper use of notifications is detected. Any devices being managed using this PFN will cease to have push initiated device management support. - On Windows 10, version 1511 as well as Windows 8 and 8.1, MDM Push may fail to renew the WNS Push channel automatically causing it to expire. It can also potentially hang when setting the PFN for the channel. - To workaround this issue, when a 410 is returned by the WNS server when attempting to send a Push notification to the device the PFN should be set during the next sync session. To prevent the push channel from expiring on older builds, servers can reset the PFN before the channel expires (~30 days). If they’re already running Windows 10, there should be an update available that they can install that should fix the issue. + To work around this issue, when a 410 is returned by the WNS server when attempting to send a Push notification to the device the PFN should be set during the next sync session. To prevent the push channel from expiring on older builds, servers can reset the PFN before the channel expires (~30 days). If they’re already running Windows 10, there should be an update available that they can install that should fix the issue. - On Windows 10, version 1511, we use the following retry logic for the DMClient: - - If ExpiryTime is greater than 15 days a schedule is set for when 15 days are left. - - If ExpiryTime is between now and 15 days a schedule set for 4 +/- 1 hours from now. - - If ExpiryTime has passed a schedule is set for 1 day +/- 4 hours from now. + - If ExpiryTime is greater than 15 days, a schedule is set for when 15 days are left. + - If ExpiryTime is between now and 15 days, a schedule set for 4 +/- 1 hours from now. + - If ExpiryTime has passed, a schedule is set for 1 day +/- 4 hours from now. -- On Windows 10, version 1607, we check for network connectivity before retrying. We do not check for internet connectivity. If network connectivity is not available we will skip the retry and set schedule for 4+/-1 hours to try again. +- On Windows 10, version 1607, we check for network connectivity before retrying. We don't check for internet connectivity. If network connectivity isn't available, we'll skip the retry and set schedule for 4+/-1 hours to try again. ## Get WNS credentials and PFN for MDM push notification -To get a PFN and WNS credentials, you must create an Microsoft Store app. +To get a PFN and WNS credentials, you must create a Microsoft Store app. 1. Go to the Windows [Dashboard](https://dev.windows.com/en-US/dashboard) and sign in with your developer account. @@ -68,8 +68,8 @@ To get a PFN and WNS credentials, you must create an Microsoft Store app. 6. Click **Live Services site**. A new window opens for the **Application Registration Portal** page. ![mdm push notification6.](images/push-notification6.png) -7. In the **Application Registration Portal** page, you will see the properties for the app that you created, such as: - - Application Id +7. In the **Application Registration Portal** page, you'll see the properties for the app that you created, such as: + - Application ID - Application Secrets - Microsoft Store Package SID, Application Identity, and Publisher. @@ -80,6 +80,6 @@ To get a PFN and WNS credentials, you must create an Microsoft Store app. 11. From the left nav, expand **App management** and then click **App identity**. ![mdm push notification10.](images/push-notification10.png) -12. In the **App identity** page, you will see the **Package Family Name (PFN)** of your app. +12. In the **App identity** page, you'll see the **Package Family Name (PFN)** of your app.   diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md index af816d6d88..6f4815ab07 100644 --- a/windows/client-management/mdm/tenantlockdown-csp.md +++ b/windows/client-management/mdm/tenantlockdown-csp.md @@ -33,11 +33,11 @@ The root node. **RequireNetworkInOOBE** Specifies whether to require a network connection during the out-of-box experience (OOBE) at first sign in. -When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There is no "skip for now" option. +When RequireNetworkInOOBE is true, when the device goes through OOBE at first sign in or after a reset, the user is required to choose a network before proceeding. There's no "skip for now" option. Value type is bool. Supported operations are Get and Replace. - True - Require network in OOBE - False - No network connection requirement in OOBE -Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they are required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There is no option to skip the network connection and create a local account. +Example scenario: Henry is the IT admin at Contoso. He deploys 1000 devices successfully with RequireNetworkInOOBE set to true. When users accidentally or intentionally reset their device, they're required to connect to a network before they can proceed. Upon successful connection, users see the Contoso branded sign-in experience where they must use their Azure AD credentials. There's no option to skip the network connection and create a local account. From abb34bdde2d96d78f0139bf87dc8de6a25a551b8 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 15:43:21 +0530 Subject: [PATCH 23/85] enhanced Acrolinx score --- ...ix-database-management-strategies-and-deployment.md | 6 +++--- windows/deployment/planning/sua-users-guide.md | 2 +- windows/deployment/planning/using-the-sua-wizard.md | 10 +++++----- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 29b77be77b..1d9fa5aab2 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -74,7 +74,7 @@ If the following considerations apply to your organization, you should avoid thi - **Will you be able to track which applications are installed on which computer?** - You might determine that your initial set of compatibility fixes is not comprehensive, and that you must deploy an updated version of the compatibility-fix database to resolve the other issues. If you deployed the initial set by using the application-installation package, you will be required to locate each client computer that is running the application and replace the compatibility fix. + You might determine that your initial set of compatibility fixes isn't comprehensive, and that you must deploy an updated version of the compatibility-fix database to resolve the other issues. If you deployed the initial set by using the application-installation package, you'll be required to locate each client computer that is running the application and replace the compatibility fix. ### Deploying Fixes Through a Centralized Compatibility-Fix Database @@ -88,7 +88,7 @@ This approach tends to work best for organizations that have a well-developed de - Do you have centralized resources that can manage and update the centralized compatibility-fix database? - Ensure that you have identified the appropriate owners for the deployment process, for the applications, and for the database updates, in addition to determining the process by which compatibility issues can be deployed to specific computers. + Ensure that you've identified the appropriate owners for the deployment process, for the applications, and for the database updates, in addition to determining the process by which compatibility issues can be deployed to specific computers. ### Merging Centralized Compatibility-Fix Databases @@ -98,7 +98,7 @@ If you decide to use the centralized compatibility-fix database deployment strat 1. Verify that your application-compatibility testers are performing their tests on computers with the latest version of your compatibility-fix database. For example, Custom DB1. -2. If the tester determines that an application requires an extra compatibility fix that is not a part of the original compatibility-fix database, the tester must create a new custom compatibility database with all of the required information for that single fix, for example, Custom DB2. +2. If the tester determines that an application requires an extra compatibility fix that isn't a part of the original compatibility-fix database, the tester must create a new custom compatibility database with all of the required information for that single fix, for example, Custom DB2. 3. The tester applies the new Custom DB2 information to the application and then tests for both the functionality and integration, to ensure that the compatibility issues are addressed. diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md index e8e6f31b30..3019bfd486 100644 --- a/windows/deployment/planning/sua-users-guide.md +++ b/windows/deployment/planning/sua-users-guide.md @@ -40,7 +40,7 @@ You can use SUA in either of the following ways: |Topic|Description| |--- |--- | -|[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions.| +|[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.| |[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.| diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md index 63fe07dfd7..dbea2d8bec 100644 --- a/windows/deployment/planning/using-the-sua-wizard.md +++ b/windows/deployment/planning/using-the-sua-wizard.md @@ -1,6 +1,6 @@ --- title: Using the SUA wizard (Windows 10) -description: The Standard User Analyzer (SUA) wizard, although it does not offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues. +description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues. ms.assetid: 29d07074-3de7-4ace-9a54-678af7255d6c ms.reviewer: manager: laurawi @@ -27,14 +27,14 @@ ms.topic: article - Windows Server 2012 - Windows Server 2008 R2 -The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard does not offer detailed analysis, and it cannot disable virtualization or elevate your permissions. +The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions. For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.md). ## Testing an Application by Using the SUA wizard -Install Application Verifier before you can use the SUA wizard. If Application Verifier is not installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard. +Install Application Verifier before you can use the SUA wizard. If Application Verifier isn't installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard. The following flowchart shows the process of using the SUA wizard. @@ -50,7 +50,7 @@ The following flowchart shows the process of using the SUA wizard. 4. Click **Launch**. - If you are prompted, elevate your permissions. The SUA wizard may require elevation of permissions to correctly diagnose the application. + If you're prompted, elevate your permissions. The SUA wizard may require elevation of permissions to correctly diagnose the application. If a **Permission denied** dialog box appears, click **OK**. The application starts, despite the warning. @@ -76,7 +76,7 @@ The following flowchart shows the process of using the SUA wizard. The SUA wizard closes the issue as resolved on the local computer. - If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md). + If the remedies don't fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies don't fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md). ## Related articles [SUA User's Guide](sua-users-guide.md) From 2046b4163b5b6b4bd3f7fbf980baf98c7a9c15ed Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 18:14:09 +0530 Subject: [PATCH 24/85] enhanced Acrolinx scores to fix failures --- ...ection-considerations-for-windows-to-go.md | 14 ++-- ...ndows-to-go-frequently-asked-questions.yml | 78 +++++++++---------- ...t-to-microsoft-during-activation-client.md | 14 ++-- .../import-export-vamt-data.md | 4 +- .../manage-activations-vamt.md | 6 +- .../volume-activation/vamt-step-by-step.md | 4 +- .../windows-deployment-scenarios-and-tools.md | 42 +++++----- 7 files changed, 81 insertions(+), 81 deletions(-) diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md index 4bfd9b2dd9..ed4fe7d457 100644 --- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md +++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md @@ -30,37 +30,37 @@ One of the most important requirements to consider when you plan your Windows To ## Backup and restore -As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement. +When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement. If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)). ## BitLocker -We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. +We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller. You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace. **Tip**   -If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-) +If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-) -If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode. +When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode. ## Disk discovery and data leakage -We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive will not appear in Windows Explorer and an Auto-Play prompt will not be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. +We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you. -To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. +To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)). ## Security certifications for Windows To Go -Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider’s specific hardware environment. For more information about Windows security certifications, see the following articles. +Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider’s specific hardware environment. For more information about Windows security certifications, see the following articles. - [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index a912d623b5..ec5e722d45 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -22,7 +22,7 @@ summary: | - Windows 10 > [!IMPORTANT] - > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. + > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs. The following list identifies some commonly asked questions about Windows To Go. @@ -50,7 +50,7 @@ summary: | - [Why isn't my computer booting from USB?](#why-isn-t-my-computer-booting-from-usb-) - - [What happens if I remove my Windows To Go drive while it is running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-is-running-) + - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-is-running-) - [Can I use BitLocker to protect my Windows To Go drive?](#can-i-use-bitlocker-to-protect-my-windows-to-go-drive-) @@ -102,7 +102,7 @@ summary: | - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-) - - [I decided to stop using a drive for Windows To Go and reformatted it – why doesn't it have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) + - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-) @@ -138,7 +138,7 @@ sections: - A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys - You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. + You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process. - question: | Is Windows To Go supported on both USB 2.0 and USB 3.0 drives? @@ -153,7 +153,7 @@ sections: - question: | How do I identify a USB 3.0 port? answer: | - USB 3.0 ports are usually marked blue or carry a SS marking on the side. + USB 3.0 ports are usually marked blue or carry an SS marking on the side. - question: | Does Windows To Go run faster on a USB 3.0 port? @@ -191,7 +191,7 @@ sections: If the host computer is running an earlier version of the Windows operating system need to configure the computer to boot from USB manually. - To do this, early during boot time (usually when you see the manufacturer's logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer's site to be sure if you do not know which key to use to enter firmware setup.) + To do this, early during boot time (usually when you see the manufacturer's logo), enter your firmware/BIOS setup. (This method to enter firmware/BIOS setup differs with different computer manufacturers, but is usually entered by pressing one of the function keys, such as F12, F2, F1, Esc, and so forth. You should check the manufacturer's site to be sure if you don't know which key to use to enter firmware setup.) After you have entered firmware setup, make sure that boot from USB is enabled. Then change the boot order to boot from USB drives first. @@ -213,14 +213,14 @@ sections: 2. Ensure that the Windows To Go drive is connected directly to a USB port on the computer. Many computers don't support booting from a device connected to a USB 3 PCI add-on card or external USB hubs. - 3. If the computer is not booting from a USB 3.0 port, try to boot from a USB 2.0 port. + 3. If the computer isn't booting from a USB 3.0 port, try to boot from a USB 2.0 port. If none of these items enable the computer to boot from USB, contact the hardware manufacturer for additional support. - question: | - What happens if I remove my Windows To Go drive while it is running? + What happens if I remove my Windows To Go drive while it's running? answer: | - If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive is not reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. + If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds. **Warning**   You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive. @@ -230,28 +230,28 @@ sections: - question: | Can I use BitLocker to protect my Windows To Go drive? answer: | - Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you will be prompted to enter this password every time you use the Windows To Go workspace. + Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace. - question: | Why can't I enable BitLocker from Windows To Go Creator? answer: | - Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three sub-folders for fixed, operating system and removable data drive types. + Several different Group Policies control the use of BitLocker on your organizations computers. These policies are located in the **Computer Configuration\\Policies\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** folder of the local Group Policy editor. The folder contains three subfolders for fixed, operating system and removable data drive types. - When you are using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: + When you're using Windows To Go Creator, the Windows To Go drive is considered a removable data drive by BitLocker. Review the following setting to see if these settings apply in your situation: 1. **Control use of BitLocker on removable drives** - If this setting is disabled BitLocker cannot be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. + If this setting is disabled BitLocker can't be used with removable drives, so the Windows To Go Creator wizard will fail if it attempts to enable BitLocker on the Windows To Go drive. 2. **Configure use of smart cards on removable data drives** - If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you have not already signed on using your smart card credentials before starting the Windows To Go Creator wizard. + If this setting is enabled and the option **Require use of smart cards on removable data drives** is also selected the creator wizard might fail if you haven't already signed on using your smart card credentials before starting the Windows To Go Creator wizard. 3. **Configure use of passwords for removable data drives** - If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection is not available, the Windows To Go Creator wizard will fail to enable BitLocker. + If this setting is enabled and the **Require password complexity option** is selected the computer must be able to connect to the domain controller to verify that the password specified meets the password complexity requirements. If the connection isn't available, the Windows To Go Creator wizard will fail to enable BitLocker. - Additionally, the Windows To Go Creator will disable the BitLocker option if the drive does not have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. + Additionally, the Windows To Go Creator will disable the BitLocker option if the drive doesn't have any volumes. In this situation, you should initialize the drive and create a volume using the Disk Management console before provisioning the drive with Windows To Go. - question: | What power states does Windows To Go support? @@ -261,7 +261,7 @@ sections: - question: | Why is hibernation disabled in Windows To Go? answer: | - When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you are confident that you will only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). + When a Windows To Go workspace is hibernated, it will only successfully resume on the exact same hardware. Therefore, if a Windows To Go workspace is hibernated on one computer and roamed to another, the hibernation state (and therefore user state) will be lost. To prevent this from happening, the default settings for a Windows To Go workspace disable hibernation. If you're confident that you'll only attempt to resume on the same computer, you can enable hibernation using the Windows To Go Group Policy setting, **Allow hibernate (S4) when started from a Windows To Go workspace** that is located at **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\** in the Local Group Policy Editor (gpedit.msc). - question: | Does Windows To Go support crash dump analysis? @@ -273,7 +273,7 @@ sections: answer: | Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on. - If you have configured a dual boot computer with a Windows operating system and another operating system it might work occasionally and fail occasionally. Using this configuration is unsupported. + If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported. - question: | I plugged my Windows To Go drive into a running computer and I can't see the partitions on the drive. Why not? @@ -281,14 +281,14 @@ sections: Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter. **Warning**   - It is strongly recommended that you do not plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. + It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised. - question: | I'm booted into Windows To Go, but I can't browse to the internal hard drive of the host computer. Why not? answer: | - Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you are booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. + Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive. **Warning**   It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted. @@ -323,7 +323,7 @@ sections: - question: | Do I need to activate Windows To Go every time I roam? answer: | - No, Windows To Go requires volume activation; either using the [Key Management Service](/previous-versions/tn-archive/ff793434(v=technet.10)) (KMS) server in your organization or using [Active Directory](/previous-versions/windows/hh852637(v=win.10)) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days. + No, Windows To Go requires volume activation; either using the [Key Management Service](/previous-versions/tn-archive/ff793434(v=technet.10)) (KMS) server in your organization or using [Active Directory](/previous-versions/windows/hh852637(v=win.10)) based volume activation. The Windows To Go workspace won't need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine won't need to be activated again until the activation validity interval has passed. In a KMS configuration, the activation validity interval is 180 days. - question: | Can I use all Windows features on Windows To Go? @@ -338,22 +338,22 @@ sections: - question: | Does Windows To Go work slower than standard Windows? answer: | - If you are using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you are booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. + If you're using a USB 3.0 port and a Windows To Go certified device, there should be no perceivable difference between standard Windows and Windows To Go. However, if you're booting from a USB 2.0 port, you may notice some slowdown since USB 2.0 transfer speeds are slower than SATA speeds. - question: | If I lose my Windows To Go drive, will my data be safe? answer: | - Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user will not be able to access your data without your password. If you don't enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. + Yes! If you enable BitLocker on your Windows To Go drive, all your data will be encrypted and protected and a malicious user won't be able to access your data without your password. If you don't enable BitLocker, your data will be vulnerable if you lose your Windows To Go drive. - question: | Can I boot Windows To Go on a Mac? answer: | - We are committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers are not certified for use with Windows 7 or later, using Windows To Go is not supported on a Mac. + We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac. - question: | Are there any APIs that allow applications to identify a Windows To Go workspace? answer: | - Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true it means that the operating system was booted from an external USB device. + Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device. Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment. @@ -367,17 +367,17 @@ sections: - question: | Does Windows Recovery Environment work with Windows To Go? What's the guidance for recovering a Windows To Go drive? answer: | - No, use of Windows Recovery Environment is not supported on Windows To Go. It is recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should re-provision the workspace. + No, use of Windows Recovery Environment isn't supported on Windows To Go. It's recommended that you implement user state virtualization technologies like Folder Redirection to centralize and back up user data in the data center. If any corruption occurs on a Windows To Go drive, you should reprovision the workspace. - question: | Why won't Windows To Go work on a computer running Windows XP or Windows Vista? answer: | - Actually it might. If you have purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you have configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. + Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports. - question: | Why does the operating system on the host computer matter? answer: | - It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer cannot boot from USB there is no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. + It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected. - question: | My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go? @@ -386,17 +386,17 @@ sections: You can reset the BitLocker system measurements to incorporate the new boot order using the following steps: - 1. Log on to the host computer using an account with administrator privileges. + 1. Sign in to the host computer using an account with administrator privileges. 2. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. 3. Click **Suspend Protection** for the operating system drive. - A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. + A message is displayed, informing you that your data won't be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive. 4. Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki. - 5. Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) + 5. Restart the computer again and then sign in to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.) 6. Click **Start**, click **Control Panel**, click **System and Security**, and then click **BitLocker Drive Encryption**. @@ -405,41 +405,41 @@ sections: The host computer will now be able to be booted from a USB drive without triggering recovery mode. > [!NOTE] - > The default BitLocker protection profile in Windows 8 or later does not monitor the boot order. + > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order. - question: | - I decided to stop using a drive for Windows To Go and reformatted it – why doesn't it have a drive letter assigned and how can I fix it? + I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it? answer: | Reformatting the drive erases the data on the drive, but doesn't reconfigure the volume attributes. When a drive is provisioned for use as a Windows To Go drive the NODEFAULTDRIVELETTER attribute is set on the volume. To remove this attribute, use the following steps: 1. Open a command prompt with full administrator permissions. > [!NOTE] - > If your user account is a member of the Administrators group, but is not the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. + > If your user account is a member of the Administrators group, but isn't the Administrator account itself, then, by default, the programs that you run only have standard user permissions unless you explicitly choose to elevate them. 2. Start the [diskpart](/windows-server/administration/windows-commands/diskpart) command interpreter, by typing `diskpart` at the command prompt. - 3. Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available. + 3. Use the `select disk` command to identify the drive. If you don't know the drive number, use the `list` command to display the list of disks available. 4. After selecting the disk, run the `clean` command to remove all data, formatting, and initialization information from the drive. - question: | Why do I keep on getting the message "Installing devices…" when I boot Windows To Go? answer: | - One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers which are not present on the new configuration. In general this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. + One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations. - In certain cases, third party drivers for different hardware models or versions can reuse device ID's, driver file names, registry keys (or any other operating system constructs which do not support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. + In certain cases, third-party drivers for different hardware models or versions can reuse device ID's, driver file names, registry keys (or any other operating system constructs that don't support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver. - This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message "Installing devices…" displaying every time that a Windows to Go drive is roamed between two PCs which require conflicting drivers. + This process will occur on any boot that a new driver is found and a driver conflict is detected. In some cases that will result in a respecialize progress message "Installing devices…" displaying every time that a Windows to Go drive is roamed between two PCs that require conflicting drivers. - question: | How do I upgrade the operating system on my Windows To Go drive? answer: | - There is no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be re-imaged with a new version of Windows in order to transition to the new operating system version. + There's no support in Windows for upgrading a Windows To Go drive. Deployed Windows To Go drives with older versions of Windows will need to be reimaged with a new version of Windows in order to transition to the new operating system version. additionalContent: | diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index e67fd3d3d5..992cec996b 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -33,13 +33,13 @@ ms.topic: article When you activate a computer running Windows 10, the following information is sent to Microsoft: -- The Microsoft product code (a five-digit code that identifies the Windows product you are activating) +- The Microsoft product code (a five-digit code that identifies the Windows product you're activating) - A channel ID or site code that identifies how the Windows product was originally obtained For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer. - The date of installation and whether the installation was successful -- Information that helps confirm that your Windows product key has not been altered +- Information that helps confirm that your Windows product key hasn't been altered - Computer make and model - Version information for the operating system and software - Region and language settings @@ -51,18 +51,18 @@ When you activate a computer running Windows 10, the following information is s This result includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled: - - The activation exploit’s identifier - - The activation exploit’s current state, such as cleaned or quarantined + - The activation exploits’ identifier + - The activation exploits’ current state, such as cleaned or quarantined - Computer manufacturer’s identification - - The activation exploit’s file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit + - The activation exploits’ file name and hash apart from a hash of related software components that may indicate the presence of an activation exploit - The name and a hash of the contents of your computer’s startup instructions file - If your Windows license is on a subscription basis, information about how your subscription works -Standard computer information is also sent, but your computer’s IP address is only retained temporarily. +Standard computer information is also sent, but your computer’s IP address is only kept temporarily. ## Use of information -Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers. +Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft doesn't use the information to contact individual consumers. For more information, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879). ## See also diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 68bf78eeba..d79250faa8 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -23,7 +23,7 @@ You can import data or export data during the following scenarios: - Export data to perform proxy activations. **Warning**   -Editing a .cilx file through an application other than VAMT can corrupt the .cilx file; and this method is not supported. +Editing a .cilx file through an application other than VAMT can corrupt the .cilx file; and this method isn't supported. ## Import VAMT Data @@ -44,7 +44,7 @@ Exporting VAMT data from a non-Internet-connected VAMT host computer is the firs - Export products and product keys - Export products only - Export proxy activation data only. Selecting this option ensures that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is checked. -6. If you have selected products to export, select the **Export selected product rows only** check box. +6. If you've selected products to export, select the **Export selected product rows only** check box. 7. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. ## Related articles diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index 6c96637ddf..78091384e8 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -24,11 +24,11 @@ This section describes how to activate a client computer, by using various activ |Topic |Description | |------|------------| |[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. | -|[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that do not have Internet access. | +|[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that don't have Internet access. | |[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). | |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. | -|[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to online activate an Active Directory forest. | -|[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that is not connected to the Internet. | +|[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to activate an Active Directory forest, online. | +|[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that isn't connected to the Internet. | diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index da420e7365..bf81a8a5ad 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -17,14 +17,14 @@ ms.topic: article # VAMT Step-by-Step Scenarios -This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started. +This section provides instructions on how to implement the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; it describes here some of the most common to get you started. ## In this Section |Topic |Description | |------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | -|[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. | +|[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. | |[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | ## Related articles diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md index 84d317c451..1a62df47e7 100644 --- a/windows/deployment/windows-deployment-scenarios-and-tools.md +++ b/windows/deployment/windows-deployment-scenarios-and-tools.md @@ -18,9 +18,9 @@ ms.collection: highpri # Windows 10 deployment scenarios and tools -To successfully deploy the Windows 10 operating system and applications for your organization, you must know about the available tools to help with the process. In this article, you will learn about the most commonly used tools for Windows 10 deployment. +To successfully deploy the Windows 10 operating system and applications for your organization, you must know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. -Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these tools are not a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) or [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) that you get the complete deployment solution. +Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), Volume Activation Management Tool (VAMT), User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). Keep in mind that these tools aren't a complete solution on their own. It’s when you combine these tools with solutions like [Microsoft Deployment Toolkit (MDT)](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) or [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) that you get the complete deployment solution. In this article, you also learn about different types of reference images that you can build, and why reference images are beneficial for most organizations @@ -61,7 +61,7 @@ For more information on DISM, see [DISM technical reference](/windows-hardware/m USMT is a backup and restore tool that allows you to migrate user state, data, and settings from one installation to another. Microsoft Deployment Toolkit (MDT) and System Center 2012 R2 Configuration Manager use USMT as part of the operating system deployment process. **Note**   -Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you will learn below, using USMT is not difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it is easy to use. With MDT, you do nothing at all and USMT just works. +Occasionally, we find that customers are wary of USMT because they believe it requires significant configuration, but, as you'll learn later, using USMT isn't difficult. If you use MDT and Lite Touch to deploy your machines, the USMT feature is automatically configured and extended so that it's easy to use. With MDT, you do nothing at all and USMT just works. @@ -75,7 +75,7 @@ In addition to these tools, there are also XML templates that manage which data - **Migration templates.** The default templates in USMT. - **Custom templates.** Custom templates that you create. -- **Config template.** An optional template, called Config.xml, which you can use to exclude or include components in a migration without modifying the other standard XML templates. +- **Config template.** An optional template called Config.xml which you can use to exclude or include components in a migration without modifying the other standard XML templates. ![figure 3.](images/mdt-11-fig06.png) @@ -86,7 +86,7 @@ USMT supports capturing data and settings from Windows Vista and later, and rest By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings: - Folders from each profile, including those folders from user profiles, and shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated. -- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv,dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. +- Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*. > [!NOTE] > The OpenDocument extensions (\*.odt, \*.odp, \*.ods, etc.) that Microsoft Office applications can use are not migrated by default. @@ -98,7 +98,7 @@ These settings are the ones migrated by the default MigUser.xml and MigApp.xml t ### Windows Imaging and Configuration Designer -Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This tool is useful for setting up new devices, without the need for re-imaging the device with a custom image. +Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to assist with the creation of provisioning packages that can be used to dynamically configure a Windows device (PCs, tablets, and phones). This tool is useful for setting up new devices, without the need for reimaging the device with a custom image. ![figure 4.](images/windows-icd.png) @@ -118,7 +118,7 @@ For more information, see [Windows System Image Manager Technical Reference]( ht ### Volume Activation Management Tool (VAMT) -If you don’t use KMS, you can still manage your MAKs centrally with the Volume Activation Management Tool (VAMT). With this tool, you can install and manage product keys throughout the organization. VAMT also can activate on behalf of clients without Internet access, acting as a MAK proxy. +If you don’t use KMS, manage your MAKs centrally with the Volume Activation Management Tool (VAMT). Use this tool to install and manage product keys throughout the organization. VAMT can also activate on behalf of clients without Internet access, acting as a MAK proxy. ![figure 6.](images/mdt-11-fig08.png) @@ -142,12 +142,12 @@ The key thing to know about Windows PE is that, like the operating system, it ne A machine booted with the Windows ADK default Windows PE boot image. -For more details on Windows PE, see [Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro). +For more information on Windows PE, see [Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro). ## Windows Recovery Environment -Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you will see an automatic failover into Windows RE. +Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you'll see an automatic failover into Windows RE. ![figure 8.](images/mdt-11-fig10.png) @@ -158,17 +158,17 @@ For more information on Windows RE, see [Windows Recovery Environment](/windows- ## Windows Deployment Services -Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you will use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker. +Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you'll use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker. ![figure 9.](images/mdt-11-fig11.png) Windows Deployment Services using multicast to deploy three machines. -In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11)) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management. +In Windows Server 2012 R2, [Windows Deployment Services](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831764(v=ws.11)) can be configured for stand-alone mode or for Active Directory integration. The Active Directory integration mode is the best option, in most scenarios. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you'll use them instead. In WDS, it's possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management. ### Trivial File Transfer Protocol (TFTP) configuration -In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so — editing the registry — was not user friendly. In Windows Server 2012, this modification in settings has become much easier to do as it can be configured as a setting. +In some cases, you need to modify TFTP Maximum Block Size settings for performance tuning reasons, especially when PXE traffic travels through routers and such. In the previous version of WDS, it was possible to change that, but the method of do so—editing the registry—wasn't user friendly. In Windows Server 2012, this modification in settings has become much easier to do as it can be configured as a setting. Also, there are a few new features related to TFTP performance: @@ -248,14 +248,14 @@ For more information on WSUS, see the [Windows Server Update Services Overview]( ## Unified Extensible Firmware Interface -For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it is time to replace it with something better. **UEFI** is the replacement for BIOS, so it is important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment. +For many years BIOS has been the industry standard for booting a PC. BIOS has served us well, but it's time to replace it with something better. **UEFI** is the replacement for BIOS, so it's important to understand the differences between BIOS and UEFI. In this section, you learn the major differences between the two and how they affect operating system deployment. ### Introduction to UEFI BIOS has been in use for approximately 30 years. Even though it clearly has proven to work, it has some limitations, including: - 16-bit code -- 1 MB address space +- 1-MB address space - Poor performance on ROM initialization - MBR maximum bootable disk size of 2.2 TB @@ -264,13 +264,13 @@ As the replacement to BIOS, UEFI has many features that Windows can and will use With UEFI, you can benefit from: - **Support for large disks.** UEFI requires a GUID Partition Table (GPT) based disk, which means a limitation of roughly 16.8 million TB in disk size and more than 100 primary disks. -- **Faster boot time.** UEFI does not use INT 13, and that improves boot time, especially when it comes to resuming from hibernate. +- **Faster boot time.** UEFI doesn't use INT 13, and that improves boot time, especially when it comes to resuming from hibernate. - **Multicast deployment.** UEFI firmware can use multicast directly when it boots up. In WDS, MDT, and Configuration Manager scenarios, you need to first boot up a normal Windows PE in unicast and then switch into multicast. With UEFI, you can run multicast from the start. - **Compatibility with earlier BIOS.** Most of the UEFI implementations include a compatibility support module (CSM) that emulates BIOS. - **CPU-independent architecture.** Even if BIOS can run both 32-bit and 64-bit versions of firmware, all firmware device drivers on BIOS systems must also be 16-bit, and this affects performance. One of the reasons is the limitation in addressable memory, which is only 64 KB with BIOS. -- **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That is not needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment. +- **CPU-independent drivers.** On BIOS systems, PCI add-on cards must include a ROM that contains a separate driver for all supported CPU architectures. That isn't needed for UEFI because UEFI has the ability to use EFI Byte Code (EBC) images, which allow for a processor-independent device driver environment. - **Flexible pre-operating system environment.** UEFI can perform many functions for you. You just need an UEFI application, and you can perform diagnostics and automatic repairs, and call home to report errors. -- **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware cannot switch the boot loader. +- **Secure boot.** Windows 8 and later can use the UEFI firmware validation process, called secure boot, which is defined in UEFI 2.3.1. Using this process, you can ensure that UEFI launches only a verified operating system loader and that malware can't switch the boot loader. ### Versions @@ -283,22 +283,22 @@ In regard to UEFI, hardware is divided into four device classes: - **Class 0 devices.** The device of this class is the UEFI definition for a BIOS, or non-UEFI, device. - **Class 1 devices.** The devices of this class behave like a standard BIOS machine, but they run EFI internally. They should be treated as normal BIOS-based machines. Class 1 devices use a CSM to emulate BIOS. These older devices are no longer manufactured. - **Class 2 devices.** The devices of this class have the capability to behave as a BIOS- or a UEFI-based machine, and the boot process or the configuration in the firmware/BIOS determines the mode. Class 2 devices use a CSM to emulate BIOS. These are the most common type of devices currently available. -- **Class 3 devices.** The devices of this class are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 is not supported on these class 3 devices. Class 3 devices do not have a CSM to emulate BIOS. +- **Class 3 devices.** The devices of this class are UEFI-only devices, which means you must run an operating system that supports only UEFI. Those operating systems include Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2. Windows 7 isn't supported on these class 3 devices. Class 3 devices don't have a CSM to emulate BIOS. ### Windows support for UEFI Microsoft started with support for EFI 1.10 on servers and then added support for UEFI on both clients and servers. -With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI does not support cross-platform boot. This limitation means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. +With UEFI 2.3.1, there are both x86 and x64 versions of UEFI. Windows 10 supports both. However, UEFI doesn't support cross-platform boot. This limitation means that a computer that has UEFI x64 can run only a 64-bit operating system, and a computer that has UEFI x86 can run only a 32-bit operating system. ### How UEFI is changing operating system deployment There are many things that affect operating system deployment as soon as you run on UEFI/EFI-based hardware. Here are considerations to keep in mind when working with UEFI devices: - Switching from BIOS to UEFI in the hardware is easy, but you also need to reinstall the operating system because you need to switch from MBR/NTFS to GPT/FAT32 and NTFS. -- When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It is common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa. +- When you deploy to a Class 2 device, make sure the boot option you select matches the setting you want to have. It's common for old machines to have several boot options for BIOS but only a few for UEFI, or vice versa. - When deploying from media, remember the media has to be FAT32 for UEFI, and FAT32 has a file-size limitation of 4 GB. -- UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit). +- UEFI doesn't support cross-platform booting; therefore, you need to have the correct boot media (32-bit or 64-bit). For more information on UEFI, see the [UEFI firmware](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824898(v=win.10)) overview and related resources. From 4efc42cb405a5e0066ae18ba84526a13a6e3922c Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 18:28:08 +0530 Subject: [PATCH 25/85] Update windows-to-go-frequently-asked-questions.yml --- .../planning/windows-to-go-frequently-asked-questions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index ec5e722d45..62e665f800 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -50,7 +50,7 @@ summary: | - [Why isn't my computer booting from USB?](#why-isn-t-my-computer-booting-from-usb-) - - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-is-running-) + - [What happens if I remove my Windows To Go drive while it's running?](#what-happens-if-i-remove-my-windows-to-go-drive-while-it-s-running-) - [Can I use BitLocker to protect my Windows To Go drive?](#can-i-use-bitlocker-to-protect-my-windows-to-go-drive-) From e9aa58a0b9f6b4e0d9175def096307fdd15db577 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 18:33:58 +0530 Subject: [PATCH 26/85] Update windows-to-go-frequently-asked-questions.yml --- .../planning/windows-to-go-frequently-asked-questions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index 62e665f800..9721c8da6e 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -102,7 +102,7 @@ summary: | - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-) - - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) + - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it--why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-) From 38e920b3ecb1b7d63ab86072146edcbcda0ee5f1 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Thu, 27 Jan 2022 18:41:36 +0530 Subject: [PATCH 27/85] Update windows-to-go-frequently-asked-questions.yml --- .../planning/windows-to-go-frequently-asked-questions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index 9721c8da6e..62e665f800 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -102,7 +102,7 @@ summary: | - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-) - - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it--why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) + - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-) From dbd766686e0cda7b71345fbf2612a687bd3251c2 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 28 Jan 2022 09:53:21 +0530 Subject: [PATCH 28/85] Update windows-to-go-frequently-asked-questions.yml --- .../planning/windows-to-go-frequently-asked-questions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml index 62e665f800..4de6a56139 100644 --- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml +++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml @@ -102,7 +102,7 @@ summary: | - [My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?](#my-host-computer-running-windows-7-is-protected-by-bitlocker-drive-encryption--why-did-i-need-to-use-the-recovery-key-to-unlock-and-reboot-my-host-computer-after-using-windows-to-go-) - - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-doesn-t-it-have-a-drive-letter-assigned-and-how-can-i-fix-it-) + - [I decided to stop using a drive for Windows To Go and reformatted it – why it doesn't have a drive letter assigned and how can I fix it?](#i-decided-to-stop-using-a-drive-for-windows-to-go-and-reformatted-it---why-it-doesn-t-have-a-drive-letter-assigned-and-how-can-i-fix-it-) - [Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?](#why-do-i-keep-on-getting-the-message--installing-devices---when-i-boot-windows-to-go-) From f4750619b3bce921f8654014f64ba92d6991d825 Mon Sep 17 00:00:00 2001 From: Siddarth Mandalika Date: Fri, 28 Jan 2022 18:46:20 +0530 Subject: [PATCH 29/85] Acrolinx enhancement --- education/windows/autopilot-reset.md | 23 +-- education/windows/change-history-edu.md | 6 +- education/windows/change-to-pro-education.md | 26 ++-- .../windows/chromebook-migration-guide.md | 126 ++++++++--------- .../configure-windows-for-education.md | 22 +-- .../deploy-windows-10-in-a-school-district.md | 132 +++++++++--------- .../windows/deploy-windows-10-in-a-school.md | 110 +++++++-------- ...se-management-strategies-and-deployment.md | 2 +- 8 files changed, 226 insertions(+), 221 deletions(-) diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md index c0ac95e03e..41d85135d0 100644 --- a/education/windows/autopilot-reset.md +++ b/education/windows/autopilot-reset.md @@ -19,7 +19,12 @@ manager: dansimp - Windows 10, version 1709 -IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen any time and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state. +IT admins or technical teachers can use Autopilot Reset to: + - Quickly remove personal files, apps, and settings, + - Reset Windows 10 devices from the lock screen anytime, and + - Apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. + +With Autopilot Reset, devices are returned to a fully configured or known IT-approved state. To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), you must: @@ -30,7 +35,7 @@ To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), yo To use Autopilot Reset, [Windows Recovery Environment (WinRE) must be enabled on the device](#winre). -**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It is a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This ensures that Autopilot Reset isn't triggered by accident. +**DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This ensures that Autopilot Reset isn't triggered by accident. You can set the policy using one of these methods: @@ -49,11 +54,11 @@ You can set the policy using one of these methods: - Set up School PCs app - Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you are running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways: + Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Ensure you're running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways: - Reach out to your device manufacturer. - - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If you are using another MDM provider, check the documentation for the MDM provider to confirm the OS version. + - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If you're using another MDM provider, check the documentation for the MDM provider to confirm the OS version. - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709. @@ -72,9 +77,9 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo ![Enter CTRL+Windows key+R on the Windows lockscreen.](images/autopilot-reset-lockscreen.png) - This will open up a custom login screen for Autopilot Reset. The screen serves two purposes: + This will open up a custom sign-in screen for Autopilot Reset. The screen serves two purposes: - 1. Confirm/verify that the end user has the right to trigger Autopilot Reset + 1. Confirm/verify that the end user has the right to trigger Autopilot Reset. 2. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process. @@ -93,7 +98,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo - Connects to Wi-Fi. - - If you provided a provisioning package when Autopilot Reset is triggered, the system will apply this new provisioning package. Otherwise, the system will re-apply the original provisioning package on the device. + - If you provided a provisioning package when Autopilot Reset is triggered, the system will apply this new provisioning package. Otherwise, the system will reapply the original provisioning package on the device. - Is returned to a known good managed state, connected to Azure AD and MDM. @@ -105,7 +110,7 @@ Autopilot Reset is a two-step process: trigger it and then authenticate. Once yo ## Troubleshoot Autopilot Reset -Autopilot Reset will fail when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) is not enabled on the device. You will see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`. +Autopilot Reset will fail when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) isn't enabled on the device. You'll see `Error code: ERROR_NOT_SUPPORTED (0x80070032)`. To make sure WinRE is enabled, use the [REAgentC.exe tool](/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command: @@ -113,7 +118,7 @@ To make sure WinRE is enabled, use the [REAgentC.exe tool](/windows-hardware/man reagentc /enable ``` -If Autopilot Reset fails after enabling WinRE, or if you are unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance. +If Autopilot Reset fails after enabling WinRE, or if you're unable to enable WinRE, please contact [Microsoft Support](https://support.microsoft.com) for assistance. ## Related topics diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md index aafc6c622f..e977b03d61 100644 --- a/education/windows/change-history-edu.md +++ b/education/windows/change-history-edu.md @@ -85,14 +85,14 @@ New or changed topic | Description | New or changed topic | Description | | --- | ---- | -| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt-in to a free switch to Windows 10 Pro Education. | +| [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) | New. If you have an education tenant and use devices Windows 10 Pro or Windows 10 S in your schools, find out how you can opt in to a free switch to Windows 10 Pro Education. | | [Use the Set up School PCs app](use-set-up-school-pcs-app.md) | Updated. Now includes network tips and updated step-by-step instructions that show the latest updates to the app such as Wi-Fi setup. | ## RELEASE: Windows 10, version 1703 (Creators Update) | New or changed topic | Description| | --- | --- | -| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. | +| [Get started: Deploy and manage a full cloud IT solution with Microsoft Education](/microsoft-365/education/deploy/) | New. Learn how you can quickly and easily use the new Microsoft Education system to implement a full IT cloud solution for your school. | | [Microsoft Education documentation and resources](/education) | New. Find links to more content for IT admins, teachers, students, and education app developers. | | [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) | New. Provides guidance on ways to configure the OS diagnostic data, consumer experiences, Cortana, search, as well as some of the preinstalled apps, so that Windows is ready for your school. | | [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | Updated the screenshots and related instructions to reflect the current UI and experience. | @@ -111,7 +111,7 @@ New or changed topic | Description | New or changed topic | Description | | --- | --- | -| [Upgrade Windows 10 Pro to Pro Education from Microsoft Store for Business] | New. Learn how to opt-in to a free upgrade to Windows 10 Pro Education. As of May 2017, this topic has been replaced with [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md). | +| [Upgrade Windows 10 Pro to Pro Education from Microsoft Store for Business] | New. Learn how to opt in to a free upgrade to Windows 10 Pro Education. As of May 2017, this topic has been replaced with [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md). | ## November 2016 diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md index ea30225b3e..a936025d6f 100644 --- a/education/windows/change-to-pro-education.md +++ b/education/windows/change-to-pro-education.md @@ -17,7 +17,7 @@ manager: dansimp # Change to Windows 10 Pro Education from Windows 10 Pro Windows 10 Pro Education is a new offering in Windows 10, version 1607. This edition builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools by providing education-specific default settings. -If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt-in to a free change to Windows 10 Pro Education depending on your scenario. +If you have an education tenant and use devices with Windows 10 Pro, global administrators can opt in to a free change to Windows 10 Pro Education depending on your scenario. - [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](./s-mode-switch-to-edu.md) To take advantage of this offering, make sure you meet the [requirements for changing](#requirements-for-changing). For academic customers who are eligible to change to Windows 10 Pro Education, but are unable to use the above methods, contact Microsoft Support for assistance. @@ -43,7 +43,7 @@ For more info about Windows 10 default settings and recommendations for educatio ## Change from Windows 10 Pro to Windows 10 Pro Education -For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt-in to a free change through the Microsoft Store for Education. +For schools that want to standardize all their Windows 10 Pro devices to Windows 10 Pro Education, a global admin for the school can opt in to a free change through the Microsoft Store for Education. In this scenario: @@ -73,7 +73,7 @@ See [change using Microsoft Store for Education](#change-using-microsoft-store-f ### Change using Windows Configuration Designer You can use Windows Configuration Designer to create a provisioning package that you can use to change the Windows edition for your device(s). [Install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22) to create a provisioning package. -1. In Windows Configuration Designer, select **Provision desktop devices** to open the simple editor and create a provisioning package for Windows desktop editions. +1. In Windows Configuration Designer, select **Provision desktop devices** to open the editor and create a provisioning package for Windows desktop editions. 2. In the **Set up device** page, enter the MAK license key in the **Enter product key** field to change to Windows 10 Pro Education. **Figure 2** - Enter the license key @@ -98,8 +98,8 @@ Academic institutions can easily move from Windows 10 Pro to Windows 10 Pro Educ When you change to Windows 10 Pro Education, you get the following benefits: -- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit does not include Long Term Service Branch (LTSB). -- **Support from one to hundreds of users**. The Windows 10 Pro Education program does not have a limitation on the number of licenses an organization can have. +- **Windows 10 Pro Education edition**. Devices currently running Windows 10 Pro, version 1607 or higher, or Windows 10 S mode, version 1703, can get Windows 10 Pro Education Current Branch (CB). This benefit doesn't include Long Term Service Branch (LTSB). +- **Support from one to hundreds of users**. The Windows 10 Pro Education program doesn't have a limitation on the number of licenses an organization can have. - **Roll back options to Windows 10 Pro** - When a user leaves the domain or you turn off the setting to automatically change to Windows 10 Pro Education, the device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 30 days). - For devices that originally had Windows 10 Pro edition installed, when a license expires or is transferred to another user, the Windows 10 Pro Education device seamlessly steps back down to Windows 10 Pro. @@ -108,7 +108,7 @@ When you change to Windows 10 Pro Education, you get the following benefits: ### Change using Microsoft Store for Education -Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you cannot select which users will receive the change. The change will only apply to Windows 10 Pro devices. +Once you enable the setting to change to Windows 10 Pro Education, the change will begin only after a user signs in to their device. The setting applies to the entire organization or tenant, so you can't select which users will receive the change. The change will only apply to Windows 10 Pro devices. **To turn on the automatic change to Windows 10 Pro Education** @@ -134,7 +134,7 @@ Once you enable the setting to change to Windows 10 Pro Education, the change wi 8. Click **Change now** in the **changing your device to Windows 10 Pro Education for free** page in the Microsoft Store. - You will see a window that confirms you've successfully changed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device. + You'll see a window that confirms you've successfully changed all the devices in your organization to Windows 10 Pro Education, and each Azure AD joined device running Windows 10 Pro will automatically change the next time someone in your organization signs in to the device. 9. Click **Close** in the **Success** window. @@ -148,7 +148,7 @@ So what will users experience? How will they change their devices? ### For existing Azure AD joined devices Existing Azure AD domain joined devices will be changed to Windows 10 Pro Education the next time the user logs in. That's it! No additional steps are needed. -### For new devices that are not Azure AD joined +### For new devices that aren't Azure AD joined Now that you've turned on the setting to automatically change to Windows 10 Pro Education, the users are ready to change their devices running Windows 10 Pro, version 1607 or higher, version 1703 to Windows 10 Pro Education edition. #### Step 1: Join users’ devices to Azure AD @@ -224,7 +224,7 @@ If there are any problems with the Windows 10 Pro Education license or the acti In some instances, users may experience problems with the Windows 10 Pro Education change. The most common problems that users may experience are as follows: -- The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) is not activated. +- The existing operating system (Windows 10 Pro, version 1607 or higher, or version 1703) isn't activated. - The Windows 10 Pro Education change has lapsed or has been removed. Use the following figures to help you troubleshoot when users experience these common problems: @@ -234,7 +234,7 @@ Use the following figures to help you troubleshoot when users experience these c Windows 10 activated and subscription active

-**Figure 11** - Illustrates a device on which the existing operating system is not activated, but the Windows 10 Pro Education change is active. +**Figure 11** - Illustrates a device on which the existing operating system isn't activated, but the Windows 10 Pro Education change is active. Windows 10 not activated and subscription active

@@ -245,7 +245,7 @@ Devices must be running Windows 10 Pro, version 1607 or higher, or domain joined **To determine if a device is Azure AD joined** -1. Open a command prompt and type the following: +1. Open a command prompt and type the following command: ``` dsregcmd /status @@ -280,7 +280,7 @@ Once the automatic change to Windows 10 Pro Education is turned off, the change **To roll back Windows 10 Pro Education to Windows 10 Pro** -1. Log in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change. +1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com/) with your school or work account, or follow the link from the notification email to turn off the automatic change. 2. Select **Manage > Benefits** and locate the section **Windows 10 Pro Education** and follow the link. 3. In the **Revert to Windows 10 Pro** page, click **Revert to Windows 10 Pro**. @@ -288,7 +288,7 @@ Once the automatic change to Windows 10 Pro Education is turned off, the change ![Revert to Windows 10 Pro.](images/msfe_manage_reverttowin10pro.png) -4. You will be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**. +4. You'll be asked if you're sure that you want to turn off automatic changes to Windows 10 Pro Education. Click **Yes**. 5. Click **Close** in the **Success** page. All global admins get a confirmation email that a request was made to roll back your organization to Windows 10 Pro. If you, or another global admin, decide later that you want to turn on automatic changes again, you can do this by selecting **change to Windows 10 Pro Education for free** from the **Manage > Benefits** in the Microsoft Store for Education. diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md index 66569c4674..65b576133c 100644 --- a/education/windows/chromebook-migration-guide.md +++ b/education/windows/chromebook-migration-guide.md @@ -1,6 +1,6 @@ --- title: Chromebook migration guide (Windows 10) -description: In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. +description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA ms.reviewer: manager: dansimp @@ -22,23 +22,23 @@ ms.date: 10/13/2017 - Windows 10 -In this guide you will learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You will learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You will then learn the best method to perform the migration by using automated deployment and migration tools. +In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools. ## Plan Chromebook migration Before you begin to migrate Chromebook devices, plan your migration. As with most projects, there can be an urge to immediately start doing before planning. When you plan your Chromebook migration before you perform the migration, you can save countless hours of frustration and mistakes during the migration process. -In the planning portion of this guide, you will identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you will have a list of information you need to collect and what you need to do with the information. You will be ready to perform your Chromebook migration. +In the planning portion of this guide, you'll identify all the decisions that you need to make and how to make each decision. At the end of the planning section, you'll have a list of information you need to collect and what you need to do with the information. You'll be ready to perform your Chromebook migration. ## Plan for app migration or replacement -App migration or replacement is an essential part of your Chromebook migration. In this section you will plan how you will migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you will have a list of the active Chrome OS apps and the Windows app counterparts. +App migration or replacement is an essential part of your Chromebook migration. In this section, you'll plan how you'll migrate or replace Chromebook (Chrome OS) apps that are currently in use with the same or equivalent Windows apps. At the end of this section, you'll have a list of the active Chrome OS apps and the Windows app counterparts. **Identify the apps currently in use on Chromebook devices** -Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You will create a list of apps that are currently in use (also called an app portfolio). +Before you can do any analysis or make decisions about which apps to migrate or replace, you need to identify which apps are currently in use on the Chromebook devices. You'll create a list of apps that are currently in use (also called an app portfolio). > [!NOTE] > The majority of Chromebook apps are web apps. For these apps you need to first perform Microsoft Edge compatibility testing and then publish the web app URL to the Windows users. For more information, see the [Perform app compatibility testing for web apps](#perform-testing-webapps) section. @@ -63,7 +63,7 @@ Record the following information about each app in your app portfolio: - App priority (how necessary is the app to the day-to-day process of the institution or a classroom? Rank as high, medium, or low) -Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you have determined what you will do with the higher priority apps. +Throughout the entire app migration or replacement process, focus on the higher priority apps. Focus on lower priority apps only after you've determined what you will do with the higher priority apps. ### @@ -85,13 +85,13 @@ Table 1. Google App replacements -It may be that you will decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide. +It may be that you'll decide to replace Google Apps after you deploy Windows devices. For more information on making this decision, see the [Select cloud services migration strategy](#select-cs-migrationstrat) section of this guide. **Find the same or similar apps in the Microsoft Store** In many instances, software vendors will create a version of their app for multiple platforms. You can search the Microsoft Store to find the same or similar apps to any apps not identified in the [Select Google Apps replacements](#select-googleapps) section. -In other instances, the offline app does not have a version written for the Microsoft Store or is not a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher does not have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS. +In other instances, the offline app doesn't have a version written for the Microsoft Store or isn't a web app. In these cases, look for an app that provides similar functions. For example, you might have a graphing calculator offline Android app published on the Chrome OS, but the software publisher doesn't have a version for Windows devices. Search the Microsoft Store for a graphing calculator app that provides similar features and functionality. Use that Microsoft Store app as a replacement for the graphing calculator offline Android app published on the Chrome OS. Record the Windows app that replaces the Chromebook app in your app portfolio. @@ -99,20 +99,20 @@ Record the Windows app that replaces the Chromebook app in your app portfolio. **Perform app compatibility testing for web apps** -The majority of Chromebook apps are web apps. Because you cannot run native offline Chromebook apps on a Windows device, there is no reason to perform app compatibility testing for offline Chromebook apps. However, you may have a number of web apps that will run on both platforms. +The majority of Chromebook apps are web apps. Because you can't run native offline Chromebook apps on a Windows device, there's no reason to perform app compatibility testing for offline Chromebook apps. However, you may have a number of web apps that will run on both platforms. Ensure that you test these web apps in Microsoft Edge. Record the level of compatibility for each web app in Microsoft Edge in your app portfolio. ## Plan for migration of user and device settings -Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You have also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console. +Some institutions have configured the Chromebook devices to make the devices easier to use by using the Google Chrome Admin Console. You've also probably configured the Chromebook devices to help ensure the user data access and ensure that the devices themselves are secure by using the Google Chrome Admin Console. However, in addition to your centralized configuration in the Google Admin Console, Chromebook users have probably customized their device. In some instances, users may have changed the web content that is displayed when the Chrome browser starts. Or they may have bookmarked websites for future reference. Or users may have installed apps for use in the classroom. -In this section, you will identify the user and device configuration settings for your Chromebook users and devices. Then you will prioritize these settings to focus on the configuration settings that are essential to your educational institution. +In this section, you'll identify the user and device configuration settings for your Chromebook users and devices. Then you'll prioritize these settings to focus on the configuration settings that are essential to your educational institution. -At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, as well as a level of priority for each setting. You may discover at the end of this section that you have few or no higher priority settings to be migrated. If this is the case, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide. +At the end of this section, you should have a list of Chromebook user and device settings that you want to migrate to Windows, as well as a level of priority for each setting. You may discover at the end of this section that you've few or no higher priority settings to be migrated. If this is the case, you can skip the [Perform migration of user and device settings](#migrate-user-device-settings) section of this guide. **Identify Google Admin Console settings to migrate** @@ -122,17 +122,17 @@ You use the Google Admin Console (as shown in Figure 1) to manage user and devic Figure 1. Google Admin Console -Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you will migrate to Windows. +Table 2 lists the settings in the Device Management node in the Google Admin Console. Review the settings and determine which settings you'll migrate to Windows. Table 2. Settings in the Device Management node in the Google Admin Console |Section |Settings | |---------|---------| |Network |

These settings configure the network connections for Chromebook devices and include the following settings categories: