mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge branch 'master' into aljupudi-5609146-Policycsptextinput
This commit is contained in:
commit
a355960d7c
@ -19,90 +19,81 @@ ms.author: greglin
|
||||
|
||||
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later
|
||||
|
||||
<table border="1">
|
||||
<thead>
|
||||
<th>Problem</th>
|
||||
<th>Workaround</th>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td>Unable to manually create a system-owned folder needed for the <code>set-AppVClientConfiguration</code> PowerShell cmdlet when using the <i>PackageInstallationRoot</i>, <i>IntegrationRootUser</i>, or <i>IntegrationRootGlobal</i> parameters.</td>
|
||||
<td>Don't create this file manually, instead let the <code>Add-AppVClientPackage</code> cmdlet auto-generate it.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.</td>
|
||||
<td>Make sure you have the complete App-V package or the MSI file from the original app.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Unable to modify the locale for auto-sequencing.</td>
|
||||
<td>Open the <code>C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml</code> file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: <strong>es-ES</strong>.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the <strong>Settings > Apps> Default Apps</strong> area.</td>
|
||||
<td>The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <strong><appv:Extensions></strong> tag:
|
||||
<pre><code>
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>ftp</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>http</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>https</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
</code></pre><br/> </td>
|
||||
</tr>
|
||||
</tbody>
|
||||
</table>
|
||||
- **Problem**: Unable to manually create a system-owned folder needed for the `set-AppVClientConfiguration` PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
|
||||
|
||||
**Workaround**: Don't create this file manually, instead let the `Add-AppVClientPackage` cmdlet auto-generate it.
|
||||
|
||||
- **Problem**: Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
|
||||
|
||||
**Workaround**: Make sure you have the complete App-V package or the MSI file from the original app.
|
||||
|
||||
- **Problem**: Unable to modify the locale for auto-sequencing.
|
||||
|
||||
**Workaround**: Open the `C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml` file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
|
||||
|
||||
- **Problem**: Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
|
||||
|
||||
**Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `<appv:Extensions>` tag:
|
||||
|
||||
```xml
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>ftp</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>http</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
<appv:Extension Category="AppV.URLProtocol">
|
||||
<appv:URLProtocol>
|
||||
<appv:Name>https</appv:Name>
|
||||
<appv:ApplicationURLProtocol>
|
||||
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
|
||||
<appv:ShellCommands>
|
||||
<appv:DefaultCommand>open</appv:DefaultCommand>
|
||||
<appv:ShellCommand>
|
||||
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
|
||||
<appv:Name>open</appv:Name>
|
||||
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
|
||||
<appv:DdeExec>
|
||||
<appv:DdeCommand />
|
||||
</appv:DdeExec>
|
||||
</appv:ShellCommand>
|
||||
</appv:ShellCommands>
|
||||
</appv:ApplicationURLProtocol>
|
||||
</appv:URLProtocol>
|
||||
</appv:Extension>
|
||||
```
|
||||
|
||||
## Related resources list
|
||||
For information that can help with troubleshooting App-V for Windows client, see:
|
||||
@ -120,4 +111,4 @@ For information that can help with troubleshooting App-V for Windows client, see
|
||||
## Related topics
|
||||
- [What's new in App-V for Windows client](appv-about-appv.md)
|
||||
|
||||
- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
|
||||
- [Release Notes for App-V for Windows 10, version 1607](appv-release-notes-for-appv-for-windows-1703.md)
|
||||
|
@ -28,7 +28,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
|
||||
|
||||
The following shows the BitLocker configuration service provider in tree format.
|
||||
|
||||
```
|
||||
```console
|
||||
./Device/Vendor/MSFT
|
||||
BitLocker
|
||||
----RequireStorageCardEncryption
|
||||
@ -63,85 +63,21 @@ BitLocker
|
||||
<a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**
|
||||
Defines the root node for the BitLocker configuration service provider.
|
||||
<!--Policy-->
|
||||
<a href="" id="requirestoragecardencryption"></a>**RequireStorageCardEncryption**
|
||||
<!--Description-->
|
||||
Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
|
||||
<!--SupportedValues-->
|
||||
- 0 (default) – Storage cards do not need to be encrypted.
|
||||
- 1 – Require storage cards to be encrypted.
|
||||
<!--/SupportedValues-->
|
||||
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
|
||||
|
||||
If you want to disable this policy use the following SyncML:
|
||||
|
||||
```xml
|
||||
<SyncML>
|
||||
<SyncBody>
|
||||
<Replace>
|
||||
<CmdID>$CmdID$</CmdID>
|
||||
<Item>
|
||||
<Target>
|
||||
<LocURI>./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption</LocURI>
|
||||
</Target>
|
||||
<Meta>
|
||||
<Format xmlns="syncml:metinf">int</Format>
|
||||
</Meta>
|
||||
<Data>0</Data>
|
||||
</Item>
|
||||
</Replace>
|
||||
</SyncBody>
|
||||
</SyncML>
|
||||
```
|
||||
|
||||
Data type is integer. Supported operations are Add, Get, Replace, and Delete.
|
||||
<!--/Policy-->
|
||||
<!--Policy-->
|
||||
<a href="" id="requiredeviceencryption"></a>**RequireDeviceEncryption**
|
||||
<!--Description-->
|
||||
Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
Data type is integer. Sample value for this node to enable this policy: 1.
|
||||
Supported operations are Add, Get, Replace, and Delete.
|
||||
@ -193,24 +129,15 @@ If you want to disable this policy, use the following SyncML:
|
||||
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -276,26 +203,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -347,26 +263,15 @@ If you disable or do not configure this setting, the identification field is not
|
||||
Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -400,26 +305,15 @@ If this policy is disabled, the options of "Require additional authentication at
|
||||
Allows users to configure whether or not enhanced startup PINs are used with BitLocker.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -456,26 +350,15 @@ If you disable or do not configure this policy setting, enhanced PINs will not b
|
||||
Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -512,26 +395,15 @@ Sample value for this node to disable this policy is:
|
||||
Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -574,26 +446,15 @@ When the Windows Recovery Environment is not enabled and this policy is not enab
|
||||
Allows you to configure the encryption type that is used by BitLocker.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -633,26 +494,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -741,26 +591,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -818,26 +657,15 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
|
||||
(PrebootRecoveryInfo_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -907,26 +735,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1004,26 +821,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1110,26 +916,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1179,26 +974,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
|
||||
Allows you to configure the encryption type on fixed data drives that is used by BitLocker.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1240,26 +1024,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo
|
||||
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1320,26 +1093,15 @@ Disabling the policy will let the system choose the default behaviors. If you wa
|
||||
Allows you to configure the encryption type that is used by BitLocker.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1375,26 +1137,15 @@ If this policy is disabled or not configured, the BitLocker Setup Wizard asks th
|
||||
Allows you to control the use of BitLocker on removable data drives.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
@ -1445,26 +1196,15 @@ Allows the admin to disable the warning prompt for other disk encryption on the
|
||||
> [!Warning]
|
||||
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--SupportedValues-->
|
||||
The following list shows the supported values:
|
||||
@ -1509,26 +1249,15 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol
|
||||
|
||||
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<!--SupportedValues-->
|
||||
The expected values for this policy are:
|
||||
@ -1564,26 +1293,15 @@ This setting initiates a client-driven recovery password refresh after an OS dri
|
||||
<!--/Description-->
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
Value type is int. Supported operations are Add, Delete, Get, and Replace.
|
||||
@ -1619,26 +1337,15 @@ Each server-side recovery key rotation is represented by a request ID. The serve
|
||||
- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
|
||||
- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
|
||||
@ -1664,26 +1371,15 @@ Interior node. Supported operation is Get.
|
||||
This node reports compliance state of device encryption on the system.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
<!--SupportedValues-->
|
||||
@ -1732,26 +1428,15 @@ Status code can be one of the following:
|
||||
- 0 - Pass
|
||||
- Any other code - Failure HRESULT
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
Value type is int. Supported operation is Get.
|
||||
@ -1767,26 +1452,14 @@ This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
|
||||
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
|
||||
<!--/Description-->
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Business</th>
|
||||
<th>Enterprise</th>
|
||||
<th>Education</th>
|
||||
<th>Mobile</th>
|
||||
|
||||
</tr>
|
||||
<tr>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/checkmark.png" alt="check mark" /></td>
|
||||
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|
||||
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
|
||||
|
File diff suppressed because one or more lines are too long
@ -8501,9 +8501,18 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
|
||||
### TimeLanguageSettings policies
|
||||
|
||||
<dl>
|
||||
<dd>
|
||||
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks" id="timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks">TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone" id="timelanguagesettings-configuretimezone">TimeLanguageSettings/ConfigureTimeZone</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-machineuilanguageoverwrite" id="timelanguagesettings-machineuilanguageoverwrite">TimeLanguageSettings/MachineUILanguageOverwrite</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-restrictlanguagepacksandfeaturesinstall" id="timelanguagesettings-restrictlanguagepacksandfeaturesinstall">TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall</a>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
### Troubleshooting policies
|
||||
|
@ -22,12 +22,75 @@ manager: dansimp
|
||||
## TimeLanguageSettings policies
|
||||
|
||||
<dl>
|
||||
<dd>
|
||||
<a href="#timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks">TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#timelanguagesettings-configuretimezone">TimeLanguageSettings/ConfigureTimeZone</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#timelanguagesettings-machineuilanguageoverwrite">TimeLanguageSettings/MachineUILanguageOverwrite</a>
|
||||
</dd>
|
||||
<dd>
|
||||
<a href="#timelanguagesettings-restrictlanguagepacksandfeaturesinstall">TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall</a>
|
||||
</dd>
|
||||
</dl>
|
||||
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="timelanguagesettings-blockcleanupofunusedpreinstalledlangpacks"></a>**TimeLanguageSettings/BlockCleanupOfUnusedPreinstalledLangPacks**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls whether the maintenance task will run to clean up language packs installed on a machine but are not used by any users on that machine.
|
||||
|
||||
If you enable this policy setting (value 1), language packs that are installed as part of the system image will remain installed even if they are not used by any user on that system.
|
||||
|
||||
If you disable (value 0) or do not configure this policy setting, language packs that are installed as part of the system image but are not used by any user on that system will be removed as part of a scheduled clean up task.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
- GP Friendly name: *Block cleanup of unused language packs*
|
||||
- GP name: *BlockCleanupOfUnusedPreinstalledLangPacks*
|
||||
- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
|
||||
- GP ADMX file name: *Globalization.admx*
|
||||
|
||||
<!--/ADMXMapped-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
@ -74,5 +137,103 @@ Specifies the time zone to be applied to the device. This is the standard Window
|
||||
<!--/Policy-->
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="timelanguagesettings-machineuilanguageoverwrite"></a>**TimeLanguageSettings/MachineUILanguageOverwrite**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting controls which UI language is used for computers with more than one UI language installed.
|
||||
|
||||
If you enable this policy setting, the UI language of Windows menus and dialogs for systems with more than one language is restricted to a specified language. If the specified language is not installed on the target computer or you disable this policy setting, the language selection defaults to the language selected by the local administrator.
|
||||
|
||||
If you disable or do not configure this policy setting, there is no restriction of a specific language used for the Windows menus and dialogs.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--ADMXMapped-->
|
||||
ADMX Info:
|
||||
- GP Friendly name: *Force selected system UI language to overwrite the user UI language*
|
||||
- GP name: *MachineUILanguageOverwrite*
|
||||
- GP path: *Computer Configuration/Administrative Templates/Control Panel/Regional and Language Options*
|
||||
- GP ADMX file name: *Globalization.admx*
|
||||
|
||||
<!--/ADMXMapped-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--Policy-->
|
||||
<a href="" id="timelanguagesettings-restrictlanguagepacksandfeaturesinstall"></a>**TimeLanguageSettings/RestrictLanguagePacksAndFeaturesInstall**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
|
||||
<!--Scope-->
|
||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
||||
|
||||
> [!div class = "checklist"]
|
||||
> * Device
|
||||
|
||||
<hr/>
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
This policy setting restricts standard users from installing language features on demand. This policy does not restrict the Windows language, if you want to restrict the Windows language use the following policy: “Restricts the UI languages Windows should use for the selected user.”
|
||||
|
||||
If you enable this policy setting, the installation of language features is prevented for standard users.
|
||||
|
||||
If you disable or do not configure this policy setting, there is no language feature installation restriction for the standard users.
|
||||
|
||||
<!--/Description-->
|
||||
<!--SupportedValues-->
|
||||
|
||||
<!--/SupportedValues-->
|
||||
<!--Example-->
|
||||
|
||||
<!--/Example-->
|
||||
<!--Validation-->
|
||||
|
||||
<!--/Validation-->
|
||||
<!--/Policy-->
|
||||
|
||||
<!--/Policies-->
|
||||
|
||||
|
@ -1222,7 +1222,6 @@ Enable IT admin to configure feature update uninstall period. Values range 2 - 6
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
|
||||
|
||||
Defers Feature Updates for the specified number of days.
|
||||
|
||||
@ -1394,8 +1393,6 @@ ADMX Info:
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
> [!NOTE]
|
||||
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
|
||||
>
|
||||
> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
|
||||
|
||||
|
||||
@ -1929,8 +1926,6 @@ ADMX Info:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
> [!NOTE]
|
||||
> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
|
||||
|
||||
Allows IT Admins to exclude Windows Update (WU) drivers during updates.
|
||||
|
||||
@ -2049,7 +2044,7 @@ The following list shows the supported values:
|
||||
To validate this policy:
|
||||
|
||||
1. Enable the policy and ensure the device is on a cellular network.
|
||||
2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
|
||||
2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell:
|
||||
```TShell
|
||||
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
|
||||
```
|
||||
@ -2102,7 +2097,7 @@ The following list shows the supported values:
|
||||
To validate this policy:
|
||||
|
||||
1. Enable the policy and ensure the device is on a cellular network.
|
||||
2. Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell:
|
||||
2. Run the scheduled task on your device to check for app updates in the background. For example, on a device, run the following commands in TShell:
|
||||
```TShell
|
||||
exec-device schtasks.exe -arguments '/run /tn "\Microsoft\Windows\WindowsUpdate\Automatic App Update" /I'
|
||||
```
|
||||
@ -2244,8 +2239,6 @@ The following list shows the supported values:
|
||||
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
|
||||
|
||||
|
||||
Allows IT Admins to pause feature updates for up to 35 days. We recomment that you use the *Update/PauseFeatureUpdatesStartTime* policy if you are running Windows 10, version 1703 or later.
|
||||
|
||||
@ -2422,38 +2415,14 @@ This policy is deprecated. Use [Update/RequireUpdateApproval](#update-requireupd
|
||||
<a href="" id="update-productversion"></a>**Update/ProductVersion**
|
||||
|
||||
<!--SupportedSKUs-->
|
||||
<table>
|
||||
<tr>
|
||||
<th>Edition</th>
|
||||
<th>Windows 10</th>
|
||||
<th>Windows 11</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td>No</td>
|
||||
<td>No</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td>Yes</td>
|
||||
<td>Yes</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Business</td>
|
||||
<td>Yes</td>
|
||||
<td>Yes</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td>Yes</td>
|
||||
<td>Yes</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td>Yes</td>
|
||||
<td>Yes</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
|Edition|Windows 10|Windows 11|
|
||||
|--- |--- |--- |
|
||||
|Home|No|No|
|
||||
|Pro|Yes|Yes|
|
||||
|Business|Yes|Yes|
|
||||
|Enterprise|Yes|Yes|
|
||||
|Education|Yes|Yes|
|
||||
|
||||
<!--/SupportedSKUs-->
|
||||
<hr/>
|
||||
@ -2578,7 +2547,7 @@ The following list shows the supported values:
|
||||
<!--/Scope-->
|
||||
<!--Description-->
|
||||
> [!NOTE]
|
||||
> This policy is *only* recommended for managing mobile devices. If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
|
||||
> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
|
||||
|
||||
|
||||
Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
|
||||
|
@ -86,18 +86,6 @@ The following table describes settings that you can configure using the wizards
|
||||
| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✔️ | ❌ |
|
||||
| Developer Setup | Enable Developer Mode | ❌ | ❌ | ✔️ |
|
||||
|
||||
|
||||
<!-- <table><tr><td align="left"><strong>Step</strong></td><td align="left"><strong>Description</strong></td><td><strong>Desktop wizard</strong></td><td align="center"><strong>Mobile wizard</strong></td><td><strong>Kiosk wizard</strong></td><td><strong>HoloLens wizard</strong></td></tr> -->
|
||||
<!-- <tr><td valign="top">Set up device</td><td valign="top">Assign device name,</br>enter product key to upgrade Windows,</br>configure shared used,</br>remove pre-installed software</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></br>(Only device name and upgrade key)</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Set up network</td><td valign="top">Connect to a Wi-Fi network</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Account management</td><td valign="top">Enroll device in Active Directory,</br>enroll device in Azure Active Directory,</br>or create a local administrator account</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no33"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Bulk Enrollment in Azure AD</td><td valign="top">Enroll device in Azure Active Directory</br></br>Before you use a Windows Configuration Designer wizard to configure bulk Azure AD enrollment, <a href="/azure/active-directory/active-directory-azureadjoin-setup" data-raw-source="[set up Azure AD join in your organization](/azure/active-directory/active-directory-azureadjoin-setup)">set up Azure AD join in your organization</a>.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no44"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no66"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no55"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Add applications</td><td valign="top">Install applications using the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no77"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no88"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Add certificates</td><td valign="top">Include a certificate file in the provisioning package.</td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no99"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Configure kiosk account and app</td><td valign="top">Create local account to run the kiosk mode app,</br>specify the app to run in kiosk mode</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no00"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no111"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no222"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Configure kiosk common settings</td><td valign="top">Set tablet mode,</br>configure welcome and shutdown screens,</br>turn off timeout settings</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no333"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no555"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no666"/></td></tr> -->
|
||||
<!-- <tr><td valign="top">Developer Setup</td><td valign="top">Enable Developer Mode.</td><td align="center" valign="top"><img src="../images/crossmark.png" alt="n777o"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no444"/></td><td align="center" valign="top"><img src="../images/crossmark.png" alt="no888"/></td><td align="center" valign="top"><img src="../images/checkmark.png" alt="yes"/></td></tr></table> -->
|
||||
|
||||
- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
|
||||
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
|
||||
- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
|
||||
@ -138,7 +126,7 @@ WCD supports the following scenarios for IT administrators:
|
||||
|
||||
* **Simple provisioning** – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
|
||||
|
||||
[Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md)
|
||||
[Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md)
|
||||
|
||||
* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.
|
||||
|
||||
|
@ -64,8 +64,8 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
|
||||
| Setting | Value |
|
||||
|:---|:---|
|
||||
| EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) </br></br>Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**. |
|
||||
| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC. <br/> - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.<br/> - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.<br/>- **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
|
||||
| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out. <br/>- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed. <br/><br/>Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. <br/>- **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
|
||||
| AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. <br/><br/>Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC. <br/><br/> - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.<br/> - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.<br/>- **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
|
||||
| AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out. <br/><br/>- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed. <br/><br/>Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. <br/>- **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold** |
|
||||
| AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. |
|
||||
| AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. |
|
||||
| AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. |
|
||||
@ -243,92 +243,137 @@ On a desktop computer, navigate to **Settings** > **Accounts** > **Work ac
|
||||
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
|
||||
```
|
||||
|
||||
|
||||
## Policies set by shared PC mode
|
||||
|
||||
Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
|
||||
|
||||
<table border="1">
|
||||
### Admin Templates > Control Panel > Personalization
|
||||
|
||||
<tr><th><p>Policy name</p></th><th><p>Value</p></th><th><p>When set?</p></th></tr> </thead>
|
||||
<tbody>
|
||||
<tr><td colspan="3"><p><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong></p></td></tr>
|
||||
<tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr><td colspan="3"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></p></td></tr>
|
||||
<tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td colspan="3"><p><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></p></td></tr>
|
||||
<tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td><td><p>SignInOnResume=True</p></td></tr>
|
||||
<tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td><td><p>SignInOnResume=True</p></td></tr>
|
||||
<tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p><em>SleepTimeout</em></p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p><em>SleepTimeout</em></p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Turn off hybrid sleep (plugged in)</p></td> <td> <p>Enabled</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Turn off hybrid sleep (on battery)</p></td> <td> <p>Enabled</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Specify the unattended sleep timeout (plugged in)</p></td> <td> <p><em>SleepTimeout</em></p> </td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Specify the unattended sleep timeout (on battery)</p></td> <td> <p><em>SleepTimeout</em></p> </td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Allow standby states (S1-S3) when sleeping (plugged in)</p></td> <td> <p>Enabled</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Allow standby states (S1-S3) when sleeping (on battery)</p></td> <td> <p>Enabled</p></td> <td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Specify the system hibernate timeout (plugged in)</p></td> <td> <p>Enabled, 0</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Specify the system hibernate timeout (on battery)</p></td> <td> <p>Enabled, 0</p></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Video and Display Settings</strong></p></td></tr>
|
||||
<tr> <td> <p>Turn off the display (plugged in)</p></td> <td> <p><em>SleepTimeout</em></p> </td></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Turn off the display (on battery</p></td> <td> <p><em>SleepTimeout</em></p> </td></td><td><p>SetPowerPolicies=True</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>System</strong>><strong>Power Management</strong>><strong>Energy Saver Settings</strong></p></td></tr>
|
||||
<tr><td>Energy Saver Battery Threshold (on battery)</td><td>70</td><td>SetPowerPolicies=True</td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>System</strong>><strong>Logon</strong></p></td></tr>
|
||||
<tr> <td> <p>Show first sign-in animation</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Hide entry points for Fast User Switching</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Turn on convenience PIN sign-in</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Turn off picture password sign-in</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Turn off app notification on the lock screen</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Allow users to select when a password is required when resuming from connected standby</p></td> <td> <p>Disabled</p></td><td><p>SignInOnResume=True</p></td>
|
||||
</tr>
|
||||
<tr> <td> <p>Block user from showing account details on sign-in</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>System</strong>><strong>User Profiles</strong></p></td></tr>
|
||||
<tr> <td> <p>Turn off the advertising ID</p></td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components </strong></p></td></tr>
|
||||
<tr> <td> <p>Do not show Windows Tips </p> </td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Turn off Microsoft consumer experiences </p></td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr>
|
||||
<tr> <td> <p>Microsoft Passport for Work</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Prevent the usage of OneDrive for file storage</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Biometrics</strong></p></td></tr>
|
||||
<tr> <td> <p>Allow the use of biometrics</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Allow users to log on using biometrics</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Allow domain users to log on using biometrics</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Data Collection and Preview Builds</strong></p></td></tr>
|
||||
<tr> <td> <p>Toggle user control over Insider builds</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Disable pre-release features or settings</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Do not show feedback notifications</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr><td>Allow Telemetry</td><td>Basic, 0</td><td>SetEduPolicies=True</td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>File Explorer</strong></p></td></tr>
|
||||
<tr> <td> <p>Show lock in the user tile menu</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Maintenance Scheduler</strong></p></td></tr>
|
||||
<tr> <td> <p>Automatic Maintenance Activation Boundary</p></td> <td> <p><em>MaintenanceStartTime</em></p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Automatic Maintenance Random Delay</p></td> <td> <p>Enabled, 2 hours</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Automatic Maintenance WakeUp Policy</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Windows Hello for Business</strong></p></td></tr>
|
||||
<tr> <td> <p>Use phone sign-in</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Use Windows Hello for Business</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Use biometrics</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>OneDrive</strong></p></td></tr>
|
||||
<tr> <td> <p>Prevent the usage of OneDrive for file storage</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr>
|
||||
<tr> <td colspan="3"> <p><strong>Windows Settings</strong>><strong>Security Settings</strong>><strong>Local Policies</strong>><strong>Security Options</strong></p></td>
|
||||
</tr>
|
||||
<tr> <td> <p>Interactive logon: Do not display last user name</p> </td> <td> <p>Enabled, Disabled when account model is only guest</p> </td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p>Disabled</p> </td> <td><p>Always</p></td>
|
||||
</tr>
|
||||
<tr> <td> <p>Shutdown: Allow system to be shut down without having to log on</p> </td> <td> <p>Disabled</p> </td><td><p>Always</p></td></tr>
|
||||
<tr> <td> <p>User Account Control: Behavior of the elevation prompt for standard users</p> </td> <td> <p>Auto deny</p> </td><td><p>Always</p></td></tr>
|
||||
</tbody>
|
||||
</table> </br></br>
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Prevent enabling lock screen slide show|Enabled|Always|
|
||||
|Prevent changing lock screen and logon image|Enabled|Always|
|
||||
|
||||
### Admin Templates > System > Power Management > Button Settings
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Select the Power button action (plugged in)|Sleep|SetPowerPolicies=True|
|
||||
|Select the Power button action (on battery)|Sleep|SetPowerPolicies=True|
|
||||
|Select the Sleep button action (plugged in)|Sleep|SetPowerPolicies=True|
|
||||
|Select the lid switch action (plugged in)|Sleep|SetPowerPolicies=True|
|
||||
|Select the lid switch action (on battery)|Sleep|SetPowerPolicies=True|
|
||||
|
||||
### Admin Templates > System > Power Management > Sleep Settings
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Require a password when a computer wakes (plugged in)|Enabled|SignInOnResume=True|
|
||||
|Require a password when a computer wakes (on battery)|Enabled|SignInOnResume=True|
|
||||
|Specify the system sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|Specify the system sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|Turn off hybrid sleep (plugged in)|Enabled|SetPowerPolicies=True|
|
||||
|Turn off hybrid sleep (on battery)|Enabled|SetPowerPolicies=True|
|
||||
|Specify the unattended sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|Specify the unattended sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|Allow standby states (S1-S3) when sleeping (plugged in)|Enabled|SetPowerPolicies=True|
|
||||
|Allow standby states (S1-S3) when sleeping (on battery)|Enabled |SetPowerPolicies=True|
|
||||
|Specify the system hibernate timeout (plugged in)|Enabled, 0|SetPowerPolicies=True|
|
||||
|Specify the system hibernate timeout (on battery)|Enabled, 0|SetPowerPolicies=True|
|
||||
|
||||
### Admin Templates>System>Power Management>Video and Display Settings
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Turn off the display (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|Turn off the display (on battery|*SleepTimeout*|SetPowerPolicies=True|
|
||||
|
||||
### Admin Templates>System>Power Management>Energy Saver Settings
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Energy Saver Battery Threshold (on battery)|70|SetPowerPolicies=True|
|
||||
|
||||
### Admin Templates>System>Logon
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Show first sign-in animation|Disabled|Always|
|
||||
|Hide entry points for Fast User Switching|Enabled|Always|
|
||||
|Turn on convenience PIN sign-in|Disabled|Always|
|
||||
|Turn off picture password sign-in|Enabled|Always|
|
||||
|Turn off app notification on the lock screen|Enabled|Always|
|
||||
|Allow users to select when a password is required when resuming from connected standby|Disabled|SignInOnResume=True|
|
||||
|Block user from showing account details on sign-in|Enabled|Always|
|
||||
|
||||
### Admin Templates>System>User Profiles
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Turn off the advertising ID|Enabled|SetEduPolicies=True|
|
||||
|
||||
### Admin Templates>Windows Components
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Do not show Windows Tips |Enabled|SetEduPolicies=True|
|
||||
|Turn off Microsoft consumer experiences |Enabled|SetEduPolicies=True|
|
||||
|Microsoft Passport for Work|Disabled|Always|
|
||||
|Prevent the usage of OneDrive for file storage|Enabled|Always|
|
||||
|
||||
### Admin Templates>Windows Components>Biometrics
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Allow the use of biometrics|Disabled|Always|
|
||||
|Allow users to log on using biometrics|Disabled|Always|
|
||||
|Allow domain users to log on using biometrics|Disabled|Always|
|
||||
|
||||
### Admin Templates>Windows Components>Data Collection and Preview Builds
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Toggle user control over Insider builds|Disabled|Always|
|
||||
|Disable pre-release features or settings|Disabled|Always|
|
||||
|Do not show feedback notifications|Enabled|Always|
|
||||
|Allow Telemetry|Basic, 0|SetEduPolicies=True|
|
||||
|
||||
### Admin Templates>Windows Components>File Explorer
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Show lock in the user tile menu|Disabled|Always|
|
||||
|
||||
### Admin Templates>Windows Components>Maintenance Scheduler
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Automatic Maintenance Activation Boundary|*MaintenanceStartTime*|Always|
|
||||
|Automatic Maintenance Random Delay|Enabled, 2 hours|Always|
|
||||
|Automatic Maintenance WakeUp Policy|Enabled|Always|
|
||||
|
||||
### Admin Templates>Windows Components>Windows Hello for Business
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Use phone sign-in|Disabled|Always|
|
||||
|Use Windows Hello for Business|Disabled|Always|
|
||||
|Use biometrics|Disabled|Always|
|
||||
|
||||
### Admin Templates>Windows Components>OneDrive
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Prevent the usage of OneDrive for file storage|Enabled|Always|
|
||||
|
||||
### Windows Settings>Security Settings>Local Policies>Security Options
|
||||
|
||||
|Policy Name| Value|When set?|
|
||||
|--- |--- |--- |
|
||||
|Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always|
|
||||
|Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always|
|
||||
|Shutdown: Allow system to be shut down without having to log on|Disabled|Always|
|
||||
|User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always|
|
||||
|
@ -135,6 +135,7 @@ Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a
|
||||
### Scenario example
|
||||
|
||||
Downgrading from Enterprise
|
||||
|
||||
- Original edition: **Professional OEM**
|
||||
- Upgrade edition: **Enterprise**
|
||||
- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
|
||||
@ -143,102 +144,24 @@ You can move directly from Enterprise to any valid destination edition. In this
|
||||
|
||||
### Supported Windows 10 downgrade paths
|
||||
|
||||
✔ = Supported downgrade path<br>
|
||||
S = Supported; Not considered a downgrade or an upgrade<br>
|
||||
[blank] = Not supported or not a downgrade<br>
|
||||
✔ = Supported downgrade path
|
||||
|
||||
<br>
|
||||
<table border="0" cellpadding="1">
|
||||
<tr>
|
||||
<th colspan="10" align="center">Destination edition</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th> </th>
|
||||
<th> </th>
|
||||
<th>Home</th>
|
||||
<th>Pro</th>
|
||||
<th>Pro for Workstations</th>
|
||||
<th>Pro Education</th>
|
||||
<th>Education</th>
|
||||
<th>Enterprise LTSC</th>
|
||||
<th>Enterprise</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<th rowspan="9" valign="middle">Starting edition</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Home</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro for Workstations</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Pro Education</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Education</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
<td>S</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise LTSC</td>
|
||||
<td></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td align="center"></td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Enterprise</td>
|
||||
<td></td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">✔</td>
|
||||
<td align="center">S</td>
|
||||
<td></td>
|
||||
<td></td>
|
||||
</tr>
|
||||
</table>
|
||||
S = Supported; Not considered a downgrade or an upgrade
|
||||
|
||||
[blank] = Not supported or not a downgrade
|
||||
|
||||
**Destination Edition: (Starting)**
|
||||
|
||||
|Edition|Home|Pro|Pro for Workstations|Pro Education|Education|Enterprise LTSC|Enterprise|
|
||||
|--- |--- |--- |--- |--- |--- |--- |--- |
|
||||
|Home||||||||
|
||||
|Pro||||||||
|
||||
|Pro for Workstations||||||||
|
||||
|Pro Education||||||||
|
||||
|Education||✔|✔|✔|||S|
|
||||
|Enterprise LTSC||||||||
|
||||
|Enterprise||✔|✔|✔|S|||
|
||||
|
||||
>
|
||||
> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
|
||||
|
||||
Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
|
||||
@ -247,4 +170,4 @@ Some slightly more complex scenarios are not represented by the table above. For
|
||||
|
||||
[Windows 10 upgrade paths](./windows-10-upgrade-paths.md)<br>
|
||||
[Windows 10 volume license media](../windows-10-media.md)<br>
|
||||
[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)
|
||||
[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)
|
||||
|
@ -28,64 +28,16 @@ When you PXE-boot from a WDS server that uses the **boot.wim** file from install
|
||||
|
||||
## Deployment scenarios affected
|
||||
|
||||
The table below provides support details for specific deployment scenarios.
|
||||
The table below provides support details for specific deployment scenarios (Boot Image Version).
|
||||
|
||||
||Windows 10|Windows Server 2016|Windows Server 2019|Windows Server 2022|Windows 11|
|
||||
|--- |--- |--- |--- |--- |--- |
|
||||
|**Windows 10**|Supported, using a boot image from matching or newer version.|Supported, using a boot image from Windows 10, version 1607 or later.|Supported, using a boot image from Windows 10, version 1809 or later.|Not supported.|Not supported.|
|
||||
|**Windows Server 2016**|Supported, using a boot image from Windows 10, version 1607 or later.|Supported.|Not supported.|Not supported.|Not supported.|
|
||||
|**Windows Server 2019**|Supported, using a boot image from Windows 10, version 1809 or later.|Supported.|Supported.|Not supported.|Not supported.|
|
||||
|**Windows Server 2022**|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Not supported.|
|
||||
|**Windows 11**|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|
|
||||
|
||||
<br>
|
||||
<table cellpadding="1">
|
||||
<tr>
|
||||
<td> </td>
|
||||
<td> </td>
|
||||
<th>Windows 10</th>
|
||||
<th>Windows Server 2016</th>
|
||||
<th>Windows Server 2019</th>
|
||||
<th>Windows Server 2022</th>
|
||||
<th>Windows 11</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td rowspan="6"><i>
|
||||
<br> <br> <br> <br> <br> <br> <br> <br> <br> <br>Boot image version</i></td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Windows 10</b></td>
|
||||
<td>Supported, using a boot image from matching or newer version.</td>
|
||||
<td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
|
||||
<td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
|
||||
<td>Not supported.</td>
|
||||
<td>Not supported.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Windows Server 2016</b></td>
|
||||
<td>Supported, using a boot image from Windows 10, version 1607 or later.</td>
|
||||
<td>Supported.</td>
|
||||
<td>Not supported.</td>
|
||||
<td>Not supported.</td>
|
||||
<td>Not supported.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Windows Server 2019</b></td>
|
||||
<td>Supported, using a boot image from Windows 10, version 1809 or later.</td>
|
||||
<td>Supported.</td>
|
||||
<td>Supported.</td>
|
||||
<td>Not supported.</td>
|
||||
<td>Not supported.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Windows Server 2022</b></td>
|
||||
<td>Deprecated, with a warning message.</td>
|
||||
<td>Deprecated, with a warning message.</td>
|
||||
<td>Deprecated, with a warning message.</td>
|
||||
<td>Deprecated, with a warning message.</td>
|
||||
<td>Not supported.</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><b>Windows 11</b></td>
|
||||
<td>Not supported, blocked.</td>
|
||||
<td>Not supported, blocked.</td>
|
||||
<td>Not supported, blocked.</td>
|
||||
<td>Not supported, blocked.</td>
|
||||
<td>Not supported, blocked.</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
## Reason for the change
|
||||
|
||||
|
@ -23,123 +23,41 @@ ms.collection: highpri
|
||||
|
||||
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
|
||||
|
||||
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
|
||||
## Deployment categories
|
||||
|
||||
The following tables summarize various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
|
||||
|
||||
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home).
|
||||
- Note: Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates.
|
||||
|
||||
> [!NOTE]
|
||||
> Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates.
|
||||
|
||||
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
|
||||
|
||||
- Traditional deployment methods use existing tools to deploy operating system images.<br>
|
||||
|
||||
<table border="0">
|
||||
<tr><td align="center" bgcolor='#a0e4fa'><b>Category</b></td>
|
||||
<td align="center" bgcolor='#a0e4fa'><b>Scenario</b></td>
|
||||
<td align="center" bgcolor='#a0e4fa'><b>Description</b></td>
|
||||
<td align="center" bgcolor='#a0e4fa'><b>More information</b></td></tr>
|
||||
<tr><td align='center' valign='middle' style='width:16%; border:1;' rowspan="2">Modern</td>
|
||||
<td align="center">
|
||||
### Modern
|
||||
|
||||
[Windows Autopilot](#windows-autopilot)</td>
|
||||
<td align="center">
|
||||
Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/windows-autopilot/windows-10-autopilot">Overview of Windows Autopilot</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center">
|
||||
|Scenario|Description|More information|
|
||||
|--- |--- |--- |
|
||||
|[Windows Autopilot](#windows-autopilot)|Customize the out-of-box-experience (OOBE) for your organization, and deploy a new system with apps and settings already configured|[Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot)|
|
||||
|[In-place upgrade](#in-place-upgrade)|Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.|[Perform an in-place upgrade to Windows 10 with MDT](/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit)<br>[Perform an in-place upgrade to Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager)|
|
||||
|
||||
[In-place upgrade](#in-place-upgrade)
|
||||
### Dynamic
|
||||
|
||||
</td>
|
||||
<td align="center">
|
||||
Use Windows Setup to update your OS and migrate apps and settings. Rollback data is saved in Windows.old.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit">Perform an in-place upgrade to Windows 10 with MDT</a><br><a href="/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager">Perform an in-place upgrade to Windows 10 using Configuration Manager</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" rowspan="3">
|
||||
Dynamic
|
||||
</td>
|
||||
<td align="center">
|
||||
|Scenario|Description|More information|
|
||||
|--- |--- |--- |
|
||||
|[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)|
|
||||
|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to AAD and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)|
|
||||
|[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)|
|
||||
|
||||
[Subscription Activation](#windows-10-subscription-activation)
|
||||
</td>
|
||||
<td align="center">
|
||||
Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/windows-10-enterprise-subscription-activation">Windows 10 Subscription Activation</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center">
|
||||
|
||||
[AAD / MDM](#dynamic-provisioning)
|
||||
</td>
|
||||
<td align="center">
|
||||
The device is automatically joined to AAD and configured by MDM.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/client-management/mdm/azure-active-directory-integration-with-mdm">Azure Active Directory integration with MDM</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center">
|
||||
|
||||
[Provisioning packages](#dynamic-provisioning)
|
||||
</td>
|
||||
<td align="center">
|
||||
Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/configuration/configure-devices-without-mdm">Configure devices without MDM</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center" rowspan="3">
|
||||
Traditional
|
||||
</td>
|
||||
<td align="center">
|
||||
|
||||
[Bare metal](#new-computer)
|
||||
</td>
|
||||
<td align="center">
|
||||
Deploy a new device, or wipe an existing device and deploy with a fresh image.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager">Deploy Windows 10 using PXE and Configuration Manager</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center">
|
||||
|
||||
[Refresh](#computer-refresh)
|
||||
</td>
|
||||
<td align="center">
|
||||
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td align="center">
|
||||
|
||||
[Replace](#computer-replace)
|
||||
</td>
|
||||
<td align="center">
|
||||
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
|
||||
</td>
|
||||
<td align="center">
|
||||
<a href="/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<br>
|
||||
### Traditional
|
||||
|
||||
|Scenario|Description|More information|
|
||||
|--- |--- |--- |
|
||||
|[Bare metal](#new-computer)|Deploy a new device, or wipe an existing device and deploy with a fresh image. |[Deploy a Windows 10 image using MDT](/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt)<br>[Deploy Windows 10 using PXE and Configuration Manager](/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager)|
|
||||
|[Refresh](#computer-refresh)|Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state. | [Refresh a Windows 7 computer with Windows 10](/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10)<br>[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager)|
|
||||
|[Replace](#computer-replace)|Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.| [Replace a Windows 7 computer with a Windows 10 computer](/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer)<br>[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager)|
|
||||
|
||||
>[!IMPORTANT]
|
||||
>The Windows Autopilot and Subscription Activation scenarios require that the beginning OS be Windows 10 version 1703, or later.<br>
|
||||
@ -176,8 +94,11 @@ Scenarios that support in-place upgrade with some additional procedures include
|
||||
There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
|
||||
|
||||
- Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
|
||||
|
||||
- Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
|
||||
|
||||
- Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported – preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
|
||||
|
||||
- Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
|
||||
|
||||
|
||||
|
@ -25,7 +25,8 @@ ms.topic: article
|
||||
|
||||
- Windows 10
|
||||
|
||||
**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide:
|
||||
> [!IMPORTANT]
|
||||
> This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide:
|
||||
- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
|
||||
|
||||
Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
|
||||
@ -36,7 +37,7 @@ The PoC environment is a virtual network running on Hyper-V with three virtual m
|
||||
- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
|
||||
- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
|
||||
|
||||
>This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work.
|
||||
This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work.
|
||||
|
||||
## In this guide
|
||||
|
||||
@ -44,23 +45,15 @@ This guide provides instructions to install and configure the Microsoft Deployme
|
||||
|
||||
Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
|
||||
|
||||
<br>
|
||||
|
||||
<div>
|
||||
|
||||
<table border="1" cellspacing="0" cellpadding="0">
|
||||
<tr><td BGCOLOR="#a0e4fa"><B>Topic</B><td BGCOLOR="#a0e4fa"><B>Description</B><td BGCOLOR="#a0e4fa"><B>Time</B>
|
||||
|
||||
<tr><td><a href="#about-mdt" data-raw-source="[About MDT](#about-mdt)">About MDT</a><td>A high-level overview of the Microsoft Deployment Toolkit (MDT).<td>Informational
|
||||
<tr><td><a href="#install-mdt" data-raw-source="[Install MDT](#install-mdt)">Install MDT</a><td>Download and install MDT.<td>40 minutes
|
||||
<tr><td><a href="#create-a-deployment-share-and-reference-image" data-raw-source="[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)">Create a deployment share and reference image</a><td>A reference image is created to serve as the template for deploying new images.<td>90 minutes
|
||||
<tr><td><a href="#deploy-a-windows-10-image-using-mdt" data-raw-source="[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)">Deploy a Windows 10 image using MDT</a><td>The reference image is deployed in the PoC environment.<td>60 minutes
|
||||
<tr><td><a href="#refresh-a-computer-with-windows-10" data-raw-source="[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)">Refresh a computer with Windows 10</a><td>Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.<td>60 minutes
|
||||
<tr><td><a href="#replace-a-computer-with-windows-10" data-raw-source="[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)">Replace a computer with Windows 10</a><td>Back up an existing client computer, then restore this backup to a new computer.<td>60 minutes
|
||||
<tr><td><a href="#troubleshooting-logs-events-and-utilities" data-raw-source="[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)">Troubleshooting logs, events, and utilities</a><td>Log locations and troubleshooting hints.<td>Informational
|
||||
</TABLE>
|
||||
|
||||
</div>
|
||||
|Topic|Description|Time|
|
||||
|--- |--- |--- |
|
||||
|[About MDT](#about-mdt)|A high-level overview of the Microsoft Deployment Toolkit (MDT).|Informational|
|
||||
|[Install MDT](#install-mdt)|Download and install MDT.|40 minutes|
|
||||
|[Create a deployment share and reference image](#create-a-deployment-share-and-reference-image)|A reference image is created to serve as the template for deploying new images.|90 minutes|
|
||||
|[Deploy a Windows 10 image using MDT](#deploy-a-windows-10-image-using-mdt)|The reference image is deployed in the PoC environment.|60 minutes|
|
||||
|[Refresh a computer with Windows 10](#refresh-a-computer-with-windows-10)|Export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings.|60 minutes|
|
||||
|[Replace a computer with Windows 10](#replace-a-computer-with-windows-10)|Back up an existing client computer, then restore this backup to a new computer.|60 minutes|
|
||||
|[Troubleshooting logs, events, and utilities](#troubleshooting-logs-events-and-utilities)|Log locations and troubleshooting hints.|Informational|
|
||||
|
||||
## About MDT
|
||||
|
||||
@ -73,18 +66,19 @@ MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch
|
||||
|
||||
1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
|
||||
|
||||
```
|
||||
```powershell
|
||||
$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
|
||||
Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
|
||||
Stop-Process -Name Explorer
|
||||
```
|
||||
|
||||
2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443.
|
||||
|
||||
3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components.
|
||||
|
||||
3. If desired, re-enable IE Enhanced Security Configuration:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
|
||||
Stop-Process -Name Explorer
|
||||
```
|
||||
@ -95,7 +89,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
|
||||
1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
|
||||
```
|
||||
2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
|
||||
@ -130,7 +124,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
- Progress: wait for files to be copied
|
||||
- Confirmation: click **Finish**
|
||||
|
||||
>For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
|
||||
For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
|
||||
|
||||
11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
|
||||
- Task sequence ID: **REFW10X64-001**<BR>
|
||||
@ -141,7 +135,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
- Specify Product Key: **Do not specify a product key at this time**
|
||||
- Full Name: **Contoso**
|
||||
- Organization: **Contoso**
|
||||
- Internet Explorer home page: **http://www.contoso.com**
|
||||
- Internet Explorer home page: `http://www.contoso.com`
|
||||
- Admin Password: **Do not specify an Administrator password at this time**
|
||||
- Summary: click **Next**
|
||||
- Confirmation: click **Finish**
|
||||
@ -159,7 +153,8 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
|
||||
17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
|
||||
|
||||
>Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
|
||||
> [!NOTE]
|
||||
> Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
|
||||
|
||||
18. Click **OK** to complete editing the task sequence.
|
||||
|
||||
@ -167,7 +162,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
|
||||
20. Replace the default rules with the following text:
|
||||
|
||||
```
|
||||
```text
|
||||
[Settings]
|
||||
Priority=Default
|
||||
|
||||
@ -202,7 +197,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
|
||||
21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
|
||||
|
||||
```
|
||||
```text
|
||||
[Settings]
|
||||
Priority=Default
|
||||
|
||||
@ -222,20 +217,18 @@ A reference image serves as the foundation for Windows 10 devices in your organi
|
||||
|
||||
25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
|
||||
|
||||
>Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
|
||||
> [!TIP]
|
||||
> To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
|
||||
|
||||
26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
|
||||
|
||||
<div>
|
||||
<pre>
|
||||
|
||||
```powershell
|
||||
New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
|
||||
Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
|
||||
Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
|
||||
Start-VM REFW10X64-001
|
||||
vmconnect localhost REFW10X64-001
|
||||
</pre>
|
||||
</div>
|
||||
```
|
||||
|
||||
The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file.
|
||||
|
||||
@ -307,7 +300,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
|
||||
|
||||
```
|
||||
```powershell
|
||||
copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
|
||||
copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
|
||||
```
|
||||
@ -315,7 +308,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
|
||||
|
||||
```
|
||||
```text
|
||||
[Settings]
|
||||
Priority=Default
|
||||
|
||||
@ -351,19 +344,21 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
SkipFinalSummary=NO
|
||||
EventService=http://SRV1:9800
|
||||
```
|
||||
**Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
|
||||
|
||||
> [!NOTE]
|
||||
> The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
|
||||
|
||||
>In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
|
||||
In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
|
||||
|
||||
If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
|
||||
|
||||
```
|
||||
```console
|
||||
ScanStateArgs=/ue:*\* /ui:CONTOSO\*
|
||||
```
|
||||
|
||||
For example, to migrate **all** users on the computer, replace this line with the following:
|
||||
|
||||
```
|
||||
```console
|
||||
ScanStateArgs=/all
|
||||
```
|
||||
|
||||
@ -371,7 +366,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
|
||||
|
||||
```
|
||||
```text
|
||||
[Settings]
|
||||
Priority=Default
|
||||
|
||||
@ -382,6 +377,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
UserPassword=pass@word1
|
||||
SkipBDDWelcome=YES
|
||||
```
|
||||
|
||||
5. Click **OK** when finished.
|
||||
|
||||
### Update the deployment share
|
||||
@ -406,7 +402,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
|
||||
|
||||
```
|
||||
```powershell
|
||||
WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
|
||||
WDSUTIL /Set-Server /AnswerClients:All
|
||||
```
|
||||
@ -421,11 +417,12 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway.
|
||||
|
||||
>**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
|
||||
> [!NOTE]
|
||||
> Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
|
||||
|
||||
Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Disable-NetAdapter "Ethernet 2" -Confirm:$false
|
||||
```
|
||||
|
||||
@ -434,28 +431,30 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
|
||||
|
||||
2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
|
||||
|
||||
```
|
||||
```powershell
|
||||
New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
|
||||
Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
|
||||
```
|
||||
|
||||
>Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
|
||||
Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
|
||||
|
||||
3. Start the new VM and connect to it:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Start-VM PC2
|
||||
vmconnect localhost PC2
|
||||
```
|
||||
|
||||
4. When prompted, hit ENTER to start the network boot process.
|
||||
|
||||
5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
|
||||
|
||||
6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Enable-NetAdapter "Ethernet 2"
|
||||
```
|
||||
|
||||
7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
|
||||
8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
|
||||
|
||||
@ -470,34 +469,36 @@ This section will demonstrate how to export user data from an existing client co
|
||||
|
||||
1. If the PC1 VM is not already running, then start and connect to it:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Start-VM PC1
|
||||
vmconnect localhost PC1
|
||||
```
|
||||
|
||||
2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Checkpoint-VM -Name PC1 -SnapshotName BeginState
|
||||
```
|
||||
|
||||
3. Sign on to PC1 using the CONTOSO\Administrator account.
|
||||
|
||||
>Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
|
||||
Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
|
||||
|
||||
4. Open an elevated command prompt on PC1 and type the following:
|
||||
|
||||
```
|
||||
```console
|
||||
cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
|
||||
```
|
||||
|
||||
**Note**: For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools).
|
||||
> [!NOTE]
|
||||
> For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools).
|
||||
|
||||
5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
|
||||
|
||||
6. Choose **Do not back up the existing computer** and click **Next**.
|
||||
|
||||
**Note**: The USMT will still back up the computer.
|
||||
> [!NOTE]
|
||||
> The USMT will still back up the computer.
|
||||
|
||||
7. Lite Touch Installation will perform the following actions:
|
||||
- Back up user settings and data using USMT.
|
||||
@ -511,13 +512,13 @@ This section will demonstrate how to export user data from an existing client co
|
||||
|
||||
9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Checkpoint-VM -Name PC1 -SnapshotName RefreshState
|
||||
```
|
||||
|
||||
10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
|
||||
Start-VM PC1
|
||||
vmconnect localhost PC1
|
||||
@ -537,11 +538,12 @@ At a high level, the computer replace process consists of:<BR>
|
||||
2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
|
||||
3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
|
||||
|
||||
```
|
||||
```powershell
|
||||
New-Item -Path C:\MigData -ItemType directory
|
||||
New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
|
||||
icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
|
||||
```
|
||||
|
||||
4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
|
||||
5. Name the new folder **Other**, and complete the wizard using default options.
|
||||
6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
|
||||
@ -556,21 +558,22 @@ At a high level, the computer replace process consists of:<BR>
|
||||
|
||||
1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
|
||||
|
||||
```
|
||||
```console
|
||||
whoami
|
||||
```
|
||||
2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Remove-Item c:\minint -recurse
|
||||
Remove-Item c:\_SMSTaskSequence -recurse
|
||||
Restart-Computer
|
||||
```
|
||||
3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
|
||||
|
||||
```
|
||||
```console
|
||||
cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
|
||||
```
|
||||
|
||||
4. Complete the deployment wizard using the following:
|
||||
- **Task Sequence**: Backup Only Task Sequence
|
||||
- **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
|
||||
@ -579,7 +582,7 @@ At a high level, the computer replace process consists of:<BR>
|
||||
6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
|
||||
7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
|
||||
|
||||
```
|
||||
```powershell
|
||||
PS C:\> dir C:\MigData\PC1\USMT
|
||||
|
||||
Directory: C:\MigData\PC1\USMT
|
||||
@ -588,49 +591,52 @@ At a high level, the computer replace process consists of:<BR>
|
||||
---- ------------- ------ ----
|
||||
-a--- 9/6/2016 11:34 AM 14248685 USMT.MIG
|
||||
```
|
||||
### Deploy PC3
|
||||
|
||||
8. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
|
||||
### Deploy PC3
|
||||
|
||||
```
|
||||
1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
|
||||
|
||||
```powershell
|
||||
New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
|
||||
Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
|
||||
```
|
||||
9. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
|
||||
|
||||
```
|
||||
2. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
|
||||
|
||||
```powershell
|
||||
Disable-NetAdapter "Ethernet 2" -Confirm:$false
|
||||
```
|
||||
|
||||
>As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
|
||||
As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
|
||||
|
||||
|
||||
10. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Start-VM PC3
|
||||
vmconnect localhost PC3
|
||||
```
|
||||
|
||||
11. When prompted, press ENTER for network boot.
|
||||
4. When prompted, press ENTER for network boot.
|
||||
|
||||
12. On PC3, use the following settings for the Windows Deployment Wizard:
|
||||
5. On PC3, use the following settings for the Windows Deployment Wizard:
|
||||
- **Task Sequence**: Windows 10 Enterprise x64 Custom Image
|
||||
- **Move Data and Settings**: Do not move user data and settings
|
||||
- **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
|
||||
|
||||
13. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
|
||||
6. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
|
||||
|
||||
```
|
||||
```powershell
|
||||
Enable-NetAdapter "Ethernet 2"
|
||||
```
|
||||
14. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
|
||||
|
||||
15. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
|
||||
7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
|
||||
|
||||
16. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
|
||||
8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
|
||||
|
||||
17. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
|
||||
9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
|
||||
|
||||
10. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
|
||||
|
||||
## Troubleshooting logs, events, and utilities
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -179,9 +179,6 @@ conceptualContent:
|
||||
- url: /windows/security/index
|
||||
itemType: overview
|
||||
text: Windows Enterprise Security
|
||||
- url: /windows/privacy/index
|
||||
itemType: overview
|
||||
text: Windows Privacy
|
||||
- url: /windows/security/hardware
|
||||
itemType: overview
|
||||
text: Hardware security
|
||||
@ -193,10 +190,13 @@ conceptualContent:
|
||||
text: Application security
|
||||
- url: /windows/security/identity
|
||||
itemType: overview
|
||||
text: User and identity security
|
||||
text: Identity and privacy
|
||||
- url: /windows/security/cloud
|
||||
itemType: overview
|
||||
text: Cloud services
|
||||
- url: /windows/privacy/index
|
||||
itemType: overview
|
||||
text: Windows Privacy
|
||||
|
||||
# additionalContent section (optional)
|
||||
# Card with summary style
|
||||
|
@ -13,7 +13,7 @@ ms.prod: m365-security
|
||||
ms.technology: windows-sec
|
||||
---
|
||||
|
||||
# Windows identity and user security
|
||||
# Windows identity and privacy
|
||||
|
||||
Malicious actors launch millions of password attacks every day. Weak passwords, password spraying, and phishing are the entry point for many attacks. Knowing that the right user is accessing the right device and the right data is critical to keeping your business, family, and self, safe and secure. Windows Hello, Windows Hello for Business, and Credential Guard enable customers to move to passwordless multifactor authentication (MFA). MFA can reduce the risk of compromise in organizations.
|
||||
|
||||
|
@ -29,18 +29,18 @@ In Windows client, hardware and software work together to help protect you from
|
||||
|
||||
See the following articles to learn more about the different areas of Windows threat protection:
|
||||
|
||||
- [Application Control](/windows-defender-application-control/windows-defender-application-control.md)
|
||||
- [Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)
|
||||
- [Attack Surface Reduction Rules](/microsoft-365/security/defender-endpoint/attack-surface-reduction)
|
||||
- [Controlled Folder Access](/microsoft-365/security/defender-endpoint/controlled-folders)
|
||||
- [Exploit Protection](/microsoft-365/security/defender-endpoint/exploit-protection)
|
||||
- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md)
|
||||
- [Microsoft Defender Application Guard](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)
|
||||
- [Microsoft Defender Device Guard](device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md)
|
||||
- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md)
|
||||
- [Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)
|
||||
- [Network Protection](/microsoft-365/security/defender-endpoint/network-protection)
|
||||
- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md)
|
||||
- [Virtualization-Based Protection of Code Integrity](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)
|
||||
- [Web Protection](/microsoft-365/security/defender-endpoint/web-protection-overview)
|
||||
- [Windows Firewall](windows-firewall/windows-firewall-with-advanced-security.md)
|
||||
- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview.md)
|
||||
- [Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)
|
||||
|
||||
### Next-generation protection
|
||||
Next-generation protection is designed to identify and block new and emerging threats. Powered by the cloud and machine learning, Microsoft Defender Antivirus can help stop attacks in real-time.
|
||||
|
Loading…
x
Reference in New Issue
Block a user