From e68af0b5cc0ef917e4b7b54ac6bbadda20f42a89 Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Thu, 3 Nov 2022 15:55:11 -0700 Subject: [PATCH 01/25] Windows Holographic, 22H2 policies --- ...es-in-policy-csp-supported-by-hololens2.md | 23 ++++++++++--------- .../mdm/policy-csp-mixedreality.md | 17 ++------------ 2 files changed, 14 insertions(+), 26 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index c78db44623..e0e86a2289 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -52,20 +52,20 @@ ms.date: 08/01/2022 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment) - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) 9 -- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) Insider +- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) 12 - [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)10 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) 11 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) 9 - [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update) -- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) Insider -- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) Insider +- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) 12 +- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) 12 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) 9 - [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) 9 - [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) *[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update) - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) 9 -- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) Insider -- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) Insider -- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) Insider +- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) 12 +- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) 12 +- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) 12 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) 10 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) 9 - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) 9 @@ -105,11 +105,11 @@ ms.date: 08/01/2022 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn) - [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) 9 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate) -- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) Insider -- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) Insider -- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) Insider -- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) Insider -- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) Insider +- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) 12 +- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) 12 +- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) 12 +- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) 12 +- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) 12 - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline) - [System/AllowLocation](policy-csp-system.md#system-allowlocation) - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard) @@ -154,6 +154,7 @@ Footnotes: - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2) - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1) - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) +- 12 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider). ## Related topics diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index e308bcc662..f20ac1fca4 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -113,8 +113,7 @@ Steps to use this policy correctly: |HoloLens (first gen) Commercial Suite|No| |HoloLens 2|Yes| -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. + [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -341,9 +340,6 @@ Supported value is Integer. -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters. @@ -394,9 +390,6 @@ value="0"/> -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -609,8 +602,6 @@ The following list shows the supported values: -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. This policy setting specifies whether the Windows NTP Client is enabled. @@ -642,9 +633,6 @@ This policy setting specifies whether the Windows NTP Client is enabled. -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. - [Scope](./policy-configuration-service-provider.md#policy-scope): @@ -678,8 +666,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Skip -> [!NOTE] -> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds. + [Scope](./policy-configuration-service-provider.md#policy-scope): From a91720880fa17e859cfa94e1c71bef871a47b8ad Mon Sep 17 00:00:00 2001 From: Evan Miller Date: Mon, 7 Nov 2022 08:35:39 -0800 Subject: [PATCH 02/25] Update windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md --- .../mdm/policies-in-policy-csp-supported-by-hololens2.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md index e0e86a2289..6db051ede9 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md +++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md @@ -154,7 +154,7 @@ Footnotes: - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2) - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1) - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2) -- 12 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) +- 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2) - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider). ## Related topics From 379ae6ff80827956640b2d527c5f76cac4635fa0 Mon Sep 17 00:00:00 2001 From: Sriraman M S <45987684+msbemba@users.noreply.github.com> Date: Tue, 8 Nov 2022 00:58:58 +0530 Subject: [PATCH 03/25] Update mcc-enterprise.md Corrected the PS cmdlet --- windows/deployment/do/mcc-enterprise.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md index cc068f97a0..2063ed9e6c 100644 --- a/windows/deployment/do/mcc-enterprise.md +++ b/windows/deployment/do/mcc-enterprise.md @@ -241,7 +241,7 @@ Files contained in the mccinstaller.zip file: 1. Enable Nested Virtualization ```powershell - Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true + Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true ``` 2. Enable Mac Spoofing ```powershell From 2c2c3c9ad4169c515fa8dd12b06bd1282e988d06 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 15:31:33 -0500 Subject: [PATCH 04/25] Metadata/style update deployment/vamt --- .../activate-forest-by-proxy-vamt.md | 45 ++--- .../volume-activation/activate-forest-vamt.md | 50 +++--- ...ctive-directory-based-activation-client.md | 26 ++- ...ivate-using-key-management-service-vamt.md | 64 ++++---- .../activate-windows-10-clients-vamt.md | 104 ++++++------ ...ive-directory-based-activation-overview.md | 27 ++- .../add-manage-products-vamt.md | 17 +- .../add-remove-computers-vamt.md | 84 ++++++---- .../add-remove-product-key-vamt.md | 39 +++-- ...t-to-microsoft-during-activation-client.md | 77 +++++---- .../configure-client-computers-vamt.md | 44 +++-- .../import-export-vamt-data.md | 24 ++- .../install-configure-vamt.md | 20 +-- .../install-kms-client-key-vamt.md | 52 +++--- .../install-product-key-vamt.md | 51 +++--- .../volume-activation/install-vamt.md | 16 +- .../volume-activation/introduction-vamt.md | 8 +- .../volume-activation/kms-activation-vamt.md | 50 +++--- .../local-reactivation-vamt.md | 32 ++-- .../manage-activations-vamt.md | 8 +- .../manage-product-keys-vamt.md | 8 +- .../volume-activation/manage-vamt-data.md | 8 +- .../monitor-activation-client.md | 6 +- .../online-activation-vamt.md | 44 ++--- .../plan-for-volume-activation-client.md | 118 ++++++------- .../proxy-activation-vamt.md | 51 +++--- .../volume-activation/remove-products-vamt.md | 30 ++-- .../scenario-kms-activation-vamt.md | 46 +++--- .../scenario-online-activation-vamt.md | 132 ++++++++------- .../scenario-proxy-activation-vamt.md | 155 +++++++++--------- .../update-product-status-vamt.md | 22 +-- ...olume-activation-management-tool-client.md | 56 +++---- .../use-vamt-in-windows-powershell.md | 20 +-- .../volume-activation/vamt-known-issues.md | 8 +- .../volume-activation/vamt-requirements.md | 10 +- .../volume-activation/vamt-step-by-step.md | 14 +- .../volume-activation-management-tool.md | 8 +- .../volume-activation-windows-10.md | 16 +- 38 files changed, 829 insertions(+), 761 deletions(-) diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md index 5b7165a017..cec3e17944 100644 --- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md @@ -2,18 +2,18 @@ title: Activate by Proxy an Active Directory Forest (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Activate by Proxy an Active Directory Forest -You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that does not have Internet access. ADBA enables certain volume products to inherit activation from the domain. +You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that doesn't have Internet access. ADBA enables certain volume products to inherit activation from the domain. > [!IMPORTANT] > ADBA is only applicable to *Generic Volume License Keys (GVLKs)* and *KMS Host key (CSVLK)*. To use ADBA, one or more KMS Host keys (CSVLK) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. @@ -26,28 +26,29 @@ In a typical proxy-activation scenario, the VAMT host computer distributes a pro ## Requirements Before performing proxy activation, ensure that the network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup. + +- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup. - VAMT has administrative permissions to the Active Directory domain. -**To perform an Active Directory forest proxy activation** +### To perform an Active Directory forest proxy activation -1. Open VAMT. -2. In the left-side pane, click the **Active Directory-Based Activation** node. -3. In the right-side **Actions** pane, click **Proxy activate forest** to open the **Install Product Key** dialog box. -4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate. -5. If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. -6. Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then click **Open**. If you are activating an AD forest in an isolated workgroup, save the .cilx file to a removable media device. -7. Click **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. -9. Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -10. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -11. In the **Acquire confirmation IDs for file** dialog box, browse to where the .cilx file you exported from the isolated workgroup host computer is located. Select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs. -12. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Click **OK** to close the message. -13. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup. -14. Open VAMT and then click the **Active Directory-Based Activation** node in the left-side pane. -15. In the right-side **Actions** pane, click **Apply confirmation ID to Active Directory domain**, browse to the .cilx file and then click **Open**. +1. Open VAMT. +2. In the left-side pane, select the **Active Directory-Based Activation** node. +3. In the right-side **Actions** pane, select **Proxy activate forest** to open the **Install Product Key** dialog box. +4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate. +5. If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you select **Install Key**, the name can't be changed. +6. Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then select **Open**. If you're activating an AD forest in an isolated workgroup, save the `.cilx` file to a removable media device. +7. Select **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. +8. Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. +9. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. +10. In the **Acquire confirmation IDs for file** dialog box, browse to where the `.cilx` file you exported from the isolated workgroup host computer is located. Select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs. +11. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Select **OK** to close the message. +12. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup. +13. Open VAMT and then select the **Active Directory-Based Activation** node in the left-side pane. +14. In the right-side **Actions** pane, select **Apply confirmation ID to Active Directory domain**, browse to the `.cilx` file and then select **Open**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. -## Related topics +## Related articles - [Add and Remove Computers](add-remove-computers-vamt.md) diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md index c390b22fe3..70940f40ec 100644 --- a/windows/deployment/volume-activation/activate-forest-vamt.md +++ b/windows/deployment/volume-activation/activate-forest-vamt.md @@ -2,11 +2,11 @@ title: Activate an Active Directory Forest Online (Windows 10) description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -15,33 +15,41 @@ ms.technology: itpro-fundamentals You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain. -**Important**   -ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. +> [!IMPORTANT] +> ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products. ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: -- VAMT is installed on a host computer that has Internet access. -- VAMT has administrative permissions to the Active Directory domain. -- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node. -**To perform an online Active Directory forest activation** +- VAMT is installed on a host computer that has Internet access. -1. Open VAMT. -2. In the left-side pane, click the **Active Directory-Based Activation** node. -3. In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box. -4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest. -5. If required, enter a new Active Directory-Based Activation Object name +- VAMT has administrative permissions to the Active Directory domain. - **Important**   - If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. +- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node. -6. Click **Install Key**. -7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. +### To perform an online Active Directory forest activation -The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane. +1. Open VAMT. -## Related topics +2. In the left-side pane, select the **Active Directory-Based Activation** node. + +3. In the right-side **Actions** pane, select **Online activate forest** to open the **Install Product Key** dialog box. + +4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest. + +5. If necessary, enter a new Active Directory-Based Activation Object name. + + > [!IMPORTANT] + > If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed. + +6. Select **Install Key**. + +7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. + +The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane. + +## Related articles - [Scenario 1: Online Activation](scenario-online-activation-vamt.md) - [Add and Remove Computers](add-remove-computers-vamt.md) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index 2c413491c3..c19e08bdbc 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -1,40 +1,36 @@ --- title: Activate using Active Directory-based activation description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects. -manager: dougeby -author: aczechowski -ms.author: aaroncz +manager: aaroncz +author: frankroj +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium -ms.date: 09/16/2022 +ms.date: 11/07/2022 ms.topic: how-to ms.collection: highpri --- # Activate using Active Directory-based activation -**Applies to supported versions of** - -- Windows -- Windows Server -- Office +(*Applies to: Windows, Windows Server, Office*) > [!TIP] > Are you looking for information on retail activation? > -> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0) -> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227) +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using *adprep.exe* on a supported server OS. After the schema is updated, older domain controllers can still activate clients. +Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using `adprep.exe` on a supported server OS. After the schema is updated, older domain controllers can still activate clients. Any domain-joined computers running a supported OS with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They'll stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. -To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. +To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console, or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. The process proceeds as follows: -1. Do _one_ of the following tasks: +1. Do *one* of the following tasks: - Install the Volume Activation Services server role on a domain controller. Then add a KMS host key by using the Volume Activation Tools Wizard. @@ -134,6 +130,6 @@ To verify your Active Directory-based activation configuration, complete the fol > > To manage individual activations or apply multiple (mass) activations, use the [VAMT](./volume-activation-management-tool.md). -## See also +## Related articles [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md index 6fdacc0acb..0d3d2d93aa 100644 --- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md +++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md @@ -1,12 +1,12 @@ --- title: Activate using Key Management Service (Windows 10) -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj description: How to activate using Key Management Service in Windows 10. ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 10/16/2017 +ms.date: 11/07/2022 ms.topic: article ms.collection: highpri ms.technology: itpro-fundamentals @@ -14,32 +14,26 @@ ms.technology: itpro-fundamentals # Activate using Key Management Service -**Applies to** +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -**Looking for retail activation?** +There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: -- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/) -- [Get Help Activating Microsoft Windows 7 or Windows 8.1 ](https://go.microsoft.com/fwlink/p/?LinkId=618644) - -There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host: - -- Host KMS on a computer running Windows 10 -- Host KMS on a computer running Windows Server 2012 R2 +- Host KMS on a computer running Windows 10 +- Host KMS on a computer running Windows Server 2012 R2 - Host KMS on a computer running an earlier version of Windows Check out [Windows 10 Volume Activation Tips](/archive/blogs/askcore/windows-10-volume-activation-tips). -## Key Management Service in Windows 10 +## Key Management Service in Windows 10 + +Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. -Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7. Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers. To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft activation services. @@ -55,11 +49,11 @@ To activate, use the slmgr.vbs command. Open an elevated command prompt and run 3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation. 4. Run `slmgr.vbs /atp \`. -For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)). +For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)). -## Key Management Service in Windows Server 2012 R2 +## Key Management Service in Windows Server 2012 R2 -Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. +Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista. > [!NOTE] > You cannot install a client KMS key into the KMS in Windows Server. @@ -67,9 +61,9 @@ Installing a KMS host key on a computer running Windows Server allows you to act This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden. > [!NOTE] -> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10). +> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10). -### Configure KMS in Windows Server 2012 R2 +### Configure KMS in Windows Server 2012 R2 1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials. 2. Launch Server Manager. @@ -115,26 +109,26 @@ Now that the KMS host is configured, it will begin to listen for activation requ ## Verifying the configuration of Key Management Service -You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. +You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message. > [!NOTE] -> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. +> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2. To verify that KMS volume activation works, complete the following steps: 1. On the KMS host, open the event log and confirm that DNS publishing is successful. -2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER. +2. On a client computer, open a Command Prompt window, type `Slmgr.vbs /ato`, and then press ENTER. - The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. -3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr.vbs /dlv**, and then press ENTER. + The `/ato` command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information. +3. On a client computer or the KMS host, open an elevated Command Prompt window, type `Slmgr.vbs /dlv`, and then press ENTER. - The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. + The `/dlv` command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated. For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](/windows-server/get-started/activation-slmgr-vbs-options). ## Key Management Service in earlier versions of Windows -If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: +If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps: 1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed. 2. Request a new KMS host key from the Volume Licensing Service Center. @@ -143,6 +137,6 @@ If you have already established a KMS infrastructure in your organization for an For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590). -## See also +## Related articles - [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md index 36d3961a3f..3becdf4dae 100644 --- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md +++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md @@ -1,59 +1,61 @@ --- title: Activate clients running Windows 10 (Windows 10) -description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. +description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Activate clients running Windows 10 -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works. -After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works. Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer. -If activation or reactivation is required, the following sequence occurs: -1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals. -2. If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK. -3. The computer tries to activate against Microsoft servers if it is configured with a MAK. -If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart. +If activation or reactivation is required, the following sequence occurs: + +1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals. + +2. If the computer isn't a member of a domain or if the volume activation object isn't available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer's GVLK. + +3. The computer tries to activate against Microsoft servers if it's configured with a MAK. + +If the client isn't able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart. ## How Key Management Service works -KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP. +KMS uses a client-server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP. ### Key Management Service activation thresholds You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met. -A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more. -When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met. +A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold aren't activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more. -In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated. +When KMS clients are waiting for the KMS to reach the activation threshold, they'll connect to the KMS host every two hours to get the current activation count. They'll be activated when the threshold is met. + +In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it's activated. If a computer running Windows 10 receives an activation count of 25 or more, it's activated. ### Activation count cache -To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one. -However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days. -The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size. +To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30 day period begins again. If a KMS client computer doesn't renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one. + +However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days. +The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size. ### Key Management Service connectivity @@ -61,63 +63,67 @@ KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients u ### Key Management Service activation renewal -KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again. +KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every seven days. If KMS activation fails, the client computer retries every two hours. After a client computer's activation is renewed, the activation validity interval begins again. ### Publication of the Key Management Service -The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts. +The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update isn't available or the KMS host doesn't have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts. ### Client discovery of the Key Management Service By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it. -Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters. -If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records. -By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way. + +Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters. + +If the KMS host that a client computer selects doesn't respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host doesn't respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records. + +By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated, and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way. ### Domain Name System server configuration -The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update. -The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records. +The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update. +The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records. ### Activating the first Key Management Service host -KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers. +KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host doesn't communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers. ### Activating subsequent Key Management Service hosts -Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception. +Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization's KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception. ## How Multiple Activation Key works -A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit. +A MAK is used for one-time activation with Microsoft's hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization's exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit. You can activate computers by using a MAK in two ways: -- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16. + +- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that don't maintain a connection to the corporate network. MAK independent activation is shown in Figure 16. ![MAK independent activation.](../images/volumeactivationforwindows81-16.jpg) - + **Figure 16**. MAK independent activation -- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17. + +- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It's also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17. ![MAK proxy activation with the VAMT.](../images/volumeactivationforwindows81-17.jpg) - + **Figure 17**. MAK proxy activation with the VAMT -A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation does not meet the KMS activation threshold. +A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation doesn't meet the KMS activation threshold. -You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment. +You can use a MAK for individual computers or with an image that can be duplicated or installed using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. Switching from KMS to a MAK is useful for moving a computer off the core network to a disconnected environment. ### Multiple Activation Key architecture and activation MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet. + In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID. ## Activating as a standard user -Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.” +Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 don't require administrator privileges for activation, but this change doesn't allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as "rearm." -## See also +## Related articles -- [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md index 3b0a290815..0fb8970234 100644 --- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md +++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md @@ -2,39 +2,38 @@ title: Active Directory-Based Activation Overview (Windows 10) description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 12/07/2018 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Active Directory-Based Activation overview -Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company’s domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it is distributed throughout the domain. +Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company's domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it's distributed throughout the domain. ## ADBA scenarios You might use ADBA if you only want to activate domain joined devices. -If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. This is not necessary When ADBA is used. +If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. Reactivating licenses isn't necessary When ADBA is used. -ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. This is simpler than using the DNS service to load balance by configuring priority and weight values. - -Some VDI solutions also require that new clients activate during creation before they are added to the pool. In this scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage. +ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. ADBA is simpler than using the DNS service to load balance by configuring priority and weight values. +Some VDI solutions also require that new clients activate during creation before they're added to the pool. In this VDI scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage. ## ADBA methods VAMT enables IT Professionals to manage and activate the ADBA object. Activation can be performed using the following methods: -- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name. -- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function. -## Related topics +- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name. + +- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function. + +## Related articles - [How to Activate an Active Directory Forest Online](./activate-forest-vamt.md) - [How to Proxy Activate an Active Directory Forest](./activate-forest-by-proxy-vamt.md) -  -  diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md index 5250a833f9..5f9bfce03d 100644 --- a/windows/deployment/volume-activation/add-manage-products-vamt.md +++ b/windows/deployment/volume-activation/add-manage-products-vamt.md @@ -2,26 +2,23 @@ title: Add and Manage Products (Windows 10) description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Manage Products +# Add and manage products This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network. ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. | |[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. | |[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. | - - - diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md index 66868c46dd..95bad2b880 100644 --- a/windows/deployment/volume-activation/add-remove-computers-vamt.md +++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md @@ -2,59 +2,73 @@ title: Add and Remove Computers (Windows 10) description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Remove Computers +# Add and remove computers You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function. -Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md). +Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## To add computers to a VAMT database -1. Open VAMT. -2. Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box. -3. In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks. -4. Click **Search**. -5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below. - To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane. - +1. Open VAMT. + +2. Select **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box. + +3. In the **Discover products** dialog box, select **Search for computers in the Active Directory** to display the search options, then select the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names select the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names select the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks. + +4. Select **Search**. + +5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below. + + To cancel the search, select **Cancel**. When the search is complete, the names of the newly discovered computers appear in the product list view in the center pane. + ![VAMT, Finding computers dialog box.](images/dep-win8-l-vamt-findingcomputerdialog.gif) - - **Important**   - This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function. - + + > [!IMPORTANT] + > This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function. + ## To add products to VAMT -1. In the **Products** list, select the computers that need to have their product information added to the VAMT database. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. -6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. +1. In the **Products** list, select the computers that need to have their product information added to the VAMT database. - **Note**   +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + +5. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**. + +6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. + + > [!NOTE] If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. - + ## To remove computers from a VAMT database -You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database. +You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, select **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database. -## Related topics +## Related articles - [Add and Manage Products](add-manage-products-vamt.md) - - diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md index d096546643..0e37c178fc 100644 --- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md +++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md @@ -2,35 +2,40 @@ title: Add and Remove a Product Key (Windows 10) description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Add and Remove a Product Key +# Add and remove a product key Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database. -## To Add a Product Key +## To add a product key -1. Open VAMT. -2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu. -3. Click **Add product keys** to open the **Add Product Keys** dialog box. -4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**. - - To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Open VAMT. - **Note**   - If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. +2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu. -## Remove a Product Key +3. Select **Add product keys** to open the **Add Product Keys** dialog box. -- To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network. +4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys: -## Related topics + - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and select **Add Key(s)**. + + - To import a Comma Separated Values (CSV) file containing a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. + + > [!NOTE] + > If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. + +## Remove a product key + +- To remove a product key from the list, select the key in the list and select **Delete** on the **Selected Items** menu in the right-side pane. Select **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database won't affect the activation state of any products or computers on the network. + +## Related articles - [Manage Product Keys](manage-product-keys-vamt.md) diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md index d478a5e6fc..07a8a62eaf 100644 --- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md +++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md @@ -2,56 +2,63 @@ title: Appendix Information sent to Microsoft during activation (Windows 10) description: Learn about the information sent to Microsoft during activation. ms.reviewer: -manager: dougeby -ms.author: aaroncz -author: aczechowski +manager: aaroncz +ms.author: frankroj +author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article --- # Appendix: Information sent to Microsoft during activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 + +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) **Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) When you activate a computer running Windows 10, the following information is sent to Microsoft: -- The Microsoft product code (a five-digit code that identifies the Windows product you're activating) -- A channel ID or site code that identifies how the Windows product was originally obtained +- The Microsoft product code (a five-digit code that identifies the Windows product you're activating) +- A channel ID or site code that identifies how the Windows product was originally obtained For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer. - -- The date of installation and whether the installation was successful -- Information that helps confirm that your Windows product key hasn't been altered -- Computer make and model -- Version information for the operating system and software -- Region and language settings -- A unique number called a *globally unique identifier*, which is assigned to your computer -- Product key (hashed) and product ID -- BIOS name, revision number, and revision date -- Volume serial number (hashed) of the hard disk drive -- The result of the activation check + +- The date of installation and whether the installation was successful +- Information that helps confirm that your Windows product key hasn't been altered + +- Computer make and model + +- Version information for the operating system and software + +- Region and language settings + +- A unique number called a *globally unique identifier*, which is assigned to your computer + +- Product key (hashed) and product ID + +- BIOS name, revision number, and revision date + +- Volume serial number (hashed) of the hard disk drive + +- The result of the activation check This result includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled: - - - The activation exploit's identifier - - The activation exploit's current state, such as cleaned or quarantined - - Computer manufacturer's identification - - The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit -- The name and a hash of the contents of your computer's startup instructions file -- If your Windows license is on a subscription basis, information about how your subscription works + + - The activation exploit's identifier + + - The activation exploit's current state, such as cleaned or quarantined + + - Computer manufacturer's identification + + - The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit + +- The name and a hash of the contents of your computer's startup instructions file + +- If your Windows license is on a subscription basis, information about how your subscription works Standard computer information is also sent, but your computer's IP address is only kept temporarily. @@ -60,6 +67,6 @@ Standard computer information is also sent, but your computer's IP address is on Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft doesn't use the information to contact individual consumers. For more information, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879). -## See also +## Related articles -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md index ec8b2ffdba..392c89d4bf 100644 --- a/windows/deployment/volume-activation/configure-client-computers-vamt.md +++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md @@ -2,21 +2,22 @@ title: Configure Client Computers (Windows 10) description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly. ms.reviewer: -manager: dougeby -author: aczechowski -ms.author: aaroncz +manager: aaroncz +author: frankroj +ms.author: frankroj ms.prod: windows-client -ms.date: 04/30/2020 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Configure Client Computers +# Configure client computers To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers: - An exception must be set in the client computer's firewall. -- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations. + +- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) won't allow remote administrative operations. Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows. @@ -28,11 +29,16 @@ Organizations where the VAMT will be widely used may benefit from making these c Enable the VAMT to access client computers using the **Windows Firewall** Control Panel: 1. Open Control Panel and double-click **System and Security**. -2. Click **Windows Firewall**. -3. Click **Allow a program or feature through Windows Firewall**. -4. Click the **Change settings** option. + +2. Select **Windows Firewall**. + +3. Select **Allow a program or feature through Windows Firewall**. + +4. Select the **Change settings** option. + 5. Select the **Windows Management Instrumentation (WMI)** checkbox. -6. Click **OK**. + +6. Select **OK**. > [!WARNING] > By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below. @@ -44,11 +50,15 @@ Enable the VAMT to access client computers across multiple subnets using the **W ![VAMT Firewall configuration for multiple subnets.](images/dep-win8-l-vamt-firewallconfigurationformultiplesubnets.gif) 1. Open the Control Panel and double-click **Administrative Tools**. -2. Click **Windows Firewall with Advanced Security**. + +2. Select **Windows Firewall with Advanced Security**. + 3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private): - Windows Management Instrumentation (ASync-In) + - Windows Management Instrumentation (DCOM-In) + - Windows Management Instrumentation (WMI-In) 4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel. @@ -56,10 +66,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W 5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box. - On the **General** tab, select the **Allow the connection** checkbox. + - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need. + - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public). - In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. + In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically allocated ports. Limiting the range of dynamically allocated ports is useful if, for example, the hardware firewall only allows traffic in a certain range of ports. For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang). @@ -71,6 +83,7 @@ Enable the VAMT to access client computers across multiple subnets using the **W On the client computer, create the following registry key using regedit.exe. 1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system` + 2. Enter the following details: - **Value Name: LocalAccountTokenFilterPolicy** @@ -85,12 +98,15 @@ On the client computer, create the following registry key using regedit.exe. There are several options for organizations to configure the WMI firewall exception for computers: - **Image.** Add the configurations to the master Windows image deployed to all clients. + - **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**. -- **Script.** Execute a script using Microsoft Configuration Manager or a third-party remote script execution facility. + +- **Script.** Execute a script using Microsoft Configuration Manager or a third-party remote script execution facility. + - **Manual.** Configure the WMI firewall exception individually on each client. The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception. -## Related topics +## Related articles - [Install and Configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md index 8f83af6335..7a5aaa426b 100644 --- a/windows/deployment/volume-activation/import-export-vamt-data.md +++ b/windows/deployment/volume-activation/import-export-vamt-data.md @@ -2,12 +2,12 @@ title: Import and export VAMT data description: Learn how to use the VAMT to import product-activation data from a file into SQL Server. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 05/02/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: how-to --- @@ -16,10 +16,12 @@ ms.topic: how-to You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a computer information list (`.cilx` or `.cil`) file into SQL Server. Also use VAMT to export product-activation data into a `.cilx` file. A `.cilx` file is an XML file that stores computer and product-activation data. You can import data or export data during the following scenarios: + - Import and merge data from previous versions of VAMT. + - Export data to perform proxy activations. -> [!Warning] +> [!WARNING] > Editing a `.cilx` file through an application other than VAMT can corrupt the `.cilx` file. This method isn't supported. ## Import VAMT data @@ -27,8 +29,11 @@ You can import data or export data during the following scenarios: To import data into VAMT, use the following process: 1. Open VAMT. + 2. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box. + 3. In the **Import List** dialog box, navigate to the `.cilx` file location, choose the file, and select **Open**. + 4. In the **Volume Activation Management Tool** dialog box, select **OK** to begin the import. VAMT displays a progress message while the file is being imported. Select **OK** when a message appears and confirms that the import has completed successfully. ## Export VAMT data @@ -36,14 +41,23 @@ To import data into VAMT, use the following process: Exporting VAMT data from a VAMT host computer that's not internet-connected is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a `.cilx` file: 1. In the left-side pane, select a product you want to export data for, or select **Products** if the list contains data for all products. + 2. If you want to export only part of the data in a product list, in the product-list view in the center pane, select the products you want to export. + 3. In the right-side **Actions** pane on, select **Export list** to open the **Export List** dialog box. + 4. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file. + 5. Under **Export options**, select one of the following data-type options: + - Export products and product keys + - Export products only + - Export proxy activation data only. Selecting this option makes sure that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No personally identifiable information (PII) is contained in the exported `.cilx` file when this selection is checked. + 6. If you've selected products to export, select the **Export selected product rows only** check box. + 7. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully. ## Related articles diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md index 4b1b5ca520..b468f34546 100644 --- a/windows/deployment/volume-activation/install-configure-vamt.md +++ b/windows/deployment/volume-activation/install-configure-vamt.md @@ -2,30 +2,28 @@ title: Install and Configure VAMT (Windows 10) description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- -# Install and Configure VAMT +# Install and configure VAMT This section describes how to install and configure the Volume Activation Management Tool (VAMT). -## In this Section +## In this section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. | |[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. | |[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers on your network to work with VAMT. | -## Related topics +## Related articles - [Introduction to VAMT](introduction-vamt.md) -  -  diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md index 2039634198..eb28f3ff3a 100644 --- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md +++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md @@ -2,39 +2,49 @@ title: Install a KMS Client Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Install a KMS Client Key -You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you are converting a MAK-activated product to KMS activation. +You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you're converting a MAK-activated product to KMS activation. -**Note**   -By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. +> [!NOTE] +> By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. -**To install a KMS Client key** -1. Open VAMT. -2. In the left-side pane click **Products** to open the product list view in the center pane. -3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -7. The **Install Product Key** dialog box displays the keys that are available to be installed. -8. Select the **Automatically select an AD or KMS client key** option and then click **Install Key**. +## To install a KMS Client key + +1. Open VAMT. + +2. In the left-side pane, select **Products** to open the product list view in the center pane. + +3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +7. The **Install Product Key** dialog box displays the keys that are available to be installed. + +8. Select the **Automatically select an AD or KMS client key** option and then select **Install Key**. + + VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. - VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. - The same status is shown under the **Status of Last Action** column in the product list view in the center pane. -## Related topics +## Related articles - [Perform KMS Activation](kms-activation-vamt.md) diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md index c96c711355..350971254b 100644 --- a/windows/deployment/volume-activation/install-product-key-vamt.md +++ b/windows/deployment/volume-activation/install-product-key-vamt.md @@ -2,12 +2,12 @@ title: Install a Product Key (Windows 10) description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,26 +16,35 @@ ms.technology: itpro-fundamentals You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK). -**To install a Product key** -1. Open VAMT. -2. In the left-side pane, click the product that you want to install keys onto. -3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. -6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -7. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key you want to install, click **Install Key**. Note that only one key can be installed at a time. -9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +## To install a Product key + +1. Open VAMT. + +2. In the left-side pane, select the product that you want to install keys onto. + +3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. + +6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. + +7. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key you want to install, select **Install Key**. Only one key can be installed at a time. + +9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right - Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)). + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)). -## Related topics +## Related articles - [Manage Product Keys](manage-product-keys-vamt.md) - diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index aecd419d3e..0aaeca24e5 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -1,12 +1,12 @@ --- title: Install VAMT (Windows 10) description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 03/11/2019 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -17,10 +17,10 @@ This topic describes how to install the Volume Activation Management Tool (VAMT) ## Install VAMT -You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. +You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. >[!IMPORTANT] ->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.  +>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. >[!NOTE] >The VAMT Microsoft Management Console snap-in ships as an x86 package. @@ -78,9 +78,9 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for To uninstall VAMT using the **Programs and Features** Control Panel: -1. Open **Control Panel** and select **Programs and Features**. +1. Open **Control Panel** and select **Programs and Features**. -2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. +2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 35011f3cea..3317cf1106 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -2,12 +2,12 @@ title: Introduction to VAMT (Windows 10) description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 09/16/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: overview --- diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index c6c284ccb9..b7e487c555 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -2,45 +2,45 @@ title: Perform KMS Activation (Windows 10) description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Perform KMS Activation -The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. +The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. ## Requirements Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements: -- KMS host is set up and enabled. -- KMS clients can access the KMS host. -- VAMT is installed on a central computer with network access to all client computers. -- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). -- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- KMS host is set up and enabled. +- KMS clients can access the KMS host. +- VAMT is installed on a central computer with network access to all client computers. +- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## To configure devices for KMS activation **To configure devices for KMS activation** -1. Open VAMT. -2. If necessary, set up the KMS activation preferences. If you don’t need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. -3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. -4. Under **Key Management Services host selection**, select one of the following options: - - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. - - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. - - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. -5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. -6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. -9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. +1. Open VAMT. +2. If necessary, set up the KMS activation preferences. If you don't need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. +3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. +4. Under **Key Management Services host selection**, select one of the following options: + - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. + - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. + - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. +5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. +6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +7. Click **Filter**. VAMT displays the filtered list in the center pane. +8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. +9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. 10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**. VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane. -  + diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index 64aa4ddfb2..cbc033c0cf 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -2,11 +2,11 @@ title: Perform Local Reactivation (Windows 10) description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,22 +16,22 @@ ms.technology: itpro-fundamentals If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer. Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key. -**Note**   -During the initial proxy activation, the CID is bound to a digital “fingerprint”, which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. +> [!NOTE] +> During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. ## To Perform a Local Reactivation **To perform a local reactivation** -1. Open VAMT. Make sure that you are connected to the desired database. -2. In the left-side pane, click the product you want to reactivate to display the products list. -3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. -7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. -8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. +1. Open VAMT. Make sure that you are connected to the desired database. +2. In the left-side pane, click the product you want to reactivate to display the products list. +3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the center pane. +6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. +7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. +8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. VAMT displays the **Apply Confirmation ID** dialog box. diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index ce146804af..b7fda50fbf 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -2,11 +2,11 @@ title: Manage Activations (Windows 10) description: Learn how to manage activations and how to activate a client computer by using various activation methods. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index 474f83d10d..e5354da617 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -2,11 +2,11 @@ title: Manage Product Keys (Windows 10) description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index 39a1737116..d4bbff284f 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -2,11 +2,11 @@ title: Manage VAMT Data (Windows 10) description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index 94cdf4e1e9..f1671b98f8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -1,11 +1,11 @@ --- title: Monitor activation (Windows 10) ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj description: Understand the most common methods to monitor the success of the activation process for a computer running Windows. ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index 18ded873b5..f277366807 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -2,11 +2,11 @@ title: Perform Online Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -18,10 +18,10 @@ You can use the Volume Activation Management Tool (VAMT) to enable client produc ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: -- VAMT is installed on a central computer that has network access to all client computers. -- Both the VAMT host and client computers have Internet access. -- The products that you want to activate are added to VAMT. -- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- VAMT is installed on a central computer that has network access to all client computers. +- Both the VAMT host and client computers have Internet access. +- The products that you want to activate are added to VAMT. +- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. @@ -29,24 +29,24 @@ The product keys that are installed on the client products must have a sufficien ## To Perform an Online Activation **To perform an online activation** -1. Open VAMT. -2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. -7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. Open VAMT. +2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +4. Click **Filter**. VAMT displays the filtered list in the center pane. +5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. +7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. - **Note**   - Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. + > [!NOTE] + > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. - **Note** - You can use online activation to select products that have different key types and activate the products at the same time. + > [!NOTE] + > You can use online activation to select products that have different key types and activate the products at the same time. ## Related topics - [Manage Activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index 5fe9d182fa..8708715c3f 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -2,10 +2,10 @@ title: Plan for volume activation (Windows 10) description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals @@ -31,7 +31,7 @@ ms.technology: itpro-fundamentals During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. >[!NOTE] ->The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets. +>The IP address is used only to verify the location of the request, because some editions of Windows (such as "Starter" editions) can only be activated within certain geographical target markets. ## Distribution channels and activation @@ -39,7 +39,7 @@ In general, Microsoft software is obtained through three main channels: retail, ### Retail activations -The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. +The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. ### Original equipment manufacturer @@ -50,31 +50,31 @@ OEM activation is valid as long as the customer uses the OEM-provided image on t ### Volume licensing Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: -- Have the license preinstalled through the OEM. -- Purchase a fully packaged retail product. +- Have the license preinstalled through the OEM. +- Purchase a fully packaged retail product. -The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. +The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. -**Note**   -Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. +> [!NOTE] +> Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions. ## Activation models For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: -- Online activation -- Telephone activation -- VAMT proxy activation +- Online activation +- Telephone activation +- VAMT proxy activation -Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: -- MAKs -- KMS -- Active Directory-based activation +Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: +- MAKs +- KMS +- Active Directory-based activation -**Note**   -Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative. +> [!NOTE] +> Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative. Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607). ### Multiple activation key @@ -89,19 +89,19 @@ Organizations can download MAK and KMS keys from the [Volume Licensing Service C ### Key Management Service -With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. +With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. -Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. +Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. -The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. +The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. ### Active Directory-based activation -Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. +Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. -Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. +Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. ## Network and connectivity @@ -109,11 +109,11 @@ A modern business network has many nuances and interconnections. This section ex ### Core network -Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. +Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. -In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. +In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. -A typical core network that includes a KMS host is shown in Figure 1. +A typical core network that includes a KMS host is shown in Figure 1. ![Typical core network.](../images/volumeactivationforwindows81-01.jpg) @@ -127,47 +127,47 @@ In a large network, it is all but guaranteed that some segments will be isolated Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. -If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. +If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. -If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. +If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. -If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. +If the isolated network cannot communicate with the core network's KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. ![New KMS host in an isolated network.](../images/volumeactivationforwindows81-02.jpg) -**Figure 2**. New KMS host in an isolated network +**Figure 2**. New KMS host in an isolated network **Branch offices and distant networks** From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: -- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. -- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. -- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. -- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. +- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. +- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. +- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. +- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. ### Disconnected computers -Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. -If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). +Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. +If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). ### Test and development labs -Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. +Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. -In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. +In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. ## Mapping your network to activation methods -Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. +Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. **Table 1**. Criteria for activation methods |Criterion |Activation method | |----------|------------------| -|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | -|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | +|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | +|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | |Number of computers in isolated networks where the KMS activation threshold is not met |MAK | @@ -179,14 +179,14 @@ Now it’s time to assemble the pieces into a working solution. By evaluating yo ## Choosing and acquiring keys When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: -- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. -- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). +- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. +- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). ### KMS host keys -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. -A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. +A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. ### Generic volume licensing keys @@ -202,25 +202,25 @@ You will also need MAK keys with the appropriate number of activations available ## Selecting a KMS host -The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. -KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. +The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. +KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. -The flow of KMS activation is shown in Figure 3, and it follows this sequence: +The flow of KMS activation is shown in Figure 3, and it follows this sequence: -1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. -2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. -3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) -4. A client configured with a GVLK uses DNS to locate the KMS host. -5. The client sends one packet to the KMS host. -6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. -7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. -8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. +1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. +2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. +3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) +4. A client configured with a GVLK uses DNS to locate the KMS host. +5. The client sends one packet to the KMS host. +6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. +7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. +8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) **Figure 3**. KMS activation flow ## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +- [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 587efce773..7534f442fd 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -2,11 +2,11 @@ title: Perform Proxy Activation (Windows 10) description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -17,39 +17,36 @@ You can use the Volume Activation Management Tool (VAMT) to perform activation f In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access. -**Note**   -For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet.  +> [!NOTE] +> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. ## Requirements Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. -- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. -- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. -- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. +- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. +- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. +- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. ## To Perform Proxy Activation **To perform proxy activation** -1. Open VAMT. -2. If necessary, install product keys. For more information see: - - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). - - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. -3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. -7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. -8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. -9. Click **OK**. +1. Open VAMT. +2. If necessary, install product keys. For more information see: + - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. +3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the center pane. +6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. +7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. +8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. +9. Click **OK**. 10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials. - **Note**   + > [!NOTE] You can use proxy activation to select products that have different key types and activate the products at the same time. - - - diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index e0fa9fe778..f9b25b08fd 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -2,11 +2,11 @@ title: Remove Products (Windows 10) description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,17 +16,17 @@ ms.technology: itpro-fundamentals To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane. **To delete one or more products** -1. Click a product node in the left-side pane. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products you want to delete. -6. Click **Delete** in the **Selected Items** menu in the right-side pane. -7. On the **Confirm Delete Selected Products** dialog box, click **OK**. +1. Click a product node in the left-side pane. +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +4. Click **Filter**. VAMT displays the filtered list in the center pane. +5. Select the products you want to delete. +6. Click **Delete** in the **Selected Items** menu in the right-side pane. +7. On the **Confirm Delete Selected Products** dialog box, click **OK**. ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 6f92b8bdbb..2aae527d89 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -2,44 +2,44 @@ title: Scenario 3 KMS Client Activation (Windows 10) description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- # Scenario 3: KMS Client Activation -In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). The procedure that is described below assumes the following: -- The KMS Service is enabled and available to all KMS clients. -- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. +- The KMS Service is enabled and available to all KMS clients. +- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. ## Activate KMS Clients -1. Open VAMT. -2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. -3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: - - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. - - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. - - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. -4. In the left-side pane, in the **Products** node, click the product that you want to activate. -5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. Select the products that you want to activate. -9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Open VAMT. +2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. +3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: + - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. + - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. +4. In the left-side pane, in the **Products** node, click the product that you want to activate. +5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +7. Click **Filter**. VAMT displays the filtered list in the center pane. +8. Select the products that you want to activate. +9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. 10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) -  -  + + diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index 0456ed2993..f1fcdf13ee 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -2,11 +2,11 @@ title: Scenario 1 Online Activation (Windows 10) description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -14,67 +14,67 @@ ms.technology: itpro-fundamentals # Scenario 1: Online Activation In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types: -- Multiple Activation Key (MAK) -- Windows Key Management Service (KMS) keys: - - KMS Host key (CSVLK) - - Generic Volume License Key (GVLK), or KMS client key -- Retail +- Multiple Activation Key (MAK) +- Windows Key Management Service (KMS) keys: + - KMS Host key (CSVLK) + - Generic Volume License Key (GVLK), or KMS client key +- Retail The Secure Zone represents higher-security Core Network computers that have additional firewall protection. ![VAMT firewall configuration for multiple subnets.](images/dep-win8-l-vamt-makindependentactivationscenario.jpg) ## In This Topic -- [Install and start VAMT on a networked host computer](#bkmk-partone) -- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) -- [Connect to VAMT database](#bkmk-partthree) -- [Discover products](#bkmk-partfour) -- [Sort and filter the list of computers](#bkmk-partfive) -- [Collect status information from the computers in the list](#bkmk-partsix) -- [Add product keys and determine the remaining activation count](#bkmk-partseven) -- [Install the product keys](#bkmk-parteight) -- [Activate the client products](#bkmk-partnine) +- [Install and start VAMT on a networked host computer](#bkmk-partone) +- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) +- [Connect to VAMT database](#bkmk-partthree) +- [Discover products](#bkmk-partfour) +- [Sort and filter the list of computers](#bkmk-partfive) +- [Collect status information from the computers in the list](#bkmk-partsix) +- [Add product keys and determine the remaining activation count](#bkmk-partseven) +- [Install the product keys](#bkmk-parteight) +- [Activate the client products](#bkmk-partnine) ## Step 1: Install and start VAMT on a networked host computer -1. Install VAMT on the host computer. -2. Click the VAMT icon in the **Start** menu to open VAMT. +1. Install VAMT on the host computer. +2. Click the VAMT icon in the **Start** menu to open VAMT. ## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers -- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - **Note**   - To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + > [!NOTE] + > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## Step 3: Connect to a VAMT database -1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -2. Click **Connect**. -3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) +1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. +2. Click **Connect**. +3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) ## Step 4: Discover products -1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. -4. Click **Search**. +1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. +2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. +3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: + - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. + - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. +4. Click **Search**. When the search is complete, the products that VAMT discovers appear in the product list view in the center pane. ## Step 5: Sort and filter the list of computers You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. -3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. +1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. +2. To sort the list further, you can click one of the column headings to sort by that column. +3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. ## Step 6: Collect status information from the computers in the list @@ -85,47 +85,45 @@ To collect the status from select computers in the database, you can select comp - In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note** - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + > [!NOTE] + > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add product keys and determine the remaining activation count -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: + - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. + - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. - **Important**   - If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. + > [!IMPORTANT] + > If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. ## Step 8: Install the product keys -1. In the left-side pane, click the product that you want to install keys on to. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, click the product that you want to install keys on to. +2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). +3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) ## Step 9: Activate the client products -1. Select the individual products that you want to activate in the list-view pane. -2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. -3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. -4. Enter your alternate user name and password and click **OK**. -5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. +1. Select the individual products that you want to activate in the list-view pane. +2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. +3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. +4. Enter your alternate user name and password and click **OK**. +5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. - **Note**   - Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. - - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. + > RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index d66678367b..1d4fd6f9b5 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -2,11 +2,11 @@ title: Scenario 2 Proxy Activation (Windows 10) description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -19,32 +19,32 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa ## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab -1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. -2. Click the VAMT icon in the **Start** menu to open VAMT. +1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. +2. Click the VAMT icon in the **Start** menu to open VAMT. ## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers -- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). +- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). - **Note**   - To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + > [!NOTE] + > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). ## Step 3: Connect to a VAMT Database -1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -2. Click **Connect**. -3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) +1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. +2. Click **Connect**. +3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) ## Step 4: Discover Products -1. In the left-side pane, in the **Products** node, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. -4. Click **Search**. +1. In the left-side pane, in the **Products** node, click the product that you want to activate. +2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. +3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: + - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. + - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. +4. Click **Search**. The **Finding Computers** window appears and displays the search progress as the computers are located. @@ -54,13 +54,13 @@ When the search is complete, the products that VAMT discovers appear in the list You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. -3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. +1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. +2. To sort the list further, you can click one of the column headings to sort by that column. +3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. + - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. +5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. ## Step 6: Collect Status Information from the Computers in the Isolated Lab @@ -71,74 +71,74 @@ To collect the status from select computers in the database, you can select comp - In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. - **Note** - If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. + > [!NOTE] + > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. ## Step 7: Add Product Keys -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: - - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. +1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: + - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. + - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. ## Step 8: Install the Product Keys on the Isolated Lab Computers -1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). -3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. +2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). +3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. +4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) + > [!NOTE] + > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) - **Note**   - Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. ## Step 9: Export VAMT Data to a .cilx File -In this step, you export VAMT from the workgroup’s host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. +In this step, you export VAMT from the workgroup's host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. -1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. -2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. -3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. -4. Under **Export options**, select one of the following data-type options: - - Export products and product keys. - - Export products only. - - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise’s security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. -5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. -6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. -7. If you exported the list to a file on the host computer’s hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. +1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. +2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. +3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. +4. Under **Export options**, select one of the following data-type options: + - Export products and product keys. + - Export products only. + - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. +5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. +6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. +7. If you exported the list to a file on the host computer's hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. - **Important**   - Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup’s VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. + > [!IMPORTANT] + > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. ## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer -1. Insert the removable media into the VAMT host that has Internet access. -2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. -5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. +1. Insert the removable media into the VAMT host that has Internet access. +2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. +3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. +4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. +5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. ## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup -1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. -2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. -3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. -4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. -5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. -6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. +1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. +2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. +3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. +4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. +5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. +6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. ## Step 12: Apply the CIDs and Activate the Isolated Lab Computers -1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. -2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. +2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. @@ -146,21 +146,20 @@ In this step, you export VAMT from the workgroup’s host computer and save it i ## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. -1. Redeploy products to each computer, using the same computer names as before. -2. Open VAMT. -3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +1. Redeploy products to each computer, using the same computer names as before. +2. Open VAMT. +3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. - **Note**   - Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. + > [!NOTE] + > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. - **Note**   - Reapplying the same CID conserves the remaining activations on the MAK. + > [!NOTE] + > Reapplying the same CID conserves the remaining activations on the MAK. ## Related topics - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index dfd7e456e7..06b0801a32 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -2,11 +2,11 @@ title: Update Product Status (Windows 10) description: Learn how to use the Update license status function to add the products that are installed on the computers. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -16,20 +16,20 @@ ms.technology: itpro-fundamentals After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database. To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -**Note**   +> [!NOTE] The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated. ## Update the license status of a product -1. Open VAMT. -2. In the **Products** list, select one or more products that need to have their status updated. -3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. -4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. +1. Open VAMT. +2. In the **Products** list, select one or more products that need to have their status updated. +3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. +4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. - **Note**   - If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. + > [!NOTE] + If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. ## Related topics - [Add and Manage Products](add-manage-products-vamt.md) diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 96270a5500..38adbc40dc 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -2,12 +2,12 @@ title: Use the Volume Activation Management Tool (Windows 10) description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -15,36 +15,36 @@ ms.technology: itpro-fundamentals # Use the Volume Activation Management Tool **Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows 7 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2008 R2 **Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be -installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. +installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. -The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). +The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). -In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. +In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature. ## Activating with the Volume Activation Management Tool You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: -- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. +- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. +- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. ## Tracking products and computers with the Volume Activation Management Tool -The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. +The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing. ![VAMT showing the licensing status of multiple computers.](../images/volumeactivationforwindows81-18.jpg) @@ -52,7 +52,7 @@ The VAMT provides an overview of the activation and licensing status of computer ## Tracking key usage with the Volume Activation Management Tool -The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. +The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. ![VAMT showing key types and usage.](../images/volumeactivationforwindows81-19.jpg) @@ -60,16 +60,16 @@ The VAMT makes it easier to track the various keys that are issued to your organ ## Other Volume Activation Management Tool features -The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: -- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. -- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. -- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. +The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: +- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. +- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. +- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. For more information, see: -- [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) -- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) +- [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) +- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) ## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) -  -  +- [Volume Activation for Windows 10](volume-activation-windows-10.md) + + diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index ce68f48784..eb3b96f723 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -2,11 +2,11 @@ title: Use VAMT in Windows PowerShell (Windows 10) description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -22,18 +22,18 @@ The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to p - In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). **To prepare the VAMT PowerShell environment** -- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. +- To open PowerShell with administrative credentials, click **Start** and type "PowerShell" to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. - **Important** - If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe + > [!IMPORTANT] + > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: + - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe + - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe - For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: ``` powershell - cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0” + cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0" ``` - Import the VAMT PowerShell module. To import the module, type the following at a command prompt: ``` powershell diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 1e02f26440..73685db04c 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -2,11 +2,11 @@ title: VAMT known issues (Windows 10) description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 12/17/2019 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.custom: - CI 111496 diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 736a7d6b84..5cc18cd62c 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -2,11 +2,11 @@ title: VAMT Requirements (Windows 10) description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT). ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -37,7 +37,7 @@ The following table lists the system requirements for the VAMT host computer. | Display | 1024x768 or higher resolution monitor | | Network | Connectivity to remote computers via Windows Management Instrumentation (TCP/IP) and Microsoft Activation Web Service on the Internet via HTTPS | | Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. | -| Additional Requirements |

  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| +| Additional Requirements |
  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| ## Related topics - [Install and Configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 1c161bf9b5..278a558c68 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -2,11 +2,11 @@ title: VAMT Step-by-Step Scenarios (Windows 10) description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski -ms.date: 04/25/2017 +author: frankroj +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -21,9 +21,9 @@ This section provides instructions on how to implement the Volume Activation Man |------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. | -|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | +|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | ## Related articles - [Introduction to VAMT](introduction-vamt.md) -  -  + + diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index b24992eac1..9771f187cd 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -1,12 +1,12 @@ --- title: VAMT technical reference description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation. -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client ms.technology: itpro-fundamentals -author: aczechowski -ms.date: 09/16/2022 +author: frankroj +ms.date: 11/07/2022 ms.topic: overview ms.custom: seo-marvel-apr2020 --- diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index c97a874ef7..0ddbc94c96 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -2,12 +2,12 @@ title: Volume Activation for Windows 10 description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows. ms.reviewer: -manager: dougeby -ms.author: aaroncz +manager: aaroncz +ms.author: frankroj ms.prod: windows-client -author: aczechowski +author: frankroj ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 11/07/2022 ms.topic: article ms.technology: itpro-fundamentals --- @@ -30,7 +30,7 @@ ms.technology: itpro-fundamentals - [Get Help Activating Microsoft Windows](https://support.microsoft.com/help/12440/windows-10-activate) -This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. +This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. *Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as [Open](https://www.microsoft.com/Licensing/licensing-programs/open-license) and [Select](https://www.microsoft.com/Licensing/licensing-programs/select)) and to participants in programs such as the [Microsoft Partner Program](https://partner.microsoft.com/) and [MSDN Subscriptions](https://visualstudio.microsoft.com/msdn-platforms/). @@ -38,11 +38,11 @@ Volume activation is a configurable solution that helps automate and manage the This guide provides information and step-by-step guidance to help you choose a volume activation method that suits your environment, and then to configure that solution successfully. This guide describes the volume activation features and the tools to manage volume activation. -Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. +Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. Volume activation -and the need for activation itself- is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). -If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). +If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). To successfully plan and implement a volume activation strategy, you must: @@ -54,7 +54,7 @@ To successfully plan and implement a volume activation strategy, you must: - Determine the monitoring and reporting needs in your organization. - Install and configure the tools required to support the methods selected. -Keep in mind that the method of activation does not change an organization’s responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. +Keep in mind that the method of activation does not change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. ## Additional information From 920fb30784ef9c8e96016920f860822718380e8c Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:30:10 -0500 Subject: [PATCH 05/25] Metadata/style update deployment/vamt 2 --- .../volume-activation/install-vamt.md | 24 ++++---- .../volume-activation/introduction-vamt.md | 12 ++-- .../volume-activation/kms-activation-vamt.md | 45 ++++++++++----- .../local-reactivation-vamt.md | 40 +++++++++----- .../manage-activations-vamt.md | 7 +-- .../manage-product-keys-vamt.md | 10 ++-- .../volume-activation/manage-vamt-data.md | 5 +- .../monitor-activation-client.md | 40 +++++++------- .../online-activation-vamt.md | 38 ++++++++----- .../plan-for-volume-activation-client.md | 55 ++++++++++++------- 10 files changed, 165 insertions(+), 111 deletions(-) diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md index 0aaeca24e5..8cb4d09f92 100644 --- a/windows/deployment/volume-activation/install-vamt.md +++ b/windows/deployment/volume-activation/install-vamt.md @@ -13,23 +13,26 @@ ms.technology: itpro-fundamentals # Install VAMT -This topic describes how to install the Volume Activation Management Tool (VAMT). +This article describes how to install the Volume Activation Management Tool (VAMT). -## Install VAMT +## Installing VAMT You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10. >[!IMPORTANT] ->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. +>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. >[!NOTE] ->The VAMT Microsoft Management Console snap-in ships as an x86 package. +>The VAMT Microsoft Management Console snap-in ships as an x86 package. ### Requirements - [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied + - Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install) + - Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended + - Alternatively, any supported **full** SQL instance ### Install SQL Server Express / alternatively use any full SQL instance @@ -42,7 +45,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 4. Enter an install location or use the default path, and then select **Install**. -5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. +5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. ![In this example, the instance name is SQLEXPRESS01.](images/sql-instance.png) @@ -50,7 +53,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install). - If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database. + If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database. 2. Enter an install location or use the default path, and then select **Next**. @@ -58,7 +61,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for 4. Accept the license terms. -5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.) +5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well. 6. On the completion page, select **Close**. @@ -72,15 +75,10 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for For remote SQL Server, use `servername.yourdomain.com`. - - ## Uninstall VAMT To uninstall VAMT using the **Programs and Features** Control Panel: 1. Open **Control Panel** and select **Programs and Features**. -2. Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. - - - +2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT. diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 3317cf1106..292a9965b1 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -18,7 +18,7 @@ The Volume Activation Management Tool (VAMT) enables network administrators and > [!NOTE] > VAMT can be installed on, and can manage, physical or virtual instances. VAMT can't detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. -## Managing MAK and retail activation +## Managing MAK and retail activation You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios: @@ -26,23 +26,25 @@ You can use a MAK or a retail product key to activate Windows, Windows Server, o - **Proxy activation**: This activation method enables you to perform volume activation for products installed on client computers that don't have internet access. The VAMT host computer distributes a MAK, KMS host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs internet access. You can also activate products installed on computers in a workgroup that's isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the internet-connected VAMT host. -## Managing KMS activation +## Managing KMS activation In addition to MAK or retail activation, you can use VAMT to perform volume activation using the KMS. VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by volume license editions of Windows, Windows Server, and Office. VAMT treats a KMS host key (CSVLK) product key identically to a retail-type product key. The experience for product key entry and activation management are identical for both these product key types. -## Enterprise environment +## Enterprise environment VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments: core network, secure zone, and isolated lab. ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg) - In the core network environment, all computers are within a common network managed by Active Directory Domain Services (AD DS). + - The secure zone represents higher-security core network computers that have extra firewall protection. + - The isolated lab environment is a workgroup that is physically separate from the core network, and its computers don't have internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab. -## VAMT user interface +## VAMT user interface The following screenshot shows the VAMT graphical user interface: @@ -58,7 +60,7 @@ VAMT provides a single, graphical user interface for managing activations, and f - **Managing product keys**: You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs. -- **Managing activation data**: VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. +- **Managing activation data**: VAMT stores activation data in an SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. ## Next steps diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md index b7e487c555..6cb46bb913 100644 --- a/windows/deployment/volume-activation/kms-activation-vamt.md +++ b/windows/deployment/volume-activation/kms-activation-vamt.md @@ -11,36 +11,53 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform KMS Activation +# Perform KMS activation The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products. ## Requirements Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements: + - KMS host is set up and enabled. + - KMS clients can access the KMS host. + - VAMT is installed on a central computer with network access to all client computers. + - The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md). -- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). + +- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure client computers](configure-client-computers-vamt.md). ## To configure devices for KMS activation -**To configure devices for KMS activation** 1. Open VAMT. + 2. If necessary, set up the KMS activation preferences. If you don't need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2. -3. To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + +3. To set up the preferences, on the menu bar select **View**, then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + 4. Under **Key Management Services host selection**, select one of the following options: - - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. - - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. - - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. -5. Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box. + + - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation. + + - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation. + + - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments that don't use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host. + +5. Select **Apply**, and then select **OK** to close the **Volume Activation Management Tool Preferences** dialog box. + 6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. -8. In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**. -9. Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using. -10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +7. Select **Filter**. VAMT displays the filtered list in the center pane. + +8. In the right-side pane, select **Activate** in the **Selected Items** menu, and then select **Volume activate**. + +9. Select a credential option. Choose **Alternate credentials** only if you're activating products that require administrator credentials different from the ones you're currently using. + +10. If you're supplying alternate credentials, at the prompt, type the appropriate user name and password and select **OK**. VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane. - diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md index cbc033c0cf..e761c3c2f5 100644 --- a/windows/deployment/volume-activation/local-reactivation-vamt.md +++ b/windows/deployment/volume-activation/local-reactivation-vamt.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform Local Reactivation +# Perform local reactivation If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer. Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key. @@ -19,26 +19,36 @@ Local reactivation relies upon data that was created during the initial proxy ac > [!NOTE] > During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft. -## To Perform a Local Reactivation +## To perform a local reactivation + +1. Open VAMT. Make sure that you're connected to the desired database. + +2. In the left-side pane, select the product you want to reactivate to display the products list. -**To perform a local reactivation** -1. Open VAMT. Make sure that you are connected to the desired database. -2. In the left-side pane, click the product you want to reactivate to display the products list. 3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**. -7. Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using. -8. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. - + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. In the right-side pane, select **Activate**, and then select **Apply Confirmation ID**. + +7. Select a credential option. Choose **Alternate credentials** only if you're reactivating products that require administrator credentials different from the ones you're currently using. + +8. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name, and password and select **OK**. + VAMT displays the **Apply Confirmation ID** dialog box. -10. If you are using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID. -11. If you are activating a product that requires administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** check box. -12. Click **OK**. +9. If you're using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID. -## Related topics +10. If you're activating a product that requires administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** check box. + +11. Select **OK**. + +## Related article - [Manage Activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md index b7fda50fbf..80263f739c 100644 --- a/windows/deployment/volume-activation/manage-activations-vamt.md +++ b/windows/deployment/volume-activation/manage-activations-vamt.md @@ -17,14 +17,11 @@ This section describes how to activate a client computer, by using various activ ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. | |[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that don't have Internet access. | |[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). | |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. | |[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to activate an Active Directory forest, online. | |[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that isn't connected to the Internet. | - - - diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md index e5354da617..423133a3b4 100644 --- a/windows/deployment/volume-activation/manage-product-keys-vamt.md +++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md @@ -13,14 +13,12 @@ ms.technology: itpro-fundamentals # Manage Product Keys -This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database. +This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product, or products you select in the VAMT database. + ## In this Section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. | |[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. | |[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. | - - - diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md index d4bbff284f..5d61f42b3b 100644 --- a/windows/deployment/volume-activation/manage-vamt-data.md +++ b/windows/deployment/volume-activation/manage-vamt-data.md @@ -16,7 +16,8 @@ ms.technology: itpro-fundamentals This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT). ## In this Section -|Topic |Description | -|------|------------| + +|Article |Description | +|-------|------------| |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. | |[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. | diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index f1671b98f8..c5b52eb8b8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -13,28 +13,30 @@ ms.technology: itpro-fundamentals # Monitor activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include: -- Using the Volume Licensing Service Center website to track use of MAK keys. -- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](/previous-versions//ff793433(v=technet.10)).) -- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.) -- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290). -- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager. -- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS). -- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section. -## See also +- Using the Volume Licensing Service Center website to track use of MAK keys. + +- Using the `Slmgr /dlv` command on a client computer or on the KMS host. For a full list of options, see [Slmgr.vbs options](/previous-versions//ff793433(v=technet.10)). + +- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it's available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.) + +- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290). + +- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager. + +- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS). + +- The VAMT provides a single site from which to manage and monitor volume activations. This feature is explained in the next section. + +## Related articles [Volume Activation for Windows 10](volume-activation-windows-10.md) diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md index f277366807..4e3c76dae1 100644 --- a/windows/deployment/volume-activation/online-activation-vamt.md +++ b/windows/deployment/volume-activation/online-activation-vamt.md @@ -11,42 +11,54 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Perform Online Activation +# Perform online activation You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key. ## Requirements Before performing online activation, ensure that the network and the VAMT installation meet the following requirements: + - VAMT is installed on a central computer that has network access to all client computers. + - Both the VAMT host and client computers have Internet access. + - The products that you want to activate are added to VAMT. + - VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking -**Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. +The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs. -## To Perform an Online Activation +## To perform an online activation -**To perform an online activation** 1. Open VAMT. + 2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + 5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -6. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. -7. Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +6. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane isn't displayed, select the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button. + +7. Point to **Online activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + +8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. > [!NOTE] > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation. - + > [!NOTE] > You can use online activation to select products that have different key types and activate the products at the same time. -## Related topics -- [Manage Activations](manage-activations-vamt.md) +## Related articles + +- [Manage activations](manage-activations-vamt.md) diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index 8708715c3f..e89a31bf6e 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -13,18 +13,13 @@ ms.technology: itpro-fundamentals # Plan for volume activation -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) *Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. @@ -50,7 +45,9 @@ OEM activation is valid as long as the customer uses the OEM-provided image on t ### Volume licensing Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: + - Have the license preinstalled through the OEM. + - Purchase a fully packaged retail product. The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. @@ -64,13 +61,19 @@ Volume licensing is also available through certain subscription or membership pr For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps. With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose: + - Online activation + - Telephone activation + - VAMT proxy activation Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models: + - MAKs + - KMS + - Active Directory-based activation > [!NOTE] @@ -123,7 +126,7 @@ A typical core network that includes a KMS host is shown in Figure 1. In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. -**Isolated for security** +#### Isolated for security Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. @@ -139,11 +142,16 @@ If the network is fully isolated, MAK-independent activation would be the recomm **Figure 2**. New KMS host in an isolated network -**Branch offices and distant networks** +#### Branch offices and distant networks + From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: + - **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. + - **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server. + - **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server. + - **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option. ### Disconnected computers @@ -166,7 +174,7 @@ Now it's time to assemble the pieces into a working solution. By evaluating your |Criterion |Activation method | |----------|------------------| |Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

Note
The core network must meet the KMS activation threshold. |KMS (central) | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold. |KMS (central) | |Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | @@ -174,13 +182,15 @@ Now it's time to assemble the pieces into a working solution. By evaluating your |Number of computers in test and development labs that will not be activated |None| |Number of computers that do not have a retail volume license |Retail (online or phone) | |Number of computers that do not have an OEM volume license |OEM (at factory) | -|Total number of computer activations

Note
This total should match the total number of licensed computers in your organization. | +|Total number of computer activations

**Note**
This total should match the total number of licensed computers in your organization. | ## Choosing and acquiring keys When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways: + - Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License. -- Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264). + +- Contact your [Microsoft activation center](https://go.microsoft.com/fwlink/p/?LinkId=618264). ### KMS host keys @@ -194,7 +204,7 @@ When you create installation media or images for client computers that will be a Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. -Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). +Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). ### Multiple activation keys @@ -209,18 +219,25 @@ A single KMS host can support unlimited numbers of KMS clients, but Microsoft re The flow of KMS activation is shown in Figure 3, and it follows this sequence: 1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key. + 2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. + 3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) + 4. A client configured with a GVLK uses DNS to locate the KMS host. + 5. The client sends one packet to the KMS host. + 6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. + 7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. + 8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) **Figure 3**. KMS activation flow -## See also +## Related articles + - [Volume Activation for Windows 10](volume-activation-windows-10.md) - From 424cc886c21fc165e4f65707eb95f6531c4b24d5 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:39:24 -0500 Subject: [PATCH 06/25] add more missing values to security3 --- .../hello-for-business/hello-hybrid-key-trust-devreg.md | 1 + .../hello-for-business/hello-hybrid-key-trust-dirsync.md | 1 + .../hello-for-business/hello-hybrid-key-trust-prereqs.md | 1 + .../hello-for-business/hello-hybrid-key-trust.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-provision.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-ad.md | 1 + .../hello-hybrid-key-whfb-settings-dir-sync.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings-policy.md | 1 + .../hello-for-business/hello-hybrid-key-whfb-settings.md | 1 + .../hello-for-business/hello-identity-verification.md | 1 + .../hello-for-business/hello-key-trust-adfs.md | 1 + .../hello-for-business/hello-key-trust-policy-settings.md | 1 + .../hello-for-business/hello-key-trust-validate-ad-prereq.md | 1 + .../hello-for-business/hello-key-trust-validate-deploy-mfa.md | 1 + .../hello-for-business/hello-key-trust-validate-pki.md | 1 + .../hello-for-business/hello-manage-in-organization.md | 1 + .../identity-protection/hello-for-business/hello-overview.md | 1 + .../hello-for-business/hello-planning-guide.md | 1 + .../hello-for-business/hello-prepare-people-to-use.md | 1 + .../identity-protection/hello-for-business/hello-videos.md | 1 + .../hello-for-business/hello-why-pin-is-better-than-password.md | 1 + .../hello-for-business/microsoft-compatible-security-key.md | 1 + .../hello-for-business/passwordless-strategy.md | 1 + .../identity-protection/hello-for-business/reset-security-key.md | 1 + .../hello-for-business/retired/hello-how-it-works.md | 1 + .../identity-protection/hello-for-business/webauthn-apis.md | 1 + windows/security/identity-protection/index.md | 1 + windows/security/identity-protection/password-support-policy.md | 1 + windows/security/identity-protection/remote-credential-guard.md | 1 + .../smart-cards/smart-card-and-remote-desktop-services.md | 1 + .../identity-protection/smart-cards/smart-card-architecture.md | 1 + .../smart-cards/smart-card-certificate-propagation-service.md | 1 + .../smart-card-certificate-requirements-and-enumeration.md | 1 + .../smart-cards/smart-card-debugging-information.md | 1 + .../identity-protection/smart-cards/smart-card-events.md | 1 + .../smart-cards/smart-card-group-policy-and-registry-settings.md | 1 + .../smart-card-how-smart-card-sign-in-works-in-windows.md | 1 + .../smart-cards/smart-card-removal-policy-service.md | 1 + .../smart-cards/smart-card-smart-cards-for-windows-service.md | 1 + .../smart-cards/smart-card-tools-and-settings.md | 1 + .../smart-card-windows-smart-card-technical-reference.md | 1 + .../user-account-control/how-user-account-control-works.md | 1 + ...ser-account-control-group-policy-and-registry-key-settings.md | 1 + .../user-account-control/user-account-control-overview.md | 1 + .../user-account-control-security-policy-settings.md | 1 + .../virtual-smart-card-deploy-virtual-smart-cards.md | 1 + .../virtual-smart-cards/virtual-smart-card-evaluate-security.md | 1 + .../virtual-smart-cards/virtual-smart-card-get-started.md | 1 + .../virtual-smart-cards/virtual-smart-card-overview.md | 1 + .../virtual-smart-cards/virtual-smart-card-tpmvscmgr.md | 1 + .../virtual-smart-card-understanding-and-evaluating.md | 1 + .../virtual-smart-card-use-virtual-smart-cards.md | 1 + ...nfigure-diffie-hellman-protocol-over-ikev2-vpn-connections.md | 1 + ...w-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md | 1 + windows/security/identity-protection/vpn/vpn-authentication.md | 1 + .../security/identity-protection/vpn/vpn-auto-trigger-profile.md | 1 + .../security/identity-protection/vpn/vpn-conditional-access.md | 1 + windows/security/identity-protection/vpn/vpn-connection-type.md | 1 + windows/security/identity-protection/vpn/vpn-guide.md | 1 + windows/security/identity-protection/vpn/vpn-name-resolution.md | 1 + .../identity-protection/vpn/vpn-office-365-optimization.md | 1 + windows/security/identity-protection/vpn/vpn-profile-options.md | 1 + windows/security/identity-protection/vpn/vpn-routing.md | 1 + 64 files changed, 64 insertions(+) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md index fd9fad17ad..60421b9698 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md index 58389706ba..883e949f0a 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md index 7e0ee11ade..a91f625b7b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md @@ -14,6 +14,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md index 139b688429..addf5f5a20 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Key Trust Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md index 7e8b605a06..85b0134eed 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning ## Provisioning diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md index 82635e9dc7..eefcf80dae 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 4/30/2021 +ms.technology: itpro-security --- # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory appliesto: diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md index 450505d7d9..4a6cacda34 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index f7988f68c5..899024b5f2 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index 7efeafa243..c014de2fb4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md index 7ab9f2066d..48fe302c63 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ Hybrid deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md index acc55181b3..1b10ff4e76 100644 --- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md +++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: article localizationpriority: medium ms.date: 2/15/2022 +ms.technology: itpro-security --- # Windows Hello for Business Deployment Prerequisite Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index bba82b4054..7bcdb76263 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index b5cae63015..f53e797115 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Configure Windows Hello for Business Policy settings - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md index 52f79740bf..a7cf2a4367 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate Active Directory prerequisites - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md index f2b2ad6a0c..42ee5bdd01 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate and Deploy Multifactor Authentication (MFA) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 4e174f4e5d..97af709387 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 11 - ✅ On-premises deployment - ✅ Key trust +ms.technology: itpro-security --- # Validate and Configure Public Key Infrastructure - Key Trust diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 040e423688..ef4ec913e4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -15,6 +15,7 @@ ms.date: 2/15/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Manage Windows Hello for Business in your organization diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md index 7a7fb4b8fe..eb85e9ca3b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-overview.md +++ b/windows/security/identity-protection/hello-for-business/hello-overview.md @@ -15,6 +15,7 @@ appliesto: - ✅ Windows 10 - ✅ Windows 11 - ✅ Windows Holographic for Business +ms.technology: itpro-security --- # Windows Hello for Business Overview diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md index a47024a34d..36ba184666 100644 --- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md +++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md @@ -14,6 +14,7 @@ ms.date: 09/16/2020 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Planning a Windows Hello for Business Deployment diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md index 4a53de6f97..78291dadbd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md +++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md @@ -13,6 +13,7 @@ ms.date: 08/19/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Prepare people to use Windows Hello diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md index 0cc2a08540..3a99c148bd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-videos.md +++ b/windows/security/identity-protection/hello-for-business/hello-videos.md @@ -13,6 +13,7 @@ ms.date: 07/26/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows Hello for Business Videos ## Overview of Windows Hello for Business and Features diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index d7dd7adec6..b6e68de3cc 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -15,6 +15,7 @@ ms.date: 10/23/2017 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Why a PIN is better than an online password diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index db16a0bdac..01125209e2 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 +ms.technology: itpro-security --- # What is a Microsoft-compatible security key? diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md index 6da7cc1034..5c2b1147af 100644 --- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md +++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md @@ -13,6 +13,7 @@ ms.date: 05/24/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Password-less strategy diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md index ecddd67b7f..bf8a6a57bf 100644 --- a/windows/security/identity-protection/hello-for-business/reset-security-key.md +++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md @@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management ms.topic: article localizationpriority: medium ms.date: 11/14/2018 +ms.technology: itpro-security --- # How to reset a Microsoft-compatible security key? > [!Warning] diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md index 21756b8260..4653d23331 100644 --- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md +++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md @@ -11,6 +11,7 @@ ms.topic: article appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How Windows Hello for Business works in Windows devices diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md index 9d8fa5c21b..afac158d28 100644 --- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md +++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md @@ -13,6 +13,7 @@ ms.date: 09/15/2022 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # WebAuthn APIs for passwordless authentication on Windows diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md index cf8573f679..efab24f84a 100644 --- a/windows/security/identity-protection/index.md +++ b/windows/security/identity-protection/index.md @@ -12,6 +12,7 @@ ms.date: 02/05/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Identity and access management diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md index 5b65618db7..fe76412c23 100644 --- a/windows/security/identity-protection/password-support-policy.md +++ b/windows/security/identity-protection/password-support-policy.md @@ -11,6 +11,7 @@ author: paolomatarazzo ms.author: paoloma manager: aaroncz ms.date: 11/20/2019 +ms.technology: itpro-security --- # Technical support policy for lost or forgotten passwords diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md index 81ceb05cfd..943feee191 100644 --- a/windows/security/identity-protection/remote-credential-guard.md +++ b/windows/security/identity-protection/remote-credential-guard.md @@ -14,6 +14,7 @@ ms.date: 01/12/2018 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Protect Remote Desktop credentials with Windows Defender Remote Credential Guard diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index 45274c687c..94d820ba53 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card and Remote Desktop Services diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 7277b044d4..8fdd044d15 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Architecture diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md index 00b2152267..664a098b48 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Certificate Propagation Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index 5707ce0650..eafc1a53ec 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Certificate Requirements and Enumeration diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md index 7604db531a..041be309ae 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md +++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Troubleshooting diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md index fd2d69b73f..82b2141687 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-events.md +++ b/windows/security/identity-protection/smart-cards/smart-card-events.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Events diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md index c32bc12fe2..9ba33317ac 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Group Policy and Registry Settings diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md index 7faa54e44a..75800f2ed8 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md +++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md @@ -17,6 +17,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # How Smart Card Sign-in Works in Windows diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md index bd2846b176..1dde909358 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Removal Policy Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md index af5b9e8bb6..60ec54e817 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md +++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Cards for Windows Service diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md index 106071d129..fe25ba9e7c 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md +++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Tools and Settings diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md index f1676735c7..073e9fb3e9 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md +++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md @@ -16,6 +16,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # Smart Card Technical Reference diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md index 49a56c854a..9736d287a0 100644 --- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md +++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # How User Account Control works diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md index 540e4342f1..aeae137539 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control Group Policy and registry key settings diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md index 39dfcbd0bc..1e1fb5f9a7 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md @@ -18,6 +18,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md index 040697c29c..2b860883d7 100644 --- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md +++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md @@ -17,6 +17,7 @@ appliesto: - ✅ Windows Server 2016 - ✅ Windows Server 2019 - ✅ Windows Server 2022 +ms.technology: itpro-security --- # User Account Control security policy settings diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md index 0f5fef56ab..7154750f0b 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Deploy Virtual Smart Cards diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md index f5ce64521a..8aff0f477f 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Evaluate Virtual Smart Card Security diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md index ab366df26d..3dbfc81372 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Get Started with Virtual Smart Cards: Walkthrough Guide diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md index acb3e89bb3..361c943258 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md @@ -12,6 +12,7 @@ ms.date: 10/13/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Virtual Smart Card Overview diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md index 45e7c18037..c4bbcf77bd 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Tpmvscmgr diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md index 6b9c28ede3..7145692213 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Understanding and Evaluating Virtual Smart Cards diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md index 713f1ab1f6..c8e7f675e5 100644 --- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md +++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md @@ -12,6 +12,7 @@ ms.date: 10/13/2017 appliesto: - ✅ Windows 10 - ✅ Windows Server 2016 +ms.technology: itpro-security --- # Use Virtual Smart Cards diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index 863eec92a6..5ca81d5c91 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How to configure Diffie Hellman protocol over IKEv2 VPN connections diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md index d7cefe3eee..4b167fab27 100644 --- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md +++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md @@ -10,6 +10,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md index 508f1851bc..fa541c4f87 100644 --- a/windows/security/identity-protection/vpn/vpn-authentication.md +++ b/windows/security/identity-protection/vpn/vpn-authentication.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN authentication options diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md index 84b2d6c66b..e7e1f831ab 100644 --- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md +++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN auto-triggered profile options diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md index 2589095203..5d7a695376 100644 --- a/windows/security/identity-protection/vpn/vpn-conditional-access.md +++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md @@ -11,6 +11,7 @@ ms.date: 09/23/2021 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN and conditional access diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md index 473b6fede7..c3b4995351 100644 --- a/windows/security/identity-protection/vpn/vpn-connection-type.md +++ b/windows/security/identity-protection/vpn/vpn-connection-type.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN connection types diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md index 54ef63f227..40331b878d 100644 --- a/windows/security/identity-protection/vpn/vpn-guide.md +++ b/windows/security/identity-protection/vpn/vpn-guide.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows VPN technical guide diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md index cc0d1c17d1..61fccf4518 100644 --- a/windows/security/identity-protection/vpn/vpn-name-resolution.md +++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN name resolution diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md index 3512900011..6e45c35a7e 100644 --- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md +++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md @@ -12,6 +12,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md index ca5caf8f25..ebd414e637 100644 --- a/windows/security/identity-protection/vpn/vpn-profile-options.md +++ b/windows/security/identity-protection/vpn/vpn-profile-options.md @@ -11,6 +11,7 @@ ms.date: 05/17/2018 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN profile options diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md index 8a4d2a49b8..195202fe24 100644 --- a/windows/security/identity-protection/vpn/vpn-routing.md +++ b/windows/security/identity-protection/vpn/vpn-routing.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN routing decisions From a9f6881484a6dd188a8fbd3ce55dd8411d1b4a01 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 16:54:26 -0500 Subject: [PATCH 07/25] add missing values --- .../security/identity-protection/vpn/vpn-security-features.md | 1 + .../windows-credential-theft-mitigation-guide-abstract.md | 1 + .../bitlocker/bcd-settings-and-bitlocker.md | 1 + .../bitlocker/bitlocker-basic-deployment.md | 1 + .../bitlocker/bitlocker-countermeasures.md | 1 + .../bitlocker/bitlocker-deployment-comparison.md | 1 + .../bitlocker/bitlocker-device-encryption-overview-windows-10.md | 1 + .../bitlocker/bitlocker-group-policy-settings.md | 1 + .../bitlocker/bitlocker-how-to-deploy-on-windows-server.md | 1 + .../bitlocker/bitlocker-how-to-enable-network-unlock.md | 1 + .../bitlocker/bitlocker-management-for-enterprises.md | 1 + .../information-protection/bitlocker/bitlocker-overview.md | 1 + .../bitlocker/bitlocker-recovery-loop-break.md | 1 + ...r-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md | 1 + .../bitlocker-use-bitlocker-recovery-password-viewer.md | 1 + ...pare-your-organization-for-bitlocker-planning-and-policies.md | 1 + ...er-shared-volumes-and-storage-area-networks-with-bitlocker.md | 1 + windows/security/information-protection/encrypted-hard-drive.md | 1 + windows/security/information-protection/index.md | 1 + .../kernel-dma-protection-for-thunderbolt.md | 1 + .../pluton/microsoft-pluton-security-processor.md | 1 + windows/security/information-protection/pluton/pluton-as-tpm.md | 1 + .../information-protection/secure-the-windows-10-boot-process.md | 1 + .../tpm/backup-tpm-recovery-information-to-ad-ds.md | 1 + .../information-protection/tpm/change-the-tpm-owner-password.md | 1 + .../information-protection/tpm/how-windows-uses-the-tpm.md | 1 + .../tpm/initialize-and-configure-ownership-of-the-tpm.md | 1 + .../security/information-protection/tpm/manage-tpm-commands.md | 1 + .../security/information-protection/tpm/manage-tpm-lockout.md | 1 + .../tpm/switch-pcr-banks-on-tpm-2-0-devices.md | 1 + windows/security/information-protection/tpm/tpm-fundamentals.md | 1 + .../security/information-protection/tpm/tpm-recommendations.md | 1 + .../tpm/trusted-platform-module-overview.md | 1 + .../trusted-platform-module-services-group-policy-settings.md | 1 + .../tpm/trusted-platform-module-top-node.md | 1 + .../windows-information-protection/app-behavior-with-wip.md | 1 + .../collect-wip-audit-event-logs.md | 1 + .../create-and-verify-an-efs-dra-certificate.md | 1 + .../create-vpn-and-wip-policy-using-intune-azure.md | 1 + .../create-wip-policy-using-configmgr.md | 1 + .../create-wip-policy-using-intune-azure.md | 1 + .../deploy-wip-policy-using-intune-azure.md | 1 + .../enlightened-microsoft-apps-and-wip.md | 1 + .../guidance-and-best-practices-wip.md | 1 + .../windows-information-protection/how-to-disable-wip.md | 1 + .../windows-information-protection/limitations-with-wip.md | 1 + .../windows-information-protection/mandatory-settings-for-wip.md | 1 + .../overview-create-wip-policy-configmgr.md | 1 + .../windows-information-protection/overview-create-wip-policy.md | 1 + .../protect-enterprise-data-using-wip.md | 1 + .../recommended-network-definitions-for-wip.md | 1 + .../windows-information-protection/testing-scenarios-for-wip.md | 1 + .../windows-information-protection/using-owa-with-wip.md | 1 + .../windows-information-protection/wip-app-enterprise-context.md | 1 + .../windows-information-protection/wip-learning.md | 1 + 55 files changed, 55 insertions(+) diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md index 852ee0c9d5..d21e11182a 100644 --- a/windows/security/identity-protection/vpn/vpn-security-features.md +++ b/windows/security/identity-protection/vpn/vpn-security-features.md @@ -11,6 +11,7 @@ ms.reviewer: pesmith appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # VPN security features diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md index 1e475ba610..9b7bb26672 100644 --- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md +++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md @@ -12,6 +12,7 @@ ms.date: 04/19/2017 appliesto: - ✅ Windows 10 - ✅ Windows 11 +ms.technology: itpro-security --- # Windows Credential Theft Mitigation Guide Abstract diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md index 4a3b3e57ca..a2bd69a418 100644 --- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Boot Configuration Data settings and BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md index 76f08567b4..9e61120973 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md +++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker basic deployment diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md index 857466fec6..e515250330 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md +++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker Countermeasures diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md index 58f168e9a7..50fa530e4f 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md +++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/20/2021 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker deployment comparison diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md index 9ee83c9b95..314bdaff4d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md +++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 03/10/2022 ms.custom: bitlocker +ms.technology: itpro-security --- # Overview of BitLocker Device Encryption in Windows diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md index 8f2e37d39f..2294d0cd3e 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md +++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 04/17/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker group policy settings diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md index 17dd8a1f09..531619802d 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: How to deploy on Windows Server 2012 and later diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md index 4face62ddf..0865f08910 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md +++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: How to enable network unlock diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md index cc4705af8e..55b4f6d837 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md +++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md @@ -11,6 +11,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker management for enterprises diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md index 8d83958580..10c1086676 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-overview.md +++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 01/26/2018 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md index 62c8fe56d0..30291fe4c7 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md +++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 10/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Breaking out of a BitLocker recovery loop diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index c276611731..8dd862bb76 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md index 56d645428f..5d93cacbd9 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md @@ -13,6 +13,7 @@ ms.collection: ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # BitLocker: Use BitLocker Recovery Password Viewer diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md index 079b849ca8..054be23605 100644 --- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md +++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md @@ -12,6 +12,7 @@ ms.collection: ms.topic: conceptual ms.date: 04/24/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Prepare your organization for BitLocker: Planning and policies diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md index 803ad864c1..e8b8312363 100644 --- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md +++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md @@ -11,6 +11,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/28/2019 ms.custom: bitlocker +ms.technology: itpro-security --- # Protecting cluster shared volumes and storage area networks with BitLocker diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md index 33e815d670..96c61886e5 100644 --- a/windows/security/information-protection/encrypted-hard-drive.md +++ b/windows/security/information-protection/encrypted-hard-drive.md @@ -7,6 +7,7 @@ ms.author: dansimp ms.prod: windows-client author: dulcemontemayor ms.date: 04/02/2019 +ms.technology: itpro-security --- # Encrypted Hard Drive diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md index c95e39d0c0..39c23c342b 100644 --- a/windows/security/information-protection/index.md +++ b/windows/security/information-protection/index.md @@ -8,6 +8,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 10/10/2018 +ms.technology: itpro-security --- # Information protection diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md index 147e0ad051..63520fd7a9 100644 --- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md +++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md @@ -10,6 +10,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 03/26/2019 +ms.technology: itpro-security --- # Kernel DMA Protection diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md index 3939be9c9d..b80634992b 100644 --- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md +++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md @@ -13,6 +13,7 @@ ms.topic: conceptual ms.date: 09/15/2022 appliesto: - ✅ Windows 11, version 22H2 +ms.technology: itpro-security --- # Microsoft Pluton security processor diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/information-protection/pluton/pluton-as-tpm.md index 2eba011694..17a05782e9 100644 --- a/windows/security/information-protection/pluton/pluton-as-tpm.md +++ b/windows/security/information-protection/pluton/pluton-as-tpm.md @@ -13,6 +13,7 @@ ms.topic: conceptual ms.date: 09/15/2022 appliesto: - ✅ Windows 11, version 22H2 +ms.technology: itpro-security --- # Microsoft Pluton as Trusted Platform Module diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md index fec7e2f25b..95230d2990 100644 --- a/windows/security/information-protection/secure-the-windows-10-boot-process.md +++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md @@ -11,6 +11,7 @@ ms.collection: ms.topic: conceptual ms.date: 05/12/2022 ms.author: dansimp +ms.technology: itpro-security --- # Secure the Windows boot process diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md index 88de60b907..5122a7ca67 100644 --- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md +++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 +ms.technology: itpro-security --- # Back up the TPM recovery information to AD DS diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md index 16f70af2df..5dd050c200 100644 --- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md +++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/18/2022 +ms.technology: itpro-security --- # Change the TPM owner password diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 8dac1018ca..bd02dc2445 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -11,6 +11,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/03/2021 +ms.technology: itpro-security --- # How Windows uses the Trusted Platform Module diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index f0ed4e0e7e..77acd1c9f9 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -11,6 +11,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Troubleshoot the TPM diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md index fabbf667ac..4dae6be6e1 100644 --- a/windows/security/information-protection/tpm/manage-tpm-commands.md +++ b/windows/security/information-protection/tpm/manage-tpm-commands.md @@ -9,6 +9,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Manage TPM commands diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md index ab7e5f71c9..90cfc7c9ac 100644 --- a/windows/security/information-protection/tpm/manage-tpm-lockout.md +++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md @@ -9,6 +9,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Manage TPM lockout diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md index 81449edff3..4abbc40f2d 100644 --- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md +++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Understanding PCR banks on TPM 2.0 devices diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md index 84966ce948..4b69fd9484 100644 --- a/windows/security/information-protection/tpm/tpm-fundamentals.md +++ b/windows/security/information-protection/tpm/tpm-fundamentals.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 12/27/2021 +ms.technology: itpro-security --- # TPM fundamentals diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md index 816f36c806..4cdc7ef9f0 100644 --- a/windows/security/information-protection/tpm/tpm-recommendations.md +++ b/windows/security/information-protection/tpm/tpm-recommendations.md @@ -12,6 +12,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # TPM recommendations diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index 8a21a83f1c..06be1d344b 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -12,6 +12,7 @@ ms.collection: - highpri ms.topic: conceptual adobe-target: true +ms.technology: itpro-security --- # Trusted Platform Module Technology Overview diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md index d81a34cdbe..a9ccf2a714 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md @@ -10,6 +10,7 @@ ms.collection: - M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # TPM Group Policy settings diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md index dc338ea85c..59a276f5ee 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md @@ -11,6 +11,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 09/06/2021 +ms.technology: itpro-security --- # Trusted Platform Module diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md index 16301e0592..687a9b8a7e 100644 --- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md index 19987b59ef..0949bc418e 100644 --- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md +++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # How to collect Windows Information Protection (WIP) audit event logs diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md index 452dcc0cac..76c6da850e 100644 --- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md +++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md @@ -10,6 +10,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md index 84d2cbd34e..b7624b94f7 100644 --- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Associate and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md index a5f4831ea5..f4c9cd0e4a 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md @@ -10,6 +10,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create and deploy a Windows Information Protection policy in Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md index 55a76f28af..1294e3f168 100644 --- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md @@ -9,6 +9,7 @@ ms.reviewer: rafals ms.collection: M365-security-compliance ms.topic: how-to ms.date: 07/15/2022 +ms.technology: itpro-security --- # Create a Windows Information Protection policy in Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md index 9a285c4817..6578e9bc6c 100644 --- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md +++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 ms.reviewer: +ms.technology: itpro-security --- # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md index 7960ef2c04..6cea050345 100644 --- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md +++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/02/2019 +ms.technology: itpro-security --- # List of enlightened Microsoft apps for use with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md index 3c84852f67..6f758d95da 100644 --- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md +++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # General guidance and best practices for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md index a37766ca18..8356183a84 100644 --- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md +++ b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md @@ -9,6 +9,7 @@ author: lizgt2000 ms.author: lizlong ms.reviewer: aaroncz manager: dougeby +ms.technology: itpro-security --- # How to disable Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md index 1679964f76..de06121632 100644 --- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/05/2019 ms.localizationpriority: medium +ms.technology: itpro-security --- # Limitations while using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md index 1bb878384d..9f086b7f07 100644 --- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 05/25/2022 ms.reviewer: +ms.technology: itpro-security --- # Mandatory tasks and settings required to turn on Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md index e2f1e9a416..076aac8eaf 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md index 6a28d6795c..49798db25b 100644 --- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md +++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/11/2019 +ms.technology: itpro-security --- # Create a Windows Information Protection (WIP) policy using Microsoft Intune diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md index f73f212820..9992aec7b6 100644 --- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md +++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md @@ -11,6 +11,7 @@ ms.collection: - M365-security-compliance ms.topic: overview ms.date: 07/15/2022 +ms.technology: itpro-security --- # Protect your enterprise data using Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md index cf10227eb8..fef7dcfa1e 100644 --- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/25/2019 ms.reviewer: +ms.technology: itpro-security --- # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md index 7115c88cc2..35d93c25c4 100644 --- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md +++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md @@ -10,6 +10,7 @@ manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 03/05/2019 +ms.technology: itpro-security --- # Testing scenarios for Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md index bff685e23b..5f413c3657 100644 --- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md +++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Using Outlook on the web with Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md index 554b5b2662..37cf054aa4 100644 --- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md +++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md @@ -10,6 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 ms.reviewer: +ms.technology: itpro-security --- # Determine the Enterprise Context of an app running in Windows Information Protection (WIP) diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md index f5d1914f60..8f15eb8d9c 100644 --- a/windows/security/information-protection/windows-information-protection/wip-learning.md +++ b/windows/security/information-protection/windows-information-protection/wip-learning.md @@ -10,6 +10,7 @@ manager: dougeby ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 02/26/2019 +ms.technology: itpro-security --- # Fine-tune Windows Information Protection (WIP) with WIP Learning From c2739595f617e1c0afc1d0030d673c400709fa1e Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:04:52 -0500 Subject: [PATCH 08/25] add missing to security5 --- windows/security/threat-protection/auditing/event-4774.md | 2 +- windows/security/threat-protection/auditing/event-5059.md | 4 ++-- windows/security/threat-protection/auditing/event-5060.md | 4 ++-- windows/security/threat-protection/auditing/event-5061.md | 4 ++-- windows/security/threat-protection/auditing/event-5062.md | 4 ++-- windows/security/threat-protection/auditing/event-5063.md | 4 ++-- windows/security/threat-protection/auditing/event-5064.md | 4 ++-- windows/security/threat-protection/auditing/event-5065.md | 4 ++-- windows/security/threat-protection/auditing/event-5066.md | 4 ++-- windows/security/threat-protection/auditing/event-5067.md | 4 ++-- windows/security/threat-protection/auditing/event-5068.md | 4 ++-- windows/security/threat-protection/auditing/event-5069.md | 4 ++-- windows/security/threat-protection/auditing/event-5070.md | 4 ++-- windows/security/threat-protection/auditing/event-5136.md | 4 ++-- windows/security/threat-protection/auditing/event-5137.md | 4 ++-- windows/security/threat-protection/auditing/event-5138.md | 4 ++-- windows/security/threat-protection/auditing/event-5139.md | 4 ++-- windows/security/threat-protection/auditing/event-5140.md | 4 ++-- windows/security/threat-protection/auditing/event-5141.md | 4 ++-- windows/security/threat-protection/auditing/event-5142.md | 4 ++-- windows/security/threat-protection/auditing/event-5143.md | 4 ++-- windows/security/threat-protection/auditing/event-5144.md | 4 ++-- windows/security/threat-protection/auditing/event-5145.md | 4 ++-- windows/security/threat-protection/auditing/event-5148.md | 4 ++-- windows/security/threat-protection/auditing/event-5149.md | 4 ++-- windows/security/threat-protection/auditing/event-5150.md | 4 ++-- windows/security/threat-protection/auditing/event-5151.md | 4 ++-- windows/security/threat-protection/auditing/event-5152.md | 4 ++-- windows/security/threat-protection/auditing/event-5153.md | 4 ++-- windows/security/threat-protection/auditing/event-5154.md | 4 ++-- windows/security/threat-protection/auditing/event-5155.md | 4 ++-- windows/security/threat-protection/auditing/event-5156.md | 4 ++-- windows/security/threat-protection/auditing/event-5157.md | 4 ++-- windows/security/threat-protection/auditing/event-5158.md | 4 ++-- windows/security/threat-protection/auditing/event-5159.md | 4 ++-- windows/security/threat-protection/auditing/event-5168.md | 4 ++-- windows/security/threat-protection/auditing/event-5376.md | 4 ++-- windows/security/threat-protection/auditing/event-5377.md | 4 ++-- windows/security/threat-protection/auditing/event-5378.md | 4 ++-- windows/security/threat-protection/auditing/event-5447.md | 4 ++-- windows/security/threat-protection/auditing/event-5632.md | 6 +++--- windows/security/threat-protection/auditing/event-5633.md | 4 ++-- windows/security/threat-protection/auditing/event-5712.md | 4 ++-- windows/security/threat-protection/auditing/event-5888.md | 4 ++-- windows/security/threat-protection/auditing/event-5889.md | 4 ++-- windows/security/threat-protection/auditing/event-5890.md | 4 ++-- windows/security/threat-protection/auditing/event-6144.md | 4 ++-- windows/security/threat-protection/auditing/event-6145.md | 4 ++-- windows/security/threat-protection/auditing/event-6281.md | 4 ++-- windows/security/threat-protection/auditing/event-6400.md | 4 ++-- windows/security/threat-protection/auditing/event-6401.md | 4 ++-- windows/security/threat-protection/auditing/event-6402.md | 4 ++-- windows/security/threat-protection/auditing/event-6403.md | 4 ++-- windows/security/threat-protection/auditing/event-6404.md | 4 ++-- windows/security/threat-protection/auditing/event-6405.md | 4 ++-- windows/security/threat-protection/auditing/event-6406.md | 4 ++-- .../block-untrusted-fonts-in-enterprise.md | 4 ++-- windows/security/threat-protection/fips-140-validation.md | 4 ++-- .../threat-protection/get-support-for-security-baselines.md | 4 ++-- windows/security/threat-protection/index.md | 4 ++-- .../security/threat-protection/mbsa-removal-and-guidance.md | 4 ++-- .../threat-protection/msft-security-dev-lifecycle.md | 4 ++-- ...-mitigation-options-for-app-related-security-policies.md | 4 ++-- .../overview-of-threat-mitigations-in-windows-10.md | 4 ++-- ...by-controlling-the-health-of-windows-10-based-devices.md | 6 +++--- 65 files changed, 131 insertions(+), 131 deletions(-) diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md index 2301e2110f..4cf831e05b 100644 --- a/windows/security/threat-protection/auditing/event-4774.md +++ b/windows/security/threat-protection/auditing/event-4774.md @@ -8,7 +8,7 @@ ms.sitesec: library ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/07/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa ms.technology: itpro-security diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md index 6c069ab814..26cd95b0d4 100644 --- a/windows/security/threat-protection/auditing/event-5059.md +++ b/windows/security/threat-protection/auditing/event-5059.md @@ -2,7 +2,7 @@ title: 5059(S, F) Key migration operation. (Windows 10) description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5059(S, F): Key migration operation. diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md index 00c3fc26b4..1a65f76633 100644 --- a/windows/security/threat-protection/auditing/event-5060.md +++ b/windows/security/threat-protection/auditing/event-5060.md @@ -2,7 +2,7 @@ title: 5060(F) Verification operation failed. (Windows 10) description: Describes security event 5060(F) Verification operation failed. This event is generated when the CNG verification operation fails. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5060(F): Verification operation failed. diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md index 2b6cc4b64c..d47254485f 100644 --- a/windows/security/threat-protection/auditing/event-5061.md +++ b/windows/security/threat-protection/auditing/event-5061.md @@ -2,7 +2,7 @@ title: 5061(S, F) Cryptographic operation. (Windows 10) description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5061(S, F): Cryptographic operation. diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md index b038353b7d..08b0f7bce0 100644 --- a/windows/security/threat-protection/auditing/event-5062.md +++ b/windows/security/threat-protection/auditing/event-5062.md @@ -2,7 +2,7 @@ title: 5062(S) A kernel-mode cryptographic self-test was performed. (Windows 10) description: Describes security event 5062(S) A kernel-mode cryptographic self-test was performed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5062(S): A kernel-mode cryptographic self-test was performed. diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md index 52e68d3dbd..784019bc18 100644 --- a/windows/security/threat-protection/auditing/event-5063.md +++ b/windows/security/threat-protection/auditing/event-5063.md @@ -2,7 +2,7 @@ title: 5063(S, F) A cryptographic provider operation was attempted. (Windows 10) description: Describes security event 5063(S, F) A cryptographic provider operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5063(S, F): A cryptographic provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md index 9dd6ca5e47..807d3ee45d 100644 --- a/windows/security/threat-protection/auditing/event-5064.md +++ b/windows/security/threat-protection/auditing/event-5064.md @@ -2,7 +2,7 @@ title: 5064(S, F) A cryptographic context operation was attempted. (Windows 10) description: Describes security event 5064(S, F) A cryptographic context operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5064(S, F): A cryptographic context operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md index 46772ff759..3e978d64a3 100644 --- a/windows/security/threat-protection/auditing/event-5065.md +++ b/windows/security/threat-protection/auditing/event-5065.md @@ -2,7 +2,7 @@ title: 5065(S, F) A cryptographic context modification was attempted. (Windows 10) description: Describes security event 5065(S, F) A cryptographic context modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5065(S, F): A cryptographic context modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md index 1a4dd7ae96..e834a9e584 100644 --- a/windows/security/threat-protection/auditing/event-5066.md +++ b/windows/security/threat-protection/auditing/event-5066.md @@ -2,7 +2,7 @@ title: 5066(S, F) A cryptographic function operation was attempted. (Windows 10) description: Describes security event 5066(S, F) A cryptographic function operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5066(S, F): A cryptographic function operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md index 01b6ce22cb..5aa395a688 100644 --- a/windows/security/threat-protection/auditing/event-5067.md +++ b/windows/security/threat-protection/auditing/event-5067.md @@ -2,7 +2,7 @@ title: 5067(S, F) A cryptographic function modification was attempted. (Windows 10) description: Describes security event 5067(S, F) A cryptographic function modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5067(S, F): A cryptographic function modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md index c365519a4c..814ea02d50 100644 --- a/windows/security/threat-protection/auditing/event-5068.md +++ b/windows/security/threat-protection/auditing/event-5068.md @@ -2,7 +2,7 @@ title: 5068(S, F) A cryptographic function provider operation was attempted. (Windows 10) description: Describes security event 5068(S, F) A cryptographic function provider operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5068(S, F): A cryptographic function provider operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md index 68a9da47b3..b8d6466c09 100644 --- a/windows/security/threat-protection/auditing/event-5069.md +++ b/windows/security/threat-protection/auditing/event-5069.md @@ -2,7 +2,7 @@ title: 5069(S, F) A cryptographic function property operation was attempted. (Windows 10) description: Describes security event 5069(S, F) A cryptographic function property operation was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5069(S, F): A cryptographic function property operation was attempted. diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md index 85ccd666f0..1232c68bd4 100644 --- a/windows/security/threat-protection/auditing/event-5070.md +++ b/windows/security/threat-protection/auditing/event-5070.md @@ -2,7 +2,7 @@ title: 5070(S, F) A cryptographic function property modification was attempted. (Windows 10) description: Describes security event 5070(S, F) A cryptographic function property modification was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5070(S, F): A cryptographic function property modification was attempted. diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md index d58033c0a7..97f862f3a6 100644 --- a/windows/security/threat-protection/auditing/event-5136.md +++ b/windows/security/threat-protection/auditing/event-5136.md @@ -2,7 +2,7 @@ title: 5136(S) A directory service object was modified. (Windows 10) description: Describes security event 5136(S) A directory service object was modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5136(S): A directory service object was modified. diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md index a0d084c4f8..072f6dede2 100644 --- a/windows/security/threat-protection/auditing/event-5137.md +++ b/windows/security/threat-protection/auditing/event-5137.md @@ -2,7 +2,7 @@ title: 5137(S) A directory service object was created. (Windows 10) description: Describes security event 5137(S) A directory service object was created. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5137(S): A directory service object was created. diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md index abb03c8027..5fcb9a3381 100644 --- a/windows/security/threat-protection/auditing/event-5138.md +++ b/windows/security/threat-protection/auditing/event-5138.md @@ -2,7 +2,7 @@ title: 5138(S) A directory service object was undeleted. (Windows 10) description: Describes security event 5138(S) A directory service object was undeleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5138(S): A directory service object was undeleted. diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md index ca0b1825f9..e89fd1eb91 100644 --- a/windows/security/threat-protection/auditing/event-5139.md +++ b/windows/security/threat-protection/auditing/event-5139.md @@ -2,7 +2,7 @@ title: 5139(S) A directory service object was moved. (Windows 10) description: Describes security event 5139(S) A directory service object was moved. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5139(S): A directory service object was moved. diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md index ea890e4738..5d72bf2c8c 100644 --- a/windows/security/threat-protection/auditing/event-5140.md +++ b/windows/security/threat-protection/auditing/event-5140.md @@ -2,7 +2,7 @@ title: 5140(S, F) A network share object was accessed. (Windows 10) description: Describes security event 5140(S, F) A network share object was accessed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5140(S, F): A network share object was accessed. diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md index fbc9435158..d7ba9c67d4 100644 --- a/windows/security/threat-protection/auditing/event-5141.md +++ b/windows/security/threat-protection/auditing/event-5141.md @@ -2,7 +2,7 @@ title: 5141(S) A directory service object was deleted. (Windows 10) description: Describes security event 5141(S) A directory service object was deleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5141(S): A directory service object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md index 74e31d363f..6930a066d4 100644 --- a/windows/security/threat-protection/auditing/event-5142.md +++ b/windows/security/threat-protection/auditing/event-5142.md @@ -2,7 +2,7 @@ title: 5142(S) A network share object was added. (Windows 10) description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5142(S): A network share object was added. diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md index e485322da4..ccfe6641b0 100644 --- a/windows/security/threat-protection/auditing/event-5143.md +++ b/windows/security/threat-protection/auditing/event-5143.md @@ -2,7 +2,7 @@ title: 5143(S) A network share object was modified. (Windows 10) description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5143(S): A network share object was modified. diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md index 50f697a96f..69aa754e48 100644 --- a/windows/security/threat-protection/auditing/event-5144.md +++ b/windows/security/threat-protection/auditing/event-5144.md @@ -2,7 +2,7 @@ title: 5144(S) A network share object was deleted. (Windows 10) description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5144(S): A network share object was deleted. diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md index 782cdb4911..8f47f2b4d1 100644 --- a/windows/security/threat-protection/auditing/event-5145.md +++ b/windows/security/threat-protection/auditing/event-5145.md @@ -2,7 +2,7 @@ title: 5145(S, F) A network share object was checked to see whether client can be granted desired access. (Windows 10) description: Describes security event 5145(S, F) A network share object was checked to see whether client can be granted desired access. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5145(S, F): A network share object was checked to see whether client can be granted desired access. diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md index 109b4da544..bb9ab2267c 100644 --- a/windows/security/threat-protection/auditing/event-5148.md +++ b/windows/security/threat-protection/auditing/event-5148.md @@ -2,7 +2,7 @@ title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10) description: Details on Security event 5148(F), The Windows Filtering Platform has detected a DoS attack and entered a defensive mode. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md index b94279645b..0e4b73fcde 100644 --- a/windows/security/threat-protection/auditing/event-5149.md +++ b/windows/security/threat-protection/auditing/event-5149.md @@ -2,7 +2,7 @@ title: 5149(F) The DoS attack has subsided and normal processing is being resumed. (Windows 10) description: Describes security event 5149(F) The DoS attack has subsided and normal processing is being resumed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5149(F): The DoS attack has subsided and normal processing is being resumed. diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md index 23c35f76d7..f1310cde61 100644 --- a/windows/security/threat-protection/auditing/event-5150.md +++ b/windows/security/threat-protection/auditing/event-5150.md @@ -2,7 +2,7 @@ title: 5150(-) The Windows Filtering Platform blocked a packet. (Windows 10) description: Describes security event 5150(-) The Windows Filtering Platform blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5150(-): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md index 239d0556a2..bf55e6a6eb 100644 --- a/windows/security/threat-protection/auditing/event-5151.md +++ b/windows/security/threat-protection/auditing/event-5151.md @@ -2,7 +2,7 @@ title: 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10) description: Describes security event 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md index 7fd8072d96..27438881cb 100644 --- a/windows/security/threat-protection/auditing/event-5152.md +++ b/windows/security/threat-protection/auditing/event-5152.md @@ -2,7 +2,7 @@ title: 5152(F) The Windows Filtering Platform blocked a packet. (Windows 10) description: Describes security event 5152(F) The Windows Filtering Platform blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5152(F): The Windows Filtering Platform blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md index 355b963812..f7a61cc8fe 100644 --- a/windows/security/threat-protection/auditing/event-5153.md +++ b/windows/security/threat-protection/auditing/event-5153.md @@ -2,7 +2,7 @@ title: 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10) description: Describes security event 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet. diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md index 4ada326421..2002fbb907 100644 --- a/windows/security/threat-protection/auditing/event-5154.md +++ b/windows/security/threat-protection/auditing/event-5154.md @@ -2,7 +2,7 @@ title: 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. (Windows 10) description: Describes security event 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md index b24e159daf..94377b1098 100644 --- a/windows/security/threat-protection/auditing/event-5155.md +++ b/windows/security/threat-protection/auditing/event-5155.md @@ -2,7 +2,7 @@ title: 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. (Windows 10) description: Describes security event 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md index a22acae52c..fbe87f79bc 100644 --- a/windows/security/threat-protection/auditing/event-5156.md +++ b/windows/security/threat-protection/auditing/event-5156.md @@ -2,7 +2,7 @@ title: 5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10) description: Describes security event 5156(S) The Windows Filtering Platform has permitted a connection. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5156(S): The Windows Filtering Platform has permitted a connection. diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md index c555d5aa36..6967921a48 100644 --- a/windows/security/threat-protection/auditing/event-5157.md +++ b/windows/security/threat-protection/auditing/event-5157.md @@ -2,7 +2,7 @@ title: 5157(F) The Windows Filtering Platform has blocked a connection. (Windows 10) description: Describes security event 5157(F) The Windows Filtering Platform has blocked a connection. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5157(F): The Windows Filtering Platform has blocked a connection. diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md index 1255e8d0bb..af16821b1f 100644 --- a/windows/security/threat-protection/auditing/event-5158.md +++ b/windows/security/threat-protection/auditing/event-5158.md @@ -2,7 +2,7 @@ title: 5158(S) The Windows Filtering Platform has permitted a bind to a local port. (Windows 10) description: Describes security event 5158(S) The Windows Filtering Platform has permitted a bind to a local port. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5158(S): The Windows Filtering Platform has permitted a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md index bbd1141c71..5ecd816d89 100644 --- a/windows/security/threat-protection/auditing/event-5159.md +++ b/windows/security/threat-protection/auditing/event-5159.md @@ -2,7 +2,7 @@ title: 5159(F) The Windows Filtering Platform has blocked a bind to a local port. (Windows 10) description: Describes security event 5159(F) The Windows Filtering Platform has blocked a bind to a local port. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5159(F): The Windows Filtering Platform has blocked a bind to a local port. diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md index 1b97127e7f..3b59d54629 100644 --- a/windows/security/threat-protection/auditing/event-5168.md +++ b/windows/security/threat-protection/auditing/event-5168.md @@ -2,7 +2,7 @@ title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10) description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5168(F): SPN check for SMB/SMB2 failed. diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md index eaa77a9e64..3145af538e 100644 --- a/windows/security/threat-protection/auditing/event-5376.md +++ b/windows/security/threat-protection/auditing/event-5376.md @@ -2,7 +2,7 @@ title: 5376(S) Credential Manager credentials were backed up. (Windows 10) description: Describes security event 5376(S) Credential Manager credentials were backed up. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5376(S): Credential Manager credentials were backed up. diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md index fd9c84db3a..a60bd13f29 100644 --- a/windows/security/threat-protection/auditing/event-5377.md +++ b/windows/security/threat-protection/auditing/event-5377.md @@ -2,7 +2,7 @@ title: 5377(S) Credential Manager credentials were restored from a backup. (Windows 10) description: Describes security event 5377(S) Credential Manager credentials were restored from a backup. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5377(S): Credential Manager credentials were restored from a backup. diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md index d25246b249..64f48471be 100644 --- a/windows/security/threat-protection/auditing/event-5378.md +++ b/windows/security/threat-protection/auditing/event-5378.md @@ -2,7 +2,7 @@ title: 5378(F) The requested credentials delegation was disallowed by policy. (Windows 10) description: Describes security event 5378(F) The requested credentials delegation was disallowed by policy. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5378(F): The requested credentials delegation was disallowed by policy. diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md index 801d206b0b..732d1ae81e 100644 --- a/windows/security/threat-protection/auditing/event-5447.md +++ b/windows/security/threat-protection/auditing/event-5447.md @@ -2,7 +2,7 @@ title: 5447(S) A Windows Filtering Platform filter has been changed. (Windows 10) description: Describes security event 5447(S) A Windows Filtering Platform filter has been changed. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5447(S): A Windows Filtering Platform filter has been changed. diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md index 26c41df186..b5af7f21a3 100644 --- a/windows/security/threat-protection/auditing/event-5632.md +++ b/windows/security/threat-protection/auditing/event-5632.md @@ -2,16 +2,16 @@ title: 5632(S, F) A request was made to authenticate to a wireless network. (Windows 10) description: Describes security event 5632(S, F) A request was made to authenticate to a wireless network. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none author: vinaypamnani-msft ms.date: 09/08/2021 -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5632(S, F): A request was made to authenticate to a wireless network. diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md index e0591f9a05..1583b0b945 100644 --- a/windows/security/threat-protection/auditing/event-5633.md +++ b/windows/security/threat-protection/auditing/event-5633.md @@ -2,7 +2,7 @@ title: 5633(S, F) A request was made to authenticate to a wired network. (Windows 10) description: Describes security event 5633(S, F) A request was made to authenticate to a wired network. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5633(S, F): A request was made to authenticate to a wired network. diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md index dbafd70da3..d0dc85fe45 100644 --- a/windows/security/threat-protection/auditing/event-5712.md +++ b/windows/security/threat-protection/auditing/event-5712.md @@ -2,7 +2,7 @@ title: 5712(S) A Remote Procedure Call (RPC) was attempted. (Windows 10) description: Describes security event 5712(S) A Remote Procedure Call (RPC) was attempted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5712(S): A Remote Procedure Call (RPC) was attempted. diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md index 0ac72b6488..5c45a9698a 100644 --- a/windows/security/threat-protection/auditing/event-5888.md +++ b/windows/security/threat-protection/auditing/event-5888.md @@ -2,7 +2,7 @@ title: 5888(S) An object in the COM+ Catalog was modified. (Windows 10) description: Describes security event 5888(S) An object in the COM+ Catalog was modified. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5888(S): An object in the COM+ Catalog was modified. diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md index 821162c968..3b60e803d9 100644 --- a/windows/security/threat-protection/auditing/event-5889.md +++ b/windows/security/threat-protection/auditing/event-5889.md @@ -2,7 +2,7 @@ title: 5889(S) An object was deleted from the COM+ Catalog. (Windows 10) description: Describes security event 5889(S) An object was deleted from the COM+ Catalog. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5889(S): An object was deleted from the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md index a59fadc788..09c79bee05 100644 --- a/windows/security/threat-protection/auditing/event-5890.md +++ b/windows/security/threat-protection/auditing/event-5890.md @@ -2,7 +2,7 @@ title: 5890(S) An object was added to the COM+ Catalog. (Windows 10) description: Describes security event 5890(S) An object was added to the COM+ Catalog. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 5890(S): An object was added to the COM+ Catalog. diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md index 959f1b969c..dfad64c1da 100644 --- a/windows/security/threat-protection/auditing/event-6144.md +++ b/windows/security/threat-protection/auditing/event-6144.md @@ -2,7 +2,7 @@ title: 6144(S) Security policy in the group policy objects has been applied successfully. (Windows 10) description: Describes security event 6144(S) Security policy in the group policy objects has been applied successfully. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6144(S): Security policy in the group policy objects has been applied successfully. diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md index 266a490fdd..60ed2e8ad8 100644 --- a/windows/security/threat-protection/auditing/event-6145.md +++ b/windows/security/threat-protection/auditing/event-6145.md @@ -2,7 +2,7 @@ title: 6145(F) One or more errors occurred while processing security policy in the group policy objects. (Windows 10) description: Describes security event 6145(F) One or more errors occurred while processing security policy in the group policy objects. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/08/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6145(F): One or more errors occurred while processing security policy in the group policy objects. diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md index d6701e243e..76f546a222 100644 --- a/windows/security/threat-protection/auditing/event-6281.md +++ b/windows/security/threat-protection/auditing/event-6281.md @@ -2,7 +2,7 @@ title: 6281(F) Code Integrity determined that the page hashes of an image file aren't valid. (Windows 10) description: Describes security event 6281(F) Code Integrity determined that the page hashes of an image file aren't valid. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6281(F): Code Integrity determined that the page hashes of an image file aren't valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error. diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md index f3cc62235d..d8bcc6f1c7 100644 --- a/windows/security/threat-protection/auditing/event-6400.md +++ b/windows/security/threat-protection/auditing/event-6400.md @@ -2,7 +2,7 @@ title: 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. (Windows 10) description: Describes security event 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content. diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md index cdd2869db5..3e60d3515a 100644 --- a/windows/security/threat-protection/auditing/event-6401.md +++ b/windows/security/threat-protection/auditing/event-6401.md @@ -2,7 +2,7 @@ title: 6401(-) BranchCache Received invalid data from a peer. Data discarded. (Windows 10) description: Describes security event 6401(-) BranchCache Received invalid data from a peer. Data discarded. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6401(-): BranchCache: Received invalid data from a peer. Data discarded. diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md index 5c2a2775b2..3148f9b03e 100644 --- a/windows/security/threat-protection/auditing/event-6402.md +++ b/windows/security/threat-protection/auditing/event-6402.md @@ -2,7 +2,7 @@ title: 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. (Windows 10) description: Describes security event 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted. diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md index 3b5d284082..ad426fdacc 100644 --- a/windows/security/threat-protection/auditing/event-6403.md +++ b/windows/security/threat-protection/auditing/event-6403.md @@ -2,7 +2,7 @@ title: 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. (Windows 10) description: Describes security event 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client. diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md index ff6b32947a..e2fed0d583 100644 --- a/windows/security/threat-protection/auditing/event-6404.md +++ b/windows/security/threat-protection/auditing/event-6404.md @@ -2,7 +2,7 @@ title: 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. (Windows 10) description: Describes security event 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate. diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md index f83340addb..48746ad277 100644 --- a/windows/security/threat-protection/auditing/event-6405.md +++ b/windows/security/threat-protection/auditing/event-6405.md @@ -2,7 +2,7 @@ title: 6405(-) BranchCache %2 instance(s) of event id %1 occurred. (Windows 10) description: Describes security event 6405(-) BranchCache %2 instance(s) of event id %1 occurred. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred. diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md index d6109b695e..42541a3842 100644 --- a/windows/security/threat-protection/auditing/event-6406.md +++ b/windows/security/threat-protection/auditing/event-6406.md @@ -2,7 +2,7 @@ title: 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. (Windows 10) description: Describes security event 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. ms.pagetype: security -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.localizationpriority: none @@ -11,7 +11,7 @@ ms.date: 09/09/2021 ms.reviewer: manager: aaroncz ms.author: vinpa -ms.technology: windows-sec +ms.technology: itpro-security --- # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2. diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md index e0e4b5e90d..b13c6f8d8c 100644 --- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md +++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md @@ -3,12 +3,12 @@ title: Block untrusted fonts in an enterprise (Windows 10) description: To help protect your company from attacks that may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature. ms.reviewer: manager: aaroncz -ms.prod: m365-security +ms.prod: windows-client author: dansimp ms.author: dansimp ms.date: 08/14/2017 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Block untrusted fonts in an enterprise diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md index 1af5ea34bd..c5729ba1e1 100644 --- a/windows/security/threat-protection/fips-140-validation.md +++ b/windows/security/threat-protection/fips-140-validation.md @@ -1,7 +1,7 @@ --- title: Federal Information Processing Standard (FIPS) 140 Validation description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140. -ms.prod: m365-security +ms.prod: windows-client ms.date: 11/03/2022 manager: aaroncz ms.author: paoloma @@ -12,7 +12,7 @@ ms.collection: ms.topic: article ms.localizationpriority: medium ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # FIPS 140-2 Validation diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md index 7fec38f0ff..f3481ad39c 100644 --- a/windows/security/threat-protection/get-support-for-security-baselines.md +++ b/windows/security/threat-protection/get-support-for-security-baselines.md @@ -1,7 +1,7 @@ --- title: Get support description: Frequently asked questions about how to get support for Windows baselines and the Security Compliance Toolkit (SCT). -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium ms.author: dansimp author: dulcemontemayor @@ -10,7 +10,7 @@ ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 06/25/2018 ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Get Support for Windows baselines diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md index 52a5ae4951..92d1fa392e 100644 --- a/windows/security/threat-protection/index.md +++ b/windows/security/threat-protection/index.md @@ -2,14 +2,14 @@ title: Windows threat protection description: Describes the security capabilities in Windows client focused on threat protection search.product: eADQiWindows 10XVcnh -ms.prod: m365-security +ms.prod: windows-client ms.author: dansimp author: dansimp ms.localizationpriority: medium manager: aaroncz ms.collection: M365-security-compliance ms.topic: conceptual -ms.technology: windows-sec +ms.technology: itpro-security --- # Windows threat protection diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md index 92da921c12..bfb7dc677b 100644 --- a/windows/security/threat-protection/mbsa-removal-and-guidance.md +++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md @@ -1,13 +1,13 @@ --- title: Guide to removing Microsoft Baseline Security Analyzer (MBSA) description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions. -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium ms.author: dansimp author: dansimp ms.reviewer: manager: aaroncz -ms.technology: windows-sec +ms.technology: itpro-security --- # What is Microsoft Baseline Security Analyzer and its uses? diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md index c15e7110b2..cf9752c6f3 100644 --- a/windows/security/threat-protection/msft-security-dev-lifecycle.md +++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md @@ -1,7 +1,7 @@ --- title: Microsoft Security Development Lifecycle description: Download the Microsoft Security Development Lifecycle white paper that covers a security assurance process focused on software development. -ms.prod: m365-security +ms.prod: windows-client author: dansimp ms.author: dansimp manager: aaroncz @@ -9,7 +9,7 @@ ms.collection: M365-identity-device-management ms.topic: article ms.localizationpriority: medium ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Microsoft Security Development Lifecycle diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md index 83dcf3036f..fa6de91b70 100644 --- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md +++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md @@ -3,10 +3,10 @@ manager: aaroncz ms.author: dansimp title: Override Process Mitigation Options (Windows 10) description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies. -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md index 551bdb2981..9540d55eb9 100644 --- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md +++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md @@ -1,13 +1,13 @@ --- title: Mitigate threats by using Windows 10 security features (Windows 10) description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats. -ms.prod: m365-security +ms.prod: windows-client ms.localizationpriority: medium author: dansimp ms.reviewer: manager: aaroncz ms.author: dansimp -ms.technology: windows-sec +ms.technology: itpro-security --- # Mitigate threats by using Windows 10 security features diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md index c038120c89..ae2b7dcea6 100644 --- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md +++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md @@ -1,14 +1,14 @@ --- title: Control the health of Windows 10-based devices (Windows 10) description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices. -ms.reviewer: +ms.reviewer: manager: aaroncz ms.author: dansimp -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.date: 10/13/2017 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Control the health of Windows 10-based devices From 2e6699c5a49dede784a7529927ecf0f9a61ec352 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:19:34 -0500 Subject: [PATCH 09/25] add missing for security6 --- .../profile-system-performance.md | 4 ++-- ...ery-console-allow-automatic-administrative-logon.md | 4 ++-- ...floppy-copy-and-access-to-all-drives-and-folders.md | 4 ++-- .../remove-computer-from-docking-station.md | 4 ++-- .../replace-a-process-level-token.md | 4 ++-- .../reset-account-lockout-counter-after.md | 4 ++-- .../restore-files-and-directories.md | 4 ++-- .../secpol-advanced-security-audit-policy-settings.md | 4 ++-- .../security-policy-settings/security-options.md | 4 ++-- .../security-policy-settings-reference.md | 4 ++-- .../security-policy-settings.md | 4 ++-- .../security-policy-settings/shut-down-the-system.md | 4 ++-- ...-system-to-be-shut-down-without-having-to-log-on.md | 4 ++-- .../shutdown-clear-virtual-memory-pagefile.md | 4 ++-- ...work-client-digitally-sign-communications-always.md | 4 ++-- ...t-digitally-sign-communications-if-server-agrees.md | 4 ++-- ...work-server-digitally-sign-communications-always.md | 4 ++-- ...r-digitally-sign-communications-if-client-agrees.md | 4 ++-- .../store-passwords-using-reversible-encryption.md | 4 ++-- .../synchronize-directory-service-data.md | 4 ++-- ...-protection-for-user-keys-stored-on-the-computer.md | 4 ++-- ...nt-algorithms-for-encryption-hashing-and-signing.md | 4 ++-- ...re-case-insensitivity-for-non-windows-subsystems.md | 4 ++-- ...n-default-permissions-of-internal-system-objects.md | 4 ++-- .../system-settings-optional-subsystems.md | 4 ++-- ...vent-forwarding-to-assist-in-intrusion-detection.md | 4 ++-- .../citool-commands.md | 2 ++ .../microsoft-recommended-driver-block-rules.md | 1 + .../windows-platform-common-criteria.md | 4 ++-- windows/security/trusted-boot.md | 10 +++++----- windows/security/zero-trust-windows-device-health.md | 6 +++--- 31 files changed, 65 insertions(+), 62 deletions(-) diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md index 9f76b3d698..fe332e87f3 100644 --- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md +++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md @@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Profile system performance diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md index a1e2ab6949..379cef16af 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md @@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Recovery console: Allow automatic administrative logon diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md index 8e34bd2995..6b402af2db 100644 --- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md +++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Recovery console: Allow floppy copy and access to all drives and folders diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md index dafe4d5d59..fbd8bf9e9b 100644 --- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md +++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Remove computer from docking station - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md index c40121b387..3978432395 100644 --- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md +++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Replace a process level token diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md index e2f943cd55..900b66a6fe 100644 --- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md +++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/02/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # Reset account lockout counter after diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md index 5e3f6b9386..ea25267470 100644 --- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md +++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Restore files and directories - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md index 7dc532fd31..a620908a28 100644 --- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md @@ -4,7 +4,7 @@ description: Provides information about the advanced security audit policy setti ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Advanced security audit policy settings for Windows 10 diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md index 00441e06c4..2617bbe979 100644 --- a/windows/security/threat-protection/security-policy-settings/security-options.md +++ b/windows/security/threat-protection/security-policy-settings/security-options.md @@ -5,14 +5,14 @@ ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b ms.reviewer: manager: aaroncz ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium author: vinaypamnani-msft ms.date: 06/28/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security Options diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md index bfca76513d..cb99f2efbf 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md @@ -4,7 +4,7 @@ description: This reference of security settings provides information about how ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security policy settings reference diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md index 5e771b19bd..5ab4550261 100644 --- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md +++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md @@ -4,7 +4,7 @@ description: This reference topic describes the common scenarios, architecture, ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -17,7 +17,7 @@ ms.collection: - highpri ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Security policy settings diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md index 465e04c8e5..67d5faee52 100644 --- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md +++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shut down the system - security policy setting diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md index 06fb947134..191d7707e3 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shutdown: Allow system to be shut down without having to log on diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md index 188c435f4f..8dee428efe 100644 --- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md +++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 08/01/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Shutdown: Clear virtual memory pagefile diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md index 460941fd81..b177d97e7f 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md @@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network client: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md index 6125397053..735abfb6ec 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md @@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network client: Digitally sign communications (if server agrees) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md index b261da96b1..e786e34d26 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMB v1 Microsoft network server: Digitally sign communications (always) diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md index d10e1c5531..02d3e39e49 100644 --- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md +++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md @@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 01/04/2019 -ms.technology: windows-sec +ms.technology: itpro-security --- # SMBv1 Microsoft network server: Digitally sign communications (if client agrees) diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md index 207e07ea6f..7e2d99c5ca 100644 --- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md +++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Store passwords using reversible encryption diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md index 75c07aa23f..27b022d867 100644 --- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md +++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # Synchronize directory service data diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md index 8e7bbc95a5..73d75fc780 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System cryptography: Force strong key protection for user keys stored on the computer diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md index 384b7464ec..7b1b9ef84d 100644 --- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md +++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md @@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 11/16/2018 -ms.technology: windows-sec +ms.technology: itpro-security --- # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md index 9c4cd9c338..cfc1e3e48a 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md @@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p ms.assetid: 340d6769-8f33-4067-8470-1458978d1522 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System objects: Require case insensitivity for non-Windows subsystems diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md index bba4ab0d9b..9e16de4a18 100644 --- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md +++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md @@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System obj ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links) diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md index a36f304e17..0397eca9d7 100644 --- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md +++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md @@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management, ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78 ms.reviewer: ms.author: vinpa -ms.prod: m365-security +ms.prod: windows-client ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: security @@ -15,7 +15,7 @@ audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 04/19/2017 -ms.technology: windows-sec +ms.technology: itpro-security --- # System settings: Optional subsystems diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md index f4ddfe874d..d48d5da38b 100644 --- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md +++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md @@ -4,11 +4,11 @@ description: Learn about an approach to collect events from devices in your orga ms.reviewer: manager: aaroncz ms.author: dansimp -ms.prod: m365-security +ms.prod: windows-client author: dulcemontemayor ms.date: 02/28/2019 ms.localizationpriority: medium -ms.technology: windows-sec +ms.technology: itpro-security --- # Use Windows Event Forwarding to help with intrusion detection diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md index 5a2d7b7e72..6cf521cfc7 100644 --- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md +++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md @@ -8,6 +8,8 @@ ms.reviewer: jogeurte ms.topic: how-to ms.date: 08/07/2022 ms.custom: template-how-to +ms.prod: windows-client +ms.technology: itpro-security --- # Manage Windows Defender Application Control (WDAC) Policies with CI Tool diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md index f37306192a..25e864f812 100644 --- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md +++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md @@ -17,6 +17,7 @@ ms.reviewer: jsuther ms.author: vinpa manager: aaroncz ms.date: 11/01/2022 +ms.technology: itpro-security --- # Microsoft recommended driver block rules diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md index 4578d9eb6c..37bb6cb877 100644 --- a/windows/security/threat-protection/windows-platform-common-criteria.md +++ b/windows/security/threat-protection/windows-platform-common-criteria.md @@ -1,7 +1,7 @@ --- title: Common Criteria Certifications description: This topic details how Microsoft supports the Common Criteria certification program. -ms.prod: m365-security +ms.prod: windows-client ms.author: paoloma author: paolomatarazzo manager: aaroncz @@ -10,7 +10,7 @@ ms.topic: article ms.localizationpriority: medium ms.date: 11/4/2022 ms.reviewer: -ms.technology: windows-sec +ms.technology: itpro-security --- # Common Criteria certifications diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md index 37a654e8fd..64689039a1 100644 --- a/windows/security/trusted-boot.md +++ b/windows/security/trusted-boot.md @@ -1,18 +1,18 @@ --- title: Secure Boot and Trusted Boot description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11 -search.appverid: MET150 +search.appverid: MET150 author: vinaypamnani-msft ms.author: vinpa -manager: aaroncz +manager: aaroncz ms.topic: conceptual ms.date: 09/21/2021 -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: windows-client +ms.technology: itpro-security ms.localizationpriority: medium ms.collection: ms.custom: -ms.reviewer: jsuther +ms.reviewer: jsuther --- # Secure Boot and Trusted Boot diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md index 49dbfdd3d3..84ff0bde52 100644 --- a/windows/security/zero-trust-windows-device-health.md +++ b/windows/security/zero-trust-windows-device-health.md @@ -1,5 +1,5 @@ --- -title: Zero Trust and Windows device health +title: Zero Trust and Windows device health description: Describes the process of Windows device health attestation ms.reviewer: ms.topic: article @@ -8,8 +8,8 @@ ms.author: paoloma author: paolomatarazzo ms.collection: M365-security-compliance ms.custom: intro-overview -ms.prod: m365-security -ms.technology: windows-sec +ms.prod: windows-client +ms.technology: itpro-security --- # Zero Trust and Windows device health From b31d304afe1cda379e081d56f7e2f567f311d3fa Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:27:43 -0500 Subject: [PATCH 10/25] fix security tag --- .../windows-defender-application-control/citool-commands.md | 1 - windows/whats-new/ltsc/index.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2015.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2016.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2019.md | 1 + windows/whats-new/ltsc/whats-new-windows-10-2021.md | 1 + windows/whats-new/whats-new-windows-10-version-1507-and-1511.md | 1 + windows/whats-new/whats-new-windows-10-version-1607.md | 1 + windows/whats-new/whats-new-windows-10-version-1703.md | 1 + windows/whats-new/whats-new-windows-10-version-1709.md | 1 + windows/whats-new/whats-new-windows-10-version-1803.md | 1 + windows/whats-new/whats-new-windows-10-version-1809.md | 1 + windows/whats-new/whats-new-windows-10-version-1903.md | 1 + windows/whats-new/whats-new-windows-10-version-1909.md | 1 + windows/whats-new/whats-new-windows-10-version-2004.md | 1 + windows/whats-new/whats-new-windows-10-version-20H2.md | 1 + windows/whats-new/whats-new-windows-10-version-21H1.md | 1 + windows/whats-new/whats-new-windows-10-version-21H2.md | 1 + windows/whats-new/whats-new-windows-11-version-22H2.md | 1 + windows/whats-new/windows-10-insider-preview.md | 1 + windows/whats-new/windows-11-plan.md | 1 + windows/whats-new/windows-11-prepare.md | 1 + windows/whats-new/windows-11-requirements.md | 1 + 23 files changed, 22 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md index 6cf521cfc7..88273c3c74 100644 --- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md +++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md @@ -3,7 +3,6 @@ title: Managing CI Policies and Tokens with CiTool description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool author: valemieux ms.author: jogeurte -ms.service: security ms.reviewer: jogeurte ms.topic: how-to ms.date: 08/07/2022 diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md index faa61e8726..4ebad1267c 100644 --- a/windows/whats-new/ltsc/index.md +++ b/windows/whats-new/ltsc/index.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: low ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Windows 10 Enterprise LTSC diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md index 9619a71f7d..8d02105a34 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md @@ -8,6 +8,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: medium ms.topic: article +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2015 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md index 2f55f78bd5..ff84fce008 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md @@ -8,6 +8,7 @@ ms.prod: windows-client author: aczechowski ms.localizationpriority: low ms.topic: article +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2016 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md index 1e2217e1d0..99bbdce00b 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md @@ -10,6 +10,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: - highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2019 diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md index c04c33fd31..6c8dc542bc 100644 --- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md +++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md @@ -10,6 +10,7 @@ ms.localizationpriority: low ms.topic: article ms.collection: - highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10 Enterprise LTSC 2021 diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 24a9eacec5..66b6c21f4d 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, versions 1507 and 1511 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md index 61009f9d89..5d80c4bdea 100644 --- a/windows/whats-new/whats-new-windows-10-version-1607.md +++ b/windows/whats-new/whats-new-windows-10-version-1607.md @@ -9,6 +9,7 @@ manager: dougeby ms.author: aaroncz ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1607 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md index 83a34f13b1..5030a8b526 100644 --- a/windows/whats-new/whats-new-windows-10-version-1703.md +++ b/windows/whats-new/whats-new-windows-10-version-1703.md @@ -9,6 +9,7 @@ manager: dougeby ms.author: aaroncz ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1703 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md index ee7222900f..df9f38a3c3 100644 --- a/windows/whats-new/whats-new-windows-10-version-1709.md +++ b/windows/whats-new/whats-new-windows-10-version-1709.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1709 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md index 97e8587b75..3815add5bd 100644 --- a/windows/whats-new/whats-new-windows-10-version-1803.md +++ b/windows/whats-new/whats-new-windows-10-version-1803.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1803 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md index 7f151bdfcf..ced11ae8ad 100644 --- a/windows/whats-new/whats-new-windows-10-version-1809.md +++ b/windows/whats-new/whats-new-windows-10-version-1809.md @@ -9,6 +9,7 @@ ms.author: aaroncz ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1809 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md index 49112ccb86..1f6ccc5fac 100644 --- a/windows/whats-new/whats-new-windows-10-version-1903.md +++ b/windows/whats-new/whats-new-windows-10-version-1903.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1903 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md index b3350031c0..67c62a1a1f 100644 --- a/windows/whats-new/whats-new-windows-10-version-1909.md +++ b/windows/whats-new/whats-new-windows-10-version-1909.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 1909 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md index 9baa6d915f..c573b18f86 100644 --- a/windows/whats-new/whats-new-windows-10-version-2004.md +++ b/windows/whats-new/whats-new-windows-10-version-2004.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: medium ms.topic: article ROBOTS: NOINDEX +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 2004 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md index 431769b672..ac69c0d7b2 100644 --- a/windows/whats-new/whats-new-windows-10-version-20H2.md +++ b/windows/whats-new/whats-new-windows-10-version-20H2.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 20H2 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md index 1edaf57d80..67ec5e934e 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H1.md +++ b/windows/whats-new/whats-new-windows-10-version-21H1.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 21H1 for IT Pros diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md index 64749cbbee..5d8e006605 100644 --- a/windows/whats-new/whats-new-windows-10-version-21H2.md +++ b/windows/whats-new/whats-new-windows-10-version-21H2.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: highpri ms.custom: intro-overview +ms.technology: itpro-fundamentals --- # What's new in Windows 10, version 21H2 diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md index ba75d6dbc6..a36d8795f6 100644 --- a/windows/whats-new/whats-new-windows-11-version-22H2.md +++ b/windows/whats-new/whats-new-windows-11-version-22H2.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.collection: highpri ms.custom: intro-overview +ms.technology: itpro-fundamentals --- # What's new in Windows 11, version 22H2 diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md index 9f9114f7ef..bdfa205f5c 100644 --- a/windows/whats-new/windows-10-insider-preview.md +++ b/windows/whats-new/windows-10-insider-preview.md @@ -8,6 +8,7 @@ ms.reviewer: manager: dansimp ms.author: dansimp ms.topic: article +ms.technology: itpro-fundamentals --- # Documentation for Windows 10 Insider Preview diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md index b0af27c9a3..1a2f7d3b76 100644 --- a/windows/whats-new/windows-11-plan.md +++ b/windows/whats-new/windows-11-plan.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Plan for Windows 11 diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md index 3bdc8c1a18..1ae1ed1629 100644 --- a/windows/whats-new/windows-11-prepare.md +++ b/windows/whats-new/windows-11-prepare.md @@ -8,6 +8,7 @@ manager: dougeby ms.localizationpriority: high ms.topic: article ms.collection: highpri +ms.technology: itpro-fundamentals --- # Prepare for Windows 11 diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md index f7a02bf116..cbb7d6dbb6 100644 --- a/windows/whats-new/windows-11-requirements.md +++ b/windows/whats-new/windows-11-requirements.md @@ -9,6 +9,7 @@ ms.localizationpriority: medium ms.topic: article ms.custom: seo-marvel-apr2020 ms.collection: highpri +ms.technology: itpro-fundamentals --- # Windows 11 requirements From 5b53c8a2351ea0ea0b586515b2f37105746ab082 Mon Sep 17 00:00:00 2001 From: Frank Rojas <45807133+frankroj@users.noreply.github.com> Date: Mon, 7 Nov 2022 17:56:22 -0500 Subject: [PATCH 11/25] Metadata/style update deployment/vamt 3 --- .../monitor-activation-client.md | 1 + .../plan-for-volume-activation-client.md | 94 ++++----- .../proxy-activation-vamt.md | 52 +++-- .../volume-activation/remove-products-vamt.md | 36 ++-- .../scenario-kms-activation-vamt.md | 46 +++-- .../scenario-online-activation-vamt.md | 147 ++++++++------ .../scenario-proxy-activation-vamt.md | 179 +++++++++++------- .../update-product-status-vamt.md | 14 +- ...olume-activation-management-tool-client.md | 34 ++-- .../use-vamt-in-windows-powershell.md | 74 +++++--- .../volume-activation/vamt-known-issues.md | 34 +++- .../volume-activation/vamt-requirements.md | 13 +- .../volume-activation/vamt-step-by-step.md | 11 +- .../volume-activation-windows-10.md | 41 ++-- 14 files changed, 474 insertions(+), 302 deletions(-) diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md index c5b52eb8b8..0f48de80b8 100644 --- a/windows/deployment/volume-activation/monitor-activation-client.md +++ b/windows/deployment/volume-activation/monitor-activation-client.md @@ -9,6 +9,7 @@ author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals +ms.date: 11/07/2022 --- # Monitor activation diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md index e89a31bf6e..e9969efbf8 100644 --- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md +++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md @@ -9,6 +9,7 @@ author: frankroj ms.localizationpriority: medium ms.topic: article ms.technology: itpro-fundamentals +ms.date: 11/07/2022 --- # Plan for volume activation @@ -21,9 +22,9 @@ ms.technology: itpro-fundamentals > - [Activate Windows](https://support.microsoft.com/help/12440/) > - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) -*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. +*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and hasn't been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation. -During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization. +During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they can't be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft doesn't use this information to identify or contact the user or the organization. >[!NOTE] >The IP address is used only to verify the location of the request, because some editions of Windows (such as "Starter" editions) can only be activated within certain geographical target markets. @@ -34,21 +35,22 @@ In general, Microsoft software is obtained through three main channels: retail, ### Retail activations -The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. +The retail activation method hasn't changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available. Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys. ### Original equipment manufacturer -Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required. +Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware/BIOS of the computer. This activation occurs before the computer is sent to the customer, and no additional actions are required. + OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled. ### Volume licensing -Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: +Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft. There's a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer: -- Have the license preinstalled through the OEM. +- Have the license preinstalled through the OEM -- Purchase a fully packaged retail product. +- Purchase a fully packaged retail product The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised. Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing. @@ -82,29 +84,29 @@ Token-based Activation option is available for Windows 10 Enterprise LTSB editio ### Multiple activation key -A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also -allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS. +A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they don't meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also +allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that doesn't have enough computers to use the KMS. To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation. -In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain. +In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can help with tracking the number of activations that have been performed with each key and how many remain. Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft. ### Key Management Service -With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services. +With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that doesn't require a dedicated system and can easily be cohosted on a system that provides other services. Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user. The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*. -Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. +Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. It will be rare that more than two KMS hosts are used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide. ### Active Directory-based activation -Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. +Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer doesn't need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device. -Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. +Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it's impractical to connect to a KMS, or wouldn't reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence. ## Network and connectivity @@ -112,9 +114,9 @@ A modern business network has many nuances and interconnections. This section ex ### Core network -Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network. +Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that isn't a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the majority of the business network. -In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. +In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that aren't joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8. A typical core network that includes a KMS host is shown in Figure 1. @@ -124,19 +126,19 @@ A typical core network that includes a KMS host is shown in Figure 1. ### Isolated networks -In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. +In a large network, it's all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues. #### Isolated for security Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization. -If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. +If the isolated network can access the core network by using outbound requests on TCP port 1688, and it's allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds. If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2. -If the isolated network cannot communicate with the core network's KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. +If the isolated network can't communicate with the core network's KMS server, and it can't use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs. -If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network. +If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they're placed in the isolated network. ![New KMS host in an isolated network.](../images/volumeactivationforwindows81-02.jpg) @@ -144,7 +146,7 @@ If the network is fully isolated, MAK-independent activation would be the recomm #### Branch offices and distant networks -From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: +From mining operations to ships at sea, organizations often have a few computers that aren't easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options: - **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain. @@ -156,33 +158,35 @@ From mining operations to ships at sea, organizations often have a few computers ### Disconnected computers -Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. -If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). +Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this branch office an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network. + +If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it doesn't support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet). ### Test and development labs -Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately. -If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide. -In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. +Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they can't activate immediately. + +If you've ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they'll be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network, and use the methods described earlier in this guide. +In labs that have a high turnover of computers and a few KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days. ## Mapping your network to activation methods -Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination. +Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you've collected the information you need to determine which activation methods will work best for you. You can fill in information in Table 1 to help you make this determination. **Table 1**. Criteria for activation methods |Criterion |Activation method | |----------|------------------| |Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation | -|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold. |KMS (central) | -|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | +|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days

**Note**
The core network must meet the KMS activation threshold.
|KMS (central) | +|Number of computers that don't connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK | |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) | |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) | -|Number of computers in isolated networks where the KMS activation threshold is not met |MAK | -|Number of computers in test and development labs that will not be activated |None| -|Number of computers that do not have a retail volume license |Retail (online or phone) | -|Number of computers that do not have an OEM volume license |OEM (at factory) | -|Total number of computer activations

**Note**
This total should match the total number of licensed computers in your organization. | +|Number of computers in isolated networks where the KMS activation threshold isn't met |MAK | +|Number of computers in test and development labs that won't be activated |None| +|Number of computers that don't have a retail volume license |Retail (online or phone) | +|Number of computers that don't have an OEM volume license |OEM (at factory) | +|Total number of computer activations
**Note**
This total should match the total number of licensed computers in your organization.
| ## Choosing and acquiring keys @@ -194,26 +198,28 @@ When you know which keys you need, you must obtain them. Generally speaking, vol ### KMS host keys -A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. +A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is referred to as the *KMS host key*, but it's formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools. -A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation. +A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You'll need a KMS host key for any KMS that you want to set up and if you're going to use Active Directory-based activation. ### Generic volume licensing keys -When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys. +When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you're creating. GVLKs are also referred to as KMS client setup keys. -Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential. +Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK won't activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK doesn't work unless a valid KMS host key can be found. GVLKs are the only product keys that don't need to be kept confidential. -Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). +Typically, you won't need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it's being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)). ### Multiple activation keys -You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. +You'll also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT. ## Selecting a KMS host -The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. +The KMS doesn't require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers. + KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista. + A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure. The flow of KMS activation is shown in Figure 3, and it follows this sequence: @@ -222,17 +228,17 @@ The flow of KMS activation is shown in Figure 3, and it follows this sequence: 2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests. -3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.) +3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment doesn't support DNS dynamic update protocol.) 4. A client configured with a GVLK uses DNS to locate the KMS host. 5. The client sends one packet to the KMS host. -6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. +6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs aren't stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again. 7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host. -8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again. +8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold hasn't yet been met, the client will try again. ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg) diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md index 7534f442fd..65f7e79d8d 100644 --- a/windows/deployment/volume-activation/proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/proxy-activation-vamt.md @@ -1,6 +1,6 @@ --- title: Perform Proxy Activation (Windows 10) -description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access. +description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have Internet access. ms.reviewer: manager: aaroncz ms.author: frankroj @@ -13,40 +13,56 @@ ms.technology: itpro-fundamentals # Perform Proxy Activation -You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that do not have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key. +You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that don't have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key. In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access. > [!NOTE] -> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. +> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. ## Requirements Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements: -- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. -- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. + +- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup. + +- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products haven't been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key. + - VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall. -- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs. + +- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md). + + The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs. ## To Perform Proxy Activation -**To perform proxy activation** - 1. Open VAMT. -2. If necessary, install product keys. For more information see: - - [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + +2. If necessary, install product keys. For more information, see: + + - [Install a product key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK). + - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys. + 3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the center pane. -6. In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box. -7. In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**. -8. If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox. -9. Click **OK**. -10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the center pane. + +6. In the right-side pane, select **Activate** and then select **Proxy activate** to open the **Proxy Activate** dialog box. + +7. In the **Proxy Activate** dialog box select **Apply Confirmation ID, apply to selected machine(s) and activate**. + +8. If you're activating products that require administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** checkbox. + +9. Select **OK**. + +10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you'll be prompted to enter the credentials. > [!NOTE] You can use proxy activation to select products that have different key types and activate the products at the same time. diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md index f9b25b08fd..231f5081c2 100644 --- a/windows/deployment/volume-activation/remove-products-vamt.md +++ b/windows/deployment/volume-activation/remove-products-vamt.md @@ -11,22 +11,30 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Remove Products +# Remove products To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane. -**To delete one or more products** -1. Click a product node in the left-side pane. -2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -4. Click **Filter**. VAMT displays the filtered list in the center pane. -5. Select the products you want to delete. -6. Click **Delete** in the **Selected Items** menu in the right-side pane. -7. On the **Confirm Delete Selected Products** dialog box, click **OK**. +## To delete one or more products + +1. Select a product node in the left-side pane. + +2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + +3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +4. Select **Filter**. VAMT displays the filtered list in the center pane. + +5. Select the products you want to delete. + +6. Select **Delete** in the **Selected Items** menu in the right-side pane. + +7. On the **Confirm Delete Selected Products** dialog box, select **OK**. + +## Related articles -## Related topics - [Add and Manage Products](add-manage-products-vamt.md) - - diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md index 2aae527d89..2985a6bc04 100644 --- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md @@ -11,35 +11,49 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Scenario 3: KMS Client Activation +# Scenario 3: KMS client activation -In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). +In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This type of activation can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You don't have to enter a key to activate a product as a GVLK, unless you're converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md). + +The procedure that is described below assumes the following configuration: -The procedure that is described below assumes the following: - The KMS Service is enabled and available to all KMS clients. + - VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information. -## Activate KMS Clients +## Activate KMS clients 1. Open VAMT. -2. To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + +2. To set the KMS activation options, on the menu bar select **View**. Then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box. + 3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options: - - **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + + - **Find a KMS host automatically using DNS**. This setting is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead. + - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain. - - **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. -4. In the left-side pane, in the **Products** node, click the product that you want to activate. + + - **Use specific KMS host**. Select this option for environments that don't use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host. + +4. In the left-side pane, in the **Products** node, select the product that you want to activate. + 5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. + 6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -7. Click **Filter**. VAMT displays the filtered list in the center pane. + + - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +7. Select **Filter**. VAMT displays the filtered list in the center pane. + 8. Select the products that you want to activate. -9. Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. -10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +9. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane, select **Activate**, point to **Volume activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + +10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status is shown under the **Status of Last Action** column in the products list view in the center pane. -## Related topics -- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - - +## Related articles + +- [VAMT step-by-step scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md index f1fcdf13ee..68ca97def3 100644 --- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md @@ -14,117 +14,146 @@ ms.technology: itpro-fundamentals # Scenario 1: Online Activation In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types: + - Multiple Activation Key (MAK) + - Windows Key Management Service (KMS) keys: - - KMS Host key (CSVLK) - - Generic Volume License Key (GVLK), or KMS client key + + - KMS Host key (CSVLK) + + - Generic Volume License Key (GVLK), or KMS client key + - Retail The Secure Zone represents higher-security Core Network computers that have additional firewall protection. ![VAMT firewall configuration for multiple subnets.](images/dep-win8-l-vamt-makindependentactivationscenario.jpg) -## In This Topic -- [Install and start VAMT on a networked host computer](#bkmk-partone) -- [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo) -- [Connect to VAMT database](#bkmk-partthree) -- [Discover products](#bkmk-partfour) -- [Sort and filter the list of computers](#bkmk-partfive) -- [Collect status information from the computers in the list](#bkmk-partsix) -- [Add product keys and determine the remaining activation count](#bkmk-partseven) -- [Install the product keys](#bkmk-parteight) -- [Activate the client products](#bkmk-partnine) - -## Step 1: Install and start VAMT on a networked host computer +## Step 1: Install and start VAMT on a networked host computer 1. Install VAMT on the host computer. -2. Click the VAMT icon in the **Start** menu to open VAMT. -## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers +2. Select the VAMT icon in the **Start** menu to open VAMT. + +## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers - Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). > [!NOTE] > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -## Step 3: Connect to a VAMT database +## Step 3: Connect to a VAMT database -1. If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -2. Click **Connect**. -3. If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) +1. If you aren't already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located. -## Step 4: Discover products +2. Select **Connect**. -1. In the left-side pane, in the **Products** node Products, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. -4. Click **Search**. +3. If you're already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md) + +## Step 4: Discover products + +1. In the left-side pane, in the **Products** node Products, select the product that you want to activate. + +2. To open the **Discover Products** dialog box, select **Discover products** in the **Actions** menu in the right-side pane. + +3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query: + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks. + +4. Select **Search**. When the search is complete, the products that VAMT discovers appear in the product list view in the center pane. -## Step 5: Sort and filter the list of computers +## Step 5: Sort and filter the list of computers + +You can sort the list of products so that it's easier to find the computers that require product keys to be activated: + +1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**. + +2. To sort the list further, you can select one of the column headings to sort by that column. -You can sort the list of products so that it is easier to find the computers that require product keys to be activated: -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. 3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. -## Step 6: Collect status information from the computers in the list +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane. + +## Step 6: Collect status information from the computers in the list To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. - **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**. + +- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key. + +- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. + +### To collect status information from the selected computers + +- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign into the computer. Otherwise, select **Current Credentials** and continue to step 2. If you're supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then select **OK**. + - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. > [!NOTE] > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading. -## Step 7: Add product keys and determine the remaining activation count +## Step 7: Add product keys and determine the remaining activation count + +1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. 2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys: - - To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. + + - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add Key(s)**. + + - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. > [!IMPORTANT] > If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs. -## Step 8: Install the product keys +## Step 8: Install the product keys -1. In the left-side pane, click the product that you want to install keys on to. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive). -3. In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. In the left-side pane, select the product that you want to install keys on to. + +2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers). + +3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. + +4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing a MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time. + +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. + > [!NOTE] > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10)) -## Step 9: Activate the client products +## Step 9: Activate the client products 1. Select the individual products that you want to activate in the list-view pane. -2. On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. -3. If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option. -4. Enter your alternate user name and password and click **OK**. + +2. On the menu bar, select **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also select **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option. + +3. If you're activating product keys using your current credential, select **Current credential** and continue to step 5. If you're activating products that require an administrator credential that is different from the one you're currently using, select the **Alternate credential** option. + +4. Enter your alternate user name and password and select **OK**. + 5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed. > [!NOTE] > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. > RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM. -## Related topics +## Related articles + - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) - diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md index 1d4fd6f9b5..ccb63b5311 100644 --- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md +++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md @@ -20,55 +20,75 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa ## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab 1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012. -2. Click the VAMT icon in the **Start** menu to open VAMT. -## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers +2. Select the VAMT icon in the **Start** menu to open VAMT. + +## Step 2: Configure the Windows Management Instrumentation Firewall Exception on target computers - Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md). > [!NOTE] > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). -## Step 3: Connect to a VAMT Database +## Step 3: Connect to a VAMT database -1. If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -2. Click **Connect**. -3. If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) +1. If the host computer in the isolated lab workgroup isn't already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup. -## Step 4: Discover Products +2. Select **Connect**. -1. In the left-side pane, in the **Products** node, click the product that you want to activate. -2. To open the **Discover Products** dialog box, click **Discover products** in the right-side pane. -3. In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: - - To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". - - To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. - - To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a". - - To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. -4. Click **Search**. +3. If you're already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md) + +## Step 4: Discover products + +1. In the left-side pane, in the **Products** node, select the product that you want to activate. + +2. To open the **Discover Products** dialog box, select **Discover products** in the right-side pane. + +3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query: + + - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a". + + - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported. + + - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only those computer names that start with the letter **a**. + + - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks. + +4. Select **Search**. The **Finding Computers** window appears and displays the search progress as the computers are located. When the search is complete, the products that VAMT discovers appear in the list view in the center pane. -## Step 5: Sort and Filter the List of Computers +## Step 5: Sort and filter the list of computers -You can sort the list of products so that it is easier to find the computers that require product keys to be activated: +You can sort the list of products so that it's easier to find the computers that require product keys to be activated: + +1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**. + +2. To sort the list further, you can select one of the column headings to sort by that column. -1. On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**. -2. To sort the list further, you can click one of the column headings to sort by that column. 3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box. -4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. - - To filter the list by computer name, enter a name in the **Computer Name** box. - - To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter. -5. Click **Filter**. VAMT displays the filtered list in the product list view in the center pane. -## Step 6: Collect Status Information from the Computers in the Isolated Lab +4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options. + + - To filter the list by computer name, enter a name in the **Computer Name** box. + + - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter. + +5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane. + +## Step 6: Collect status information from the computers in the Isolated lab To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods: -- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key. -- To select computers that are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. + +- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key. + +- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information. **To collect status information from the selected computers** -- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**. + +- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, select **Current Credentials** and continue to step 2.If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then select **OK**. + - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane. > [!NOTE] @@ -76,21 +96,29 @@ To collect the status from select computers in the database, you can select comp ## Step 7: Add Product Keys -1. Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. +1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box. + 2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys: - - To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**. - - To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**. + + - To add a single product key, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add key(s)**. + + - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**. The keys that you have added appear in the **Product Keys** list view in the center pane. ## Step 8: Install the Product Keys on the Isolated Lab Computers -1. In the left-side pane, in the **Products** node click the product that you want to install keys onto. -2. If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers). +1. In the left-side pane, in the **Products** node select the product that you want to install keys onto. + +2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers). + 3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product. -4. Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. -5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time. -6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. + +4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box. + +5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time. + +6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. @@ -100,66 +128,89 @@ To collect the status from select computers in the database, you can select comp > [!NOTE] > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. -## Step 9: Export VAMT Data to a .cilx File +## Step 9: Export VAMT data to a `.cilx` file -In this step, you export VAMT from the workgroup's host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. +In this step, you export VAMT from the workgroup's host computer and save it in a `.cilx` file. Then you copy the `.cilx` file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it's critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products. 1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products. -2. In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box. -3. In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data. + +2. In the right-side **Actions** pane, select **Export list** to open the **Export List** dialog box. + +3. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file, or enter the name of the `.cilx` file to which you want to export the data. + 4. Under **Export options**, select one of the following data-type options: + - Export products and product keys. + - Export products only. - - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host. + + - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported `.cilx` file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the `.cilx` file that is transferred to the Core Network VAMT host. + 5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box. -6. Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully. + +6. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully. + 7. If you exported the list to a file on the host computer's hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device. > [!IMPORTANT] - > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. + > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the `.cilx` file. Therefore, the `.cilx` file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group. -## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer +## Step 10: Acquire confirmation IDs from Microsoft on the internet connected host computer 1. Insert the removable media into the VAMT host that has Internet access. + 2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane. -3. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. -5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message. -## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup +3. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box. -1. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. -2. Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating. -3. In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box. -4. In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**. -5. Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file. -6. VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported. +4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the `.cilx` file that you exported from the isolated lab host computer, select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs. + +5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Select **OK** to close the message. + +## Step 11: Import the `.cilx` file onto the VAMT host within the Isolated lab workgroup + +1. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab. + +2. Open VAMT and verify that you're connected to the database that contains the computer with the product keys that you're activating. + +3. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box. + +4. In the **Import list** dialog box, browse to the location of the `.cilx` file that contains the CIDs, select the file, and then select **Open**. + +5. Select **OK** to import the file and to overwrite any conflicting data in the database with data from the file. + +6. VAMT displays a progress message while the data is being imported. Select **OK** when a message appears and confirms that the data has been successfully imported. ## Step 12: Apply the CIDs and Activate the Isolated Lab Computers 1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products. -2. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +2. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. ## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab -If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database. -1. Redeploy products to each computer, using the same computer names as before. -2. Open VAMT. -3. In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password. +If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers hasn't changed, VAMT can reactivate those computers using the CIDs that are stored in the database. - VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears. +1. Redeploy products to each computer, using the same computer names as before. + +2. Open VAMT. + +3. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password. + + VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears. The same status appears under the **Status of Last Action** column in the product list view in the center pane. > [!NOTE] - > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. - - RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM. + > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. + + RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 won't enter RFM. > [!NOTE] > Reapplying the same CID conserves the remaining activations on the MAK. -## Related topics +## Related articles + - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md index 06b0801a32..eb5553920d 100644 --- a/windows/deployment/volume-activation/update-product-status-vamt.md +++ b/windows/deployment/volume-activation/update-product-status-vamt.md @@ -11,7 +11,7 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# Update Product Status +# Update product status After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database. To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md). @@ -22,14 +22,18 @@ The license-status query requires a valid computer name for each system queried. ## Update the license status of a product 1. Open VAMT. + 2. In the **Products** list, select one or more products that need to have their status updated. -3. In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. -4. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**. + +3. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer. + +4. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**. VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane. > [!NOTE] If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view. - -## Related topics + +## Related articles + - [Add and Manage Products](add-manage-products-vamt.md) diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md index 38adbc40dc..e742b9f498 100644 --- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md +++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md @@ -14,22 +14,17 @@ ms.technology: itpro-fundamentals # Use the Volume Activation Management Tool -**Applies to** -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows 7 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2008 R2 +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) -**Looking for retail activation?** -- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys. -By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be -installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. +By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It's a standard Microsoft Management Console snap-in, and it can be installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2. The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740). @@ -38,8 +33,10 @@ In Windows Server 2012 R2, you can install the VAMT directly from Server Manager ## Activating with the Volume Activation Management Tool You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios: + - **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. + +- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that don't have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation. By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations. ## Tracking products and computers with the Volume Activation Management Tool @@ -52,7 +49,7 @@ The VAMT provides an overview of the activation and licensing status of computer ## Tracking key usage with the Volume Activation Management Tool -The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. +The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it's and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage. ![VAMT showing key types and usage.](../images/volumeactivationforwindows81-19.jpg) @@ -61,15 +58,18 @@ The VAMT makes it easier to track the various keys that are issued to your organ ## Other Volume Activation Management Tool features The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as: + - **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query. + - **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers. + - **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive. For more information, see: + - [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md) - [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md) -## See also +## Related articles + - [Volume Activation for Windows 10](volume-activation-windows-10.md) - - diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md index eb3b96f723..35886bbb64 100644 --- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md +++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md @@ -15,61 +15,87 @@ ms.technology: itpro-fundamentals The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool. -**To install PowerShell 3.0** -- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell). +## Configuring VAMT in Windows PowerShell -**To install the Windows Assessment and Deployment Kit** -- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). +### Install PowerShell 3.0 -**To prepare the VAMT PowerShell environment** -- To open PowerShell with administrative credentials, click **Start** and type "PowerShell" to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**. +VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell). + +### Install the Windows Assessment and Deployment Kit** + +In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK). + +### Prepare the VAMT PowerShell environment + +To open PowerShell with administrative credentials, select **Start** and enter `PowerShell` to locate the program. Right-click **Windows PowerShell**, and then select **Run as administrator**. To open PowerShell in Windows 7, select **Start**, select **All Programs**, select **Accessories**, select **Windows PowerShell**, right-click **Windows PowerShell**, and then select **Run as administrator**. > [!IMPORTANT] - > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories: - - The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe - - The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe -- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. + > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are only supported for x86 architecture. You must use an x86 version of Windows PowerShell to import the VAMT module + + The x86 versions of Windows PowerShell are available in the following directories: + +- PowerShell: + + `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe` +- PowerShell ISE: + + `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe` + +For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter: - For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type: - ``` powershell cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0" ``` -- Import the VAMT PowerShell module. To import the module, type the following at a command prompt: + +### Import the VAMT PowerShell module + +To import the VAMT PowerShell module, enter the following command at a PowerShell command prompt: + ``` powershell Import-Module .\VAMT.psd1 ``` - Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`. -## To Get Help for VAMT PowerShell cmdlets + where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, enter `get-help about_profiles`. + +## To get help for VAMT PowerShell cmdlets + +You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you're interested in. To view all of the Help content for a VAMT cmdlet, enter: -You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you are interested in. To view all of the Help content for a VAMT cmdlet, type: ``` powershell get-help -all ``` -For example, type: + +For example, enter: + ``` powershell get-help get-VamtProduct -all ``` -**Warning** -The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt). +> [!WARNING] +> The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the `-online` option with the `get-help` cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt). -**To view VAMT PowerShell Help sections** +### View VAMT PowerShell help sections + +1. To get the syntax to use with a cmdlet, enter the following command at a PowerShell command prompt: -1. To get the syntax to use with a cmdlet, type the following at a command prompt: ``` powershell get-help ``` - For example, type: + + For example, enter: + ``` powershell get-help get-VamtProduct ``` -2. To see examples using a cmdlet, type: + +2. To see examples using a cmdlet, enter: + ``` powershell get-help -examples ``` - For example, type: + + For example, enter: + ``` powershell get-help get-VamtProduct -examples ``` diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md index 73685db04c..948e4f2def 100644 --- a/windows/deployment/volume-activation/vamt-known-issues.md +++ b/windows/deployment/volume-activation/vamt-known-issues.md @@ -19,7 +19,9 @@ ms.technology: itpro-fundamentals The current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1, include: - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state. -- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. You must update the product status again to obtain the edition information. + +- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information isn't shown for each product in the center pane. You must update the product status again to obtain the edition information. + - The remaining activation count can only be retrieved for Multiple Activation Key (MAKs). ## Workarounds for adding CSVLKs for Windows 10 activation to VAMT 3.1 @@ -28,11 +30,11 @@ Another known issue is that when you try to add a Windows 10 Key Management Serv ![VAMT error message.](./images/vamt-known-issue-message.png) -This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods. +This issue occurs because VAMT 3.1 doesn't contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods. ### Method 1 -Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options). +Don't add the CSVLK to the VAMT 3.1 tool. Instead, use the ` slmgr.vbs /ipk ` command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the `Slmgr.vbs` tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options). ### Method 2 @@ -40,20 +42,32 @@ On the KMS host computer, perform the following steps: 1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/). -1. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168. +2. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168. -1. To extract the contents of the update, run the following command: +3. To extract the contents of the update, run the following command: - ```console + ``` syntax expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\ ``` -1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: +4. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command: - ```console + ``` syntax expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168 ``` -1. In the C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716 folder, copy the pkeyconfig-csvlk.xrm-ms file. Paste this file into the C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig folder. +5. In the + + `C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716` + + folder, copy the + + `pkeyconfig-csvlk.xrm-ms` + + file. Paste this file into the + + `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig` + + folder. -1. Restart VAMT. +6. Restart VAMT. diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md index 5cc18cd62c..a304218987 100644 --- a/windows/deployment/volume-activation/vamt-requirements.md +++ b/windows/deployment/volume-activation/vamt-requirements.md @@ -11,11 +11,11 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# VAMT Requirements +# VAMT requirements -This topic includes info about the product key and system requirements for VAMT. +This article includes info about the product key and system requirements for VAMT. -## Product Key Requirements +## Product key requirements The Volume Activation Management Tool (VAMT) can be used to perform activations using any of the following types of product keys. @@ -24,7 +24,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations |
  • Multiple Activation Key (MAK)
  • Key Management Service (KMS) host key (CSVLK)
  • KMS client setup keys (GVLK)
|Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). | |Retail product keys |Obtained at time of product purchase. | -## System Requirements +## System requirements The following table lists the system requirements for the VAMT host computer. @@ -39,5 +39,6 @@ The following table lists the system requirements for the VAMT host computer. | Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. | | Additional Requirements |
  • Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).
  • PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).
  • If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.
| -## Related topics -- [Install and Configure VAMT](install-configure-vamt.md) +## Related articles + +- [Install and configure VAMT](install-configure-vamt.md) diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md index 278a558c68..880a8cf474 100644 --- a/windows/deployment/volume-activation/vamt-step-by-step.md +++ b/windows/deployment/volume-activation/vamt-step-by-step.md @@ -11,19 +11,18 @@ ms.topic: article ms.technology: itpro-fundamentals --- -# VAMT Step-by-Step Scenarios +# VAMT step-by-step scenarios This section provides instructions on how to implement the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; it describes here some of the most common to get you started. -## In this Section +## In this section -|Topic |Description | -|------|------------| +|Article |Description | +|-------|------------| |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. | |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. | |[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. | ## Related articles + - [Introduction to VAMT](introduction-vamt.md) - - diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md index 0ddbc94c96..a56f8ed301 100644 --- a/windows/deployment/volume-activation/volume-activation-windows-10.md +++ b/windows/deployment/volume-activation/volume-activation-windows-10.md @@ -14,21 +14,18 @@ ms.technology: itpro-fundamentals # Volume Activation for Windows 10 -> Applies to +(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*) + +> [!TIP] +> Are you looking for volume licensing information? > ->- Windows 10 ->- Windows Server 2012 R2 ->- Windows Server 2012 ->- Windows Server 2016 ->- Windows Server 2019 +> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) -**Looking for volume licensing information?** - -- [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104) - -**Looking for retail activation?** - -- [Get Help Activating Microsoft Windows](https://support.microsoft.com/help/12440/windows-10-activate) +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Activate Windows](https://support.microsoft.com/help/12440/) +> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644) This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. @@ -38,25 +35,31 @@ Volume activation is a configurable solution that helps automate and manage the This guide provides information and step-by-step guidance to help you choose a volume activation method that suits your environment, and then to configure that solution successfully. This guide describes the volume activation features and the tools to manage volume activation. -Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions. +Because most organizations won't immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it doesn't discuss the tools that are provided with earlier operating system versions. -Volume activation -and the need for activation itself- is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). +Volume activation -and the need for activation itself- isn't new, and this guide doesn't review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)). -If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). +If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)). To successfully plan and implement a volume activation strategy, you must: - Learn about and understand product activation. + - Review and evaluate the available activation types or models. + - Consider the connectivity of the clients to be activated. + - Choose the method or methods to be used with each type of client. -- Determine the types and number of product keys you will need. + +- Determine the types and number of product keys you'll need. + - Determine the monitoring and reporting needs in your organization. + - Install and configure the tools required to support the methods selected. -Keep in mind that the method of activation does not change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. +Keep in mind that the method of activation doesn't change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place. -## Additional information +## Related articles - [Plan for volume activation](plan-for-volume-activation-client.md) - [Activate using Key Management Service](activate-using-key-management-service-vamt.md) From 42c988bfa0c8f5b04308bf9fd9c8279249dfab18 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:09:15 -0700 Subject: [PATCH 12/25] Update microsoft-compatible-security-key.md Line 30: an user > a user --- .../hello-for-business/microsoft-compatible-security-key.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md index 01125209e2..a446e2b52f 100644 --- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md +++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md @@ -27,6 +27,6 @@ A security key **MUST** implement the following features and extensions from the | #
| Feature / Extension trust
| Why is this required?
| | --- | --- | --- | | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key | -| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have an user interface| +| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface| | 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode | | 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) | From af46d62bad7d6ad58e99088b09378eb3dba9b439 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:13:42 -0700 Subject: [PATCH 13/25] Update hello-hybrid-key-whfb-settings-pki.md Line 88: an enterprise > enterprise --- .../hello-for-business/hello-hybrid-key-whfb-settings-pki.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md index 899024b5f2..7d80a9ac21 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md @@ -85,7 +85,7 @@ The certificate template is configured to supersede all the certificate template The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate. -Sign-in to the certificate authority or management workstations with an _enterprise administrator_ equivalent credentials. +Sign-in to the certificate authority or management workstations with _enterprise administrator_ equivalent credentials. 1. Open the **Certificate Authority** management console. 2. Expand the parent node from the navigation pane. From 9e3c0b190b6d250fe326731a39d3a1b40a9a5621 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:24:32 -0700 Subject: [PATCH 14/25] Update hello-hybrid-key-whfb-settings-policy.md Line 31: needs > need Line 127: Some organizations may want not want slow sign-in > Some organizations may not want slow sign-in Line 133: Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. > Windows doesn't provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition but disallowing fingerprint recognition. Line 154: Business . > Business. --- .../hello-hybrid-key-whfb-settings-policy.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md index c014de2fb4..6d891a5b53 100644 --- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md +++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md @@ -28,7 +28,7 @@ Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 C Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate. -Hybrid Azure AD-joined devices needs one Group Policy setting: +Hybrid Azure AD-joined devices need one Group Policy setting: * Enable Windows Hello for Business ### Configure Domain Controllers for Automatic Certificate Enrollment @@ -124,13 +124,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business. -Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. +Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. #### Use biometrics Windows Hello for Business provides a great user experience when combined with the use of biometrics. Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security. -The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. +The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows doesn't provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition but disallowing fingerprint recognition. ### PIN Complexity @@ -151,7 +151,7 @@ Windows provides eight PIN Complexity Group Policy settings that give you granul ## Add users to the Windows Hello for Business Users group -Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business . You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business. +Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision Windows Hello for Business. You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group. Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business. ### Section Review > [!div class="checklist"] @@ -175,4 +175,4 @@ Users must receive the Windows Hello for Business group policy settings and have 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md) 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md) 6. Configure Windows Hello for Business policy settings (*You are here*) -7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) \ No newline at end of file +7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md) From 9e560280efcbc5a16bbe732633a5d82e30364023 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:33:06 -0700 Subject: [PATCH 15/25] Update hello-key-trust-adfs.md Line 32: an external networking peripherals > external networking peripherals Line 118: or GMSA > or GMSA, Line 130: must use create > must use or create Delete double-spaces following periods. --- .../hello-key-trust-adfs.md | 94 +++++++++---------- 1 file changed, 47 insertions(+), 47 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md index 7bcdb76263..b9d46ebca9 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md @@ -19,19 +19,19 @@ ms.technology: itpro-security --- # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust -Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. +Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration. The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts. If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist. -If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment. +If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment. Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. -A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server. +A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server. -Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. +Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. ## Update Windows Server 2016 @@ -44,19 +44,19 @@ Sign-in the federation server with _local admin_ equivalent credentials. ## Enroll for a TLS Server Authentication Certificate -Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. +Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. -The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm: +The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm: * Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS) * Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com) -You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com. +You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com. -You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. +You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. When creating a wildcard certificate, it is recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. -Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate. +Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate. ### Internal Server Authentication Certificate Enrollment @@ -69,7 +69,7 @@ Sign-in the federation server with domain administrator equivalent credentials. 6. On the **Request Certificates** page, Select the **Internal Web Server** check box. 7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/hello-internal-web-server-cert.png) -8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished. +8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished. 9. Click **Enroll**. A server authentication certificate should appear in the computer’s Personal certificate store. @@ -81,17 +81,17 @@ The Active Directory Federation Service (AD FS) role provides the following serv * Key registration >[!IMPORTANT] -> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. +> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. -Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration. +Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration. Sign-in the federation server with _Enterprise Admin_ equivalent credentials. -1. Start **Server Manager**. Click **Local Server** in the navigation pane. +1. Start **Server Manager**. Click **Local Server** in the navigation pane. 2. Click **Manage** and then click **Add Roles and Features**. 3. Click **Next** on the **Before you begin** page. 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**. -5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. -6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**. +5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. +6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**. 7. Click **Next** on the **Select features** page. 8. Click **Next** on the **Active Directory Federation Service** page. 9. Click **Install** to start the role installation. @@ -108,16 +108,16 @@ Before you continue with the deployment, validate your deployment progress by re ## Device Registration Service Account Prerequisite -The service account used for the device registration server depends on the domain controllers in the environment. +The service account used for the device registration server depends on the domain controllers in the environment. >[!NOTE] ->Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business. +>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business. ### Windows Server 2012 or later Domain Controllers -Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security. +Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA, have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security. -GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA. +GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA. #### Create KDS Root Key @@ -127,14 +127,14 @@ Sign-in a domain controller with _Enterprise Admin_ equivalent credentials. ### Windows Server 2008 or 2008 R2 Domain Controllers -Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis. +Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use or create a normal user account as a service account where you are responsible for changing the password on a regular basis. #### Create an AD FS Service Account Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials. 1. Open **Active Directory Users and Computers**. 2. Right-click the **Users** container, Click **New**. Click **User**. -3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**. +3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**. 4. Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** check box. 5. Click **Next** and then click **Finish**. @@ -145,19 +145,19 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva ### Windows Server 2016, 2012 R2 or later Domain Controllers -Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section. +Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section. Sign-in the federation server with _Domain Admin_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm. 1. Start **Server Manager**. -2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. +2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png) 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**. 4. Click **Next** on the **Connect to Active Directory Domain Services** page. -5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*. +5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*. 6. Select the federation service name from the **Federation Service Name** list. -7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. -8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**. +7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. +8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**. 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**. 10. On the **Review Options** page, click **Next**. 11. On the **Pre-requisite Checks** page, click **Configure**. @@ -165,11 +165,11 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials. These ### Windows Server 2008 or 2008 R2 Domain Controllers -Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section. +Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section. -Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm. +Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm. 1. Start **Server Manager**. -2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. +2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png) 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**. @@ -177,7 +177,7 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials. These 5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net. 6. Select the federation service name from the **Federation Service Name** list. 7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**. -8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. +8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. * In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**. 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**. 10. On the **Review Options** page, click **Next**. @@ -195,7 +195,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva 2. Click the **Users** container in the navigation pane. 3. Right-click **KeyAdmins** in the details pane and click **Properties**. 4. Click the **Members** tab and click **Add…** -5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**. +5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**. 6. Click **OK** to return to **Active Directory Users and Computers**. 7. Change to server hosting the AD FS role and restart it. @@ -232,11 +232,11 @@ Before you continue with the deployment, validate your deployment progress by re ## Additional Federation Servers -Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. +Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. ### Server Authentication Certificate -Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities. +Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities. ### Install Additional Servers @@ -244,16 +244,16 @@ Adding federation servers to the existing AD FS farm begins with ensuring the se ## Load Balance AD FS Federation Servers -Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced. +Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced. ### Install Network Load Balancing Feature on AD FS Servers Sign-in the federation server with _Enterprise Admin_ equivalent credentials. -1. Start **Server Manager**. Click **Local Server** in the navigation pane. +1. Start **Server Manager**. Click **Local Server** in the navigation pane. 2. Click **Manage** and then click **Add Roles and Features**. 3. Click **Next** On the **Before you begin** page. 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**. -5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. +5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**. 6. On the **Select server roles** page, click **Next**. 7. Select **Network Load Balancing** on the **Select features** page. 8. Click **Install** to start the feature installation @@ -261,33 +261,33 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials. ### Configure Network Load Balancing for AD FS -Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster. +Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster. Sign-in a node of the federation farm with _Admin_ equivalent credentials. -1. Open **Network Load Balancing Manager** from **Administrative Tools**. +1. Open **Network Load Balancing Manager** from **Administrative Tools**. ![NLB Manager user interface.](images/hello-nlb-manager.png) 2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**. -3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. +3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. ![NLB Manager - Connect to new Cluster screen.](images/hello-nlb-connect.png) 4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.) 5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**. -6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. +6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. ![NLB Manager - Add IP to New Cluster screen.](images/hello-nlb-add-ip.png) -7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. +7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. ![NLB Manager - Cluster IP Configuration screen.](images/hello-nlb-cluster-ip-config.png) 8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**. -9. In Port Rules, click Edit to modify the default port rules to use port 443. +9. In Port Rules, click Edit to modify the default port rules to use port 443. ![NLB Manager - Add\Edit Port Rule screen.](images/hello-nlb-cluster-port-rule.png) ### Additional AD FS Servers 1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**. -2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. +2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. ![NLB Manager - Cluster with nodes.](images/hello-nlb-cluster.png) ## Configure DNS for Device Registration -Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server. +Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server. 1. Open the **DNS Management** console. 2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**. 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name. @@ -303,7 +303,7 @@ Sign-in the domain controller or administrative workstation with domain administ ## Configure the Intranet Zone to include the federation service -The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. +The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. ### Create an Intranet Zone Group Policy @@ -316,7 +316,7 @@ Sign-in the domain controller or administrative workstation with _Domain Admin_ 6. In the navigation pane, expand **Policies** under **Computer Configuration**. 7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**. 8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**. -9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor. +9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor. ### Deploy the Intranet Zone Group Policy object @@ -343,4 +343,4 @@ Before you continue with the deployment, validate your deployment progress by re 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md) 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*) 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md) -5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) \ No newline at end of file +5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md) From 8e1e553939d5ea51c339a412909f04d2dcd7bd06 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:41:24 -0700 Subject: [PATCH 16/25] Update hello-key-trust-policy-settings.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/4f9ea3c2-df61-4414-9724-83d6732366f4#CORRECTNESS Line 80: Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. > Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. Line 86: Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. > Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition. --- .../hello-for-business/hello-key-trust-policy-settings.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md index f53e797115..090e46cd72 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md @@ -77,13 +77,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials. Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business. -Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. +Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object. ### Use biometrics Windows Hello for Business provides a great user experience when combined with the use of biometrics. Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security. -The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint. +The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers. The policy setting disabled all biometrics. Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition. ### PIN Complexity From cc27ba6fabe45381b59c63516a660b75c3bfc292 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:51:00 -0700 Subject: [PATCH 17/25] Update hello-key-trust-validate-pki.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/54432279-52a6-466b-8108-fb9a24bb97cf#CORRECTNESS Line 26: enterprise have > enterprises have Lines 87 and 160: Sign-in to the certificate authority or management workstations with an Enterprise Admin equivalent credentials. > Sign in to the certificate authority or management workstations with **Enterprise** --- .../hello-key-trust-validate-pki.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md index 97af709387..5a4c114b16 100644 --- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md +++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md @@ -19,17 +19,17 @@ ms.technology: itpro-security --- # Validate and Configure Public Key Infrastructure - Key Trust -Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. +Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. ## Deploy an enterprise certificate authority -This guide assumes most enterprise have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. +This guide assumes most enterprises have an existing public key infrastructure. Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later. ### Lab-based public key infrastructure The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment. -Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. +Sign in using **Enterprise Admin** equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed. >[!NOTE] >Never install a certificate authority on a domain controller in a production environment. @@ -57,7 +57,7 @@ Domain controllers automatically request a domain controller certificate (if pub By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template. However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs. To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template as a baseline to create an updated domain controller certificate template. -Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with **Domain Admin** equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -65,7 +65,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**. -4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list. +4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list. 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name. Adjust the validity and renewal period to meet your enterprise’s needs. @@ -84,7 +84,7 @@ Many domain controllers may have an existing domain controller certificate. The The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later). The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates. You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. -Sign-in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -110,7 +110,7 @@ The certificate template is configured to supersede all the certificate template Windows clients use the https protocol when communicating with Active Directory Federation Services. To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm. On-premises deployments can use a server authentication certificate issued by their enterprise PKI. You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. -Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. +Sign in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -141,7 +141,7 @@ The certificate authority only issues certificates based on published certificat The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates. Therefore, you need to unpublish these certificate templates from all issuing certificate authorities. -Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials. +Sign in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -157,7 +157,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise The certificate authority may only issue certificates for certificate templates that are published to that certificate authority. If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate. -Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials. +Sign in to the certificate authority or management workstations with **Enterprise Admin** equivalent credentials. 1. Open the **Certificate Authority** management console. @@ -205,7 +205,7 @@ Domain controllers automatically request a certificate from the domain controlle ### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object -Sign-in to a domain controller or management workstations with _Domain Admin_ equivalent credentials. +Sign in to domain controller or management workstations with _Domain Admin_ equivalent credentials. 1. Start the **Group Policy Management Console** (gpmc.msc). From fb58cc60d690bda5b29a76ba57d2e2e02a673c33 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Mon, 7 Nov 2022 17:53:00 -0700 Subject: [PATCH 18/25] Update hello-why-pin-is-better-than-password.md Line 3: online password . > online password. --- .../hello-for-business/hello-why-pin-is-better-than-password.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md index b6e68de3cc..68cc9b2ecd 100644 --- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md +++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md @@ -1,6 +1,6 @@ --- title: Why a PIN is better than an online password (Windows) -description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password . +description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password. ms.prod: windows-client author: paolomatarazzo ms.author: paoloma From 1513244cb2913b69a31eceb63b4462f7647926b1 Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Mon, 7 Nov 2022 21:45:26 -0500 Subject: [PATCH 19/25] Fix version support errors --- windows/client-management/mdm/networkqospolicy-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md index f4af5800f6..70a952ccd4 100644 --- a/windows/client-management/mdm/networkqospolicy-csp.md +++ b/windows/client-management/mdm/networkqospolicy-csp.md @@ -40,7 +40,7 @@ The following actions are supported: > - Azure AD Hybrid joined devices. > - Devices that use both GPO and CSP at the same time. > -> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004. +> The minimum operating system requirement for this CSP is Windows 10, version 1703. This CSP is not supported in Microsoft Surface Hub prior to Windows 10, version 1703. The following example shows the NetworkQoSPolicy configuration service provider in tree format. ``` From e670f68ec81489ec521bb3b7894984f7e55fa4d1 Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Mon, 7 Nov 2022 21:47:33 -0500 Subject: [PATCH 20/25] Fix typo --- windows/configuration/wcd/wcd-networkqospolicy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 84d67d3ede..50a9d20da9 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -21,7 +21,7 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a | --- | :---: | :---: | :---: | :---: | | All settings | | ✔️ | | | -1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**. +1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**. 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. | Setting | Description | From d1410c4968a9ac1275a91ba07a6ae57004a1553c Mon Sep 17 00:00:00 2001 From: rlianmsft <112862018+rlianmsft@users.noreply.github.com> Date: Tue, 8 Nov 2022 14:51:48 +0000 Subject: [PATCH 21/25] Update windows-autopatch-prerequisites.md Minor correction Window to Windows --- .../prepare/windows-autopatch-prerequisites.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index 5008b76d7a..fa58f8fac2 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -29,7 +29,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl ## More about licenses -Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch: +Windows Autopatch is included with Windows 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch: | License | ID | GUID number | | ----- | ----- | ------| From b707d6a57a1587103adeeb3933da67b2425a460c Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:21:16 -0600 Subject: [PATCH 22/25] Update windows/client-management/mdm/policy-csp-mixedreality.md --- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 68499ad67c..74e91637ff 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -340,7 +340,7 @@ Supported value is Integer. -You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. +You may want to configure a different time server for your device fleet. IT admins can use this policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy. This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters. From 8aa5ed48406e1110b12137ec6c9926173b2f42e0 Mon Sep 17 00:00:00 2001 From: Stephanie Savell <101299710+v-stsavell@users.noreply.github.com> Date: Tue, 8 Nov 2022 10:23:15 -0600 Subject: [PATCH 23/25] Update policy-csp-mixedreality.md --- windows/client-management/mdm/policy-csp-mixedreality.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 74e91637ff..7f72869d59 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -159,7 +159,7 @@ Int value
-This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-fi. +This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-Fi. By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true. From 6d17e6d40f377943c129cd8cee568002f3047900 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 8 Nov 2022 10:07:22 -0700 Subject: [PATCH 24/25] Update initialize-and-configure-ownership-of-the-tpm.md Line 81: sign in > sign-in Various lines: cannot > can't / is not > isn't / did not > didn't / do not > don't / has not > hasn't / it is > it's / you are > you're (Increase Acro score.) https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/c4387421-c29f-4770-9241-eb86d60805ed#CORRECTNESS --- ...lize-and-configure-ownership-of-the-tpm.md | 32 +++++++++---------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md index 77acd1c9f9..907c31420d 100644 --- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md +++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md @@ -39,35 +39,35 @@ Starting with Windows 10 and Windows 11, the operating system automatically init ## Troubleshoot TPM initialization -If you find that Windows is not able to initialize the TPM automatically, review the following information: +If you find that Windows isn't able to initialize the TPM automatically, review the following information: - You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article. -- If the TPM is a TPM 2.0 and is not detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM has not been disabled or hidden from the operating system. +- If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system. -- If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it is turned back on, Windows will re-initialize it. +- If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it's turned back on, Windows will re-initialize it. -- If you are attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM is not present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM. +- If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM. ### Troubleshoot network connection issues for Windows 10, versions 1507 and 1511, or Windows 11 -If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM cannot complete when your computer has network connection issues and both of the following conditions exist: +If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist: - An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through Group Policy. -- A domain controller cannot be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter). +- A domain controller can't be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter). -If these issues occur, an error message appears, and you cannot complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you are connected to the corporate network and you can contact a domain controller. +If these issues occur, an error message appears, and you can't complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you're connected to the corporate network and you can contact a domain controller. ### Troubleshoot systems with multiple TPMs Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article. -For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection is not changed. +For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed. ## Clear all the keys from the TPM -You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly. +You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM isn't cleared before a new operating system is installed, most TPM functionality will probably work correctly. Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically re-initialize it and take ownership again. @@ -78,13 +78,13 @@ Clearing the TPM resets it to an unowned state. After you clear the TPM, the Win Clearing the TPM can result in data loss. To protect against such loss, review the following precautions: -- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM. +- Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM. -- Do not clear the TPM on a device you do not own, such as a work or school PC, without being instructed to do so by your IT administrator. +- Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator. - If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this article. -- Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Do not clear the TPM directly from UEFI. +- Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI. - Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website. @@ -108,7 +108,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ ## Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 and higher) -Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. +Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. ### Turn on the TPM @@ -122,7 +122,7 @@ If you want to use the TPM after you have turned it off, you can use the followi 3. Select **Shutdown** (or **Restart**), and then follow the UEFI screen prompts. - After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software is not attempting to make changes to the TPM. + After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software isn't attempting to make changes to the TPM. ### Turn off the TPM @@ -138,9 +138,9 @@ If you want to stop using the services that are provided by the TPM, you can use - If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the .tpm file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**. - - If you do not have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**. + - If you don't have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**. - - If you did not save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. + - If you didn't save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password. ## Use the TPM cmdlets From f816120cea207134f430a4515e0106ac82ae1940 Mon Sep 17 00:00:00 2001 From: Angela Fleischmann Date: Tue, 8 Nov 2022 10:21:45 -0700 Subject: [PATCH 25/25] Update bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md https://microsoft-ce-csi.acrolinx.cloud/api/v1/checking/scorecards/a34823dc-8754-4b0c-9d94-b0ea7587db89#CORRECTNESS Increase Acro score. Various lines: do not > don't / cannot > can't / is not > isn't / you will > you'll / it is > it's / are not > aren't / does not > doesn't / they are > they're --- ...ve-encryption-tools-to-manage-bitlocker.md | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md index 8dd862bb76..a78f47ee01 100644 --- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md +++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md @@ -30,7 +30,7 @@ BitLocker Drive Encryption Tools include the command-line tools manage-bde and r Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios. -Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or using the recovery console. +Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive can't be unlocked normally or using the recovery console. 1. [Manage-bde](#bkmk-managebde) 2. [Repair-bde](#bkmk-repairbde) @@ -74,20 +74,20 @@ manage-bde -protectors -add C: -pw -sid This command will require you to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, you can then turn on BitLocker. -On computers with a TPM, it is possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command: +On computers with a TPM, it's possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command: ```powershell manage-bde -on C: ``` -This command encrypts the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command: +This command encrypts the drive using the TPM as the default protector. If you aren't sure if a TPM protector is available, to list the protectors available for a volume, run the following command: ```powershell manage-bde -protectors -get ``` ### Using manage-bde with data volumes -Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume. +Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on ` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume. A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn on BitLocker. @@ -103,20 +103,20 @@ You may experience a problem that damages an area of a hard disk on which BitLoc The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS. > [!TIP] -> If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume. +> If you aren't backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume. -The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true: +The Repair-bde command-line tool is intended for use when the operating system doesn't start or when you can't start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true: - You have encrypted the drive by using BitLocker Drive Encryption. -- Windows does not start, or you cannot start the BitLocker recovery console. -- You do not have a copy of the data that is contained on the encrypted drive. +- Windows doesn't start, or you can't start the BitLocker recovery console. +- You don't have a copy of the data that is contained on the encrypted drive. > [!NOTE] > Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers. The following limitations exist for Repair-bde: -- The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process. +- The Repair-bde command-line tool can't repair a drive that failed during the encryption or decryption process. - The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted. For more information about using repair-bde, see [Repair-bde](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829851(v=ws.11)). @@ -140,14 +140,14 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work |**Suspend-BitLocker**|
  • Confirm
  • MountPoint
  • RebootCount
  • WhatIf| |**Unlock-BitLocker**|
  • AdAccountOrGroup
  • Confirm
  • MountPoint
  • Password
  • RecoveryKeyPath
  • RecoveryPassword
  • RecoveryPassword
  • WhatIf| -Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets. +Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets. A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the Get-BitLockerVolume cmdlet. The Get-BitLockerVolume cmdlet output gives information on the volume type, protectors, protection status, and other details. > [!TIP] -> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors. +> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you don't see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors. `Get-BitLockerVolume C: | fl` If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you could use the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed. @@ -199,7 +199,7 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw ### Using an AD Account or Group protector in Windows PowerShell -The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster. +The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster. > [!WARNING] > The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes @@ -220,7 +220,7 @@ get-aduser -filter {samaccountname -eq "administrator"} ``` > [!TIP] -> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features. +> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This doesn't require the use of additional features. The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account: