Merge remote-tracking branch 'refs/remotes/origin/master' into 8442312-app-v

2025-05-14 22:37:22 +00:00 · 2016-08-10 08:38:03 -07:00 · 2016-08-10 08:38:03 -07:00 · a26ea000ee
commit a26ea000ee
parent a9cf21d926 a364cf4bd5
6 changed files with 18 additions and 28 deletions
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@ -149,6 +149,7 @@ To create a self-signed certificate, do the following:
    ``` syntax
    [NewRequest]
    Subject="CN=BitLocker Network Unlock certificate"
    ProviderType=0
    Exportable=true
    RequestType=Cert
    KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE"
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@ -538,7 +538,7 @@ Historically, most malware has been unsigned. Simply by deploying code integrity
 The core functionality and protection of Device Guard starts at the hardware level. Devices that have processors equipped with SLAT technologies and virtualization extensions, such as Intel VT x and AMD V, will be able to take advantage of a VBS environment that dramatically enhances Windows security by isolating critical Windows services from the operating system itself. This isolation is necessary, because you must assume that the operating system kernel will be compromised, and you need assurance that some processes will remain secure.
-Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to protect all kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can’t happen in the first place.
+Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can’t happen in the first place.
 Another Windows 10 feature that employs VBS is Credential Guard. Credential Guard protects credentials by running the Windows authentication service known as LSA, and then storing the user’s derived credentials (for example, NTLM hashes; Kerberos tickets) within the same VBS environment that Device Guard uses to protect its HVCI service. By isolating the LSA service and the user’s derived credentials from both user mode and kernel mode, an attacker that has compromised the operating system core will still be unable to tamper with authentication or access derived credential data. Credential Guard prevents pass-the-hash and ticket types of attacks, which are central to the success of nearly every major network breach you’ve read about, which makes Credential Guard one of the most impactful and important features to deploy within your environment. For more information about how Credential Guard complements Device Guard, see the [Device Guard with Credential Guard](#dgwithcg) section.
 **Device Guard with AppLocker**
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@ -52,7 +52,7 @@
 ##### [App-V Capacity Planning](appv-capacity-planning.md)
 ##### [Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
 ##### [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
-##### [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+##### [Planning for the App-V 5.1 Server Deployment](appv-planning-for-appv-server-deployment.md)
 ##### [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
 ##### [Planning for Migrating from a Previous Version of App-V](appv-planning-for-migrating-from-a-previous-version-of-appv.md)
 ##### [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
@ -65,9 +65,9 @@
 ##### [How to Install the App-V Client for Shared Content Store Mode](appv-install-the-appv-client-for-shared-content-store-mode.md)
 ##### [How to Install the Sequencer](appv-install-the-sequencer.md)
 ##### [How to Modify App-V Client Configuration Using the ADMX Template and Group Policy](appv-modify-client-configuration-with-the-admx-template-and-group-policy.md)
-#### [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+#### [Deploying the App-V 5.1 Server](appv-deploying-the-appv-server.md)
-##### [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+##### [How to Deploy the App-V 5.1 Server](appv-deploy-the-appv-server.md)
-##### [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+##### [How to Deploy the App-V 5.1 Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
 ##### [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md)
 ##### [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
 ##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
--- a/windows/manage/appv-enable-the-app-v-desktop-client.md
+++ b/windows/manage/appv-enable-the-app-v-desktop-client.md
@ -32,7 +32,7 @@ With Windows 10, the App-V client is installed automatically. You need to enable
 3.  Restart the device.
-4.  To verify that the App-V client is enabled on the device, enter **AppvClientEnabled** or **Get-AppvStatus** in Windows PowerShell.
+4.  To verify that the App-V client is enabled on the device, enter **Get-AppvStatus** in Windows PowerShell.
 See [Using the client management console](appv-using-the-client-management-console.md) for information about configuring the App-V client.
--- a/windows/manage/appv-planning-for-appv-server-deployment.md
+++ b/windows/manage/appv-planning-for-appv-server-deployment.md
@ -1,6 +1,6 @@
 ---
-title: Planning for the App-V Server Deployment (Windows 10)
+title: Planning for the App-V 5.1 Server Deployment (Windows 10)
-description: Planning for the App-V Server Deployment
+description: Planning for the App-V 5.1 Server Deployment
 author: MaggiePucciEvans
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
@ -9,15 +9,15 @@ ms.prod: w10
 ---
-# Planning for the App-V Server Deployment
+# Planning for the App-V 5.1 Server Deployment
 The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
-## Planning for App-V Server Deployment
+## Planning for App-V 5.1 Server Deployment
-The App-V server consists of the following features:
+The App-V 5.1 server consists of the following features:
 -   Management Server – provides overall management functionality for the App-V infrastructure.
@ -29,9 +29,9 @@ The App-V server consists of the following features:
 -   Reporting Database – facilitates database predeployments for App-V reporting.
-The following list displays the recommended methods for installing the App-V server infrastructure:
+The following list displays the recommended methods for installing the App-V 5.1 server infrastructure:
-   Install the App-V server. For more information, see [How to Deploy the App-V 5.1 Server](appv-deploy-the-appv-server.md).
+-   Install the App-V 5.1 server. For more information, see [How to Deploy the App-V 5.1 Server](appv-deploy-the-appv-server.md).
 -   Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
@ -54,7 +54,7 @@ The Management Server does not perform any load balancing. The associated metada
 ## Server-Related Protocols and External Features
-The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type.
+The following displays information about server-related protocols used by the App-V 5.1 servers. The table also includes the reporting mechanism for each server type.
 <table>
 <colgroup>
@ -96,21 +96,10 @@ The following displays information about server-related protocols used by the Ap
 ## Have a suggestion for App-V?
 Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
 ## Related topics
 [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
 [Deploying the App-V 5.1 Server](appv-deploying-the-appv-server.md)
--- a/windows/manage/appv-security-considerations.md
+++ b/windows/manage/appv-security-considerations.md
@ -29,7 +29,7 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 **Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact.
-**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
+**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.1 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.1 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 **Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
@ -38,7 +38,7 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 ## Accounts and groups in App-V
-A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers.
+A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V 5.1 servers.
 **Note**  
 App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
@ -47,7 +47,7 @@ App-V client computer accounts that need to connect to the publishing server mus
 ### <a href="" id="-------------app-v-5-1-server-security"></a> App-V server security
-No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
+No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V 5.1 server operations.
 <table>
 <colgroup>