deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-19 16:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merged PR 2955: 8/30 AM Publish

Browse Source
This commit is contained in:
Alma Jenks 2017-08-30 17:32:14 +00:00
commit a3656f7ac0
5 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.openpublishing.redirection.json
View File

@ -227,7 +227,7 @@
},
{
"source_path": "windows/manage/set-up-a-device-for-anyone-to-use.md",
"redirect_url": "/windows/configuration/set-up-a-device-for-anyone-to-use",
"redirect_url": "/windows/configuration/kiosk-shared-pc",
"redirect_document_id": true
},
{

10
windows/client-management/mdm/bitlocker-csp.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
ms.date: 08/14/2017
ms.date: 08/28/2017
---
# BitLocker CSP
@ -211,6 +211,9 @@ The following diagram shows the BitLocker configuration service provider in tree
<p style="margin-left: 20px">On a computer with a compatible TPM, four types of authentication methods can be used at startup to provide added protection for encrypted data. When the computer starts, it can use only the TPM for authentication, or it can also require insertion of a USB flash drive containing a startup key, the entry of a 6-digit to 20-digit personal identification number (PIN), or both.</p>
> [!Note]
> In Windows 10, version 1709, you can use a minimum PIN of 4 digits. SystemDrivesMinimumPINLength policy must be set to allow PINs shorter than 6 digits.
<p style="margin-left: 20px">If you enable this policy setting, users can configure advanced startup options in the BitLocker setup wizard.</p>
<p style="margin-left: 20px">If you disable or do not configure this setting, users can configure only basic options on computers with a TPM.</p>
@ -298,6 +301,11 @@ The following diagram shows the BitLocker configuration service provider in tree
<p style="margin-left: 20px">This setting allows you to configure a minimum length for a Trusted Platform Module (TPM) startup PIN. This setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 6 digits and can have a maximum length of 20 digits.</p>
> [!Note]
> In Windows 10, version 1709, you can use a minimum PIN length of 4 digits.
>
>In TPM 2.0 if minimum PIN length is set below 6 digits, Windows will attempt to update the TPM lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset. This does not apply to TPM 1.2.
<p style="margin-left: 20px">If you enable this setting, you can require a minimum number of digits to be used when setting the startup PIN.</p>
<p style="margin-left: 20px">If you disable or do not configure this setting, users can configure a startup PIN of any length between 6 and 20 digits.</p>

10
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -981,6 +981,14 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</ul>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[ADMX-backed policies in Policy CSP](policy-configuration-service-provider.md#admx-backed-policies)</td>
<td style="vertical-align:top"><p>Added new policies.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul>
@ -1385,7 +1393,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top">Added information to the ADMX-backed policies.
<td style="vertical-align:top">Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>

6
windows/deployment/windows-10-poc-sc-config-mgr.md
View File

@ -239,8 +239,8 @@ This section contains several procedures to support Zero Touch installation with
1. Type the following commands at a Windows PowerShell prompt on SRV1:
```
New-Item -ItemType Directory -Path "C:Sources\OSD\Boot"
New-Item -ItemType Directory -Path "C:Sources\OSD\OS"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
@ -560,7 +560,7 @@ If you have already completed steps in [Deploy Windows 10 in a test lab using Mi
1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
```
New-Item -ItemType Directory -Path "C:Sources\OSD\OS\Windows 10 Enterprise x64"
New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
```

2
windows/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -40,7 +40,7 @@ These settings, located at **Computer Configuration\Administrative Templates\Win
|-----------|------------------|-----------|-------|
|Configure Windows Defender Application Guard clipboard settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<ul><li>Disable the clipboard functionality completely when Virtualization Security is enabled.</li><li>Enable copying of certain content from Application Guard into Microsoft Edge.</li><li>Enable copying of certain content from Microsoft Edge into Application Guard.<br><br>**Important**<br>Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.</li></ul>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
|Configure Windows Defender Application Guard print settings|At least Windows 10 Enterprise|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<ul><li>Enable Application Guard to print into the XPS format.</li><li>Enable Application Guard to print into the PDF format.</li><li>Enable Application Guard to print to locally attached printers.</li><li>Enable Application Guard to print from previously connected network printers. Employees can't search for additional printers.</ul>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.<br><br>**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard.|
|Block enterprise websites to load non-enterprise content in IE and Edge|At least Windows 10 Enterprise|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container.**Note** This may also block assets cached by CDNs and references to analytics sites. Please add them to the trusted enterprise resources to avoid broken pages.<br><br>**Disabled or not configured.** Allows Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
|Allow Persistence|At least Windows 10 Enterprise|Determines whether data persists across different sessions in Windows Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<br><br>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<br><br>**Note**<br>If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<br>**To reset the container:**<ol><li>Open a command-line program and navigate to Windows/System32.</li><li>Type `wdagtool.exe cleanup`.<br>The container environment is reset, retaining only the employee-generated data.</li><li>Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`.<br>The container environment is reset, including discarding all employee-generated data.</li></ol>|
|Turn On/Off Windows Defender Application Guard (WDAG)|At least Windows 10 Enterprise|Determines whether to turn on Application Guard for Microsoft Edge.|**Enabled.** Turns on Application Guard for Microsoft Edge, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Be aware that Application Guard won't actually be turned On unless the required prerequisites and network isolation settings are already set on the device.<br><br>**Disabled.** Turns Off Application Guard, allowing all apps to run in Microsoft Edge.|