deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

CAT Auto Pulish for Windows Release Messages - 20190910123725 (#1079)

Browse Source 
* Update waas-servicing-differences.md

Added two clarifications regarding Windows 10 preview updates.  I have consistently fielded questions about why they are 'missing' in people's enterprise environments.  It almost always boils down to one of these two notes: they either weren't published to WSUS or they are looking for the word 'Preview' in the title.

* Update windows/deployment/update/waas-servicing-differences.md

Looks great, thanks Johan!

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update waas-servicing-differences.md

Implement the MarkDown standard of using 1 space between the indent marker > and the [!Note] markers

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-servicing-differences.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Updated the document

Updated the steps in the document related to Windows Analytics Solutions.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4392

* Update windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/deployment/update/windows-analytics-FAQ-troubleshooting.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update autopilot-support.md

Remove redundant line (PFE was the old term for an Ecosystem PM).  And added new alias for Ecosystem PMs (after discussing all this with the Ecosystem PM managers).

* Terminology Correction

Terminology Correction

* Incorrect Command Line Arguments

According to this doc https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-setup-command-line-options the correct command line argument for ignoring dismissable warnings is /Compat IgnoreWarning not /compat /ignore warning as specified here in the docs. Also, the same incorrect message is included in the setupdiag.exe, so when the report is generated, it is providing incorrect guidance.

* Update mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md

* Enterprise Mode schema: duplicate https usage

- Resolve duplicate use of https where both http and https was intended
- MarkDown code fence XML tag corrections
- Replace HTML `<br>` codes with NewLine
- Remove redundant space at the end of the version 2 file

Resolves #4769

* Update: NewLine changes

- Remove extraneous NewLine breaks
- Remove missed HTML `<br>` code

* Update credential-guard-manage.md

* Update event-5155.md

* Update windows-autopilot-requirements.md

Separated the Windows Autopilot deployment service and Windows Activation items into two separate rows to make it easier to read.

* Update upgrade-mbam2.5-sp1.md

* finish

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/security/threat-protection/auditing/event-5155.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update kiosk-mdm-bridge.md

* Windows Update resources: add MD code block

Description:

The list of manual regsvr32.exe commands becomes translated in other
languages, to the extent that extra words appear among the commands.
This is an attempt to mitigate this behavior in the machine translation,
by adding a MarkDown code block around the list of commands.

Proposed changes:
- Add MD code block around the long list of regsvr32.exe commands
- Remove blank space characters at the end of each line (cosmetic)

issue ticket reference or closure:
Ref. #4800 (Spanish "translation" of commands)
Ref. #3569, #3570, #3571, #3572, #3574, #3575
( [LOC] Back-Translation "regsvr32.exe [...]" )

* MetaData update: convert ^M (2x) to NewLine

- replaced Ctrl-M character with NewLine in MetaData

* Update mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* comment

* Clarify the registry key needed to set tags

* Update microsoft-defender-atp-mac-install-with-intune.md

adding troubleshooting step for common 'no license found' issue

* Add page for Audit Token Right Adjusted

* Windows/What's New: amend broken link in See Also

The first link under "See Also",
"What's New in Windows Server, version 1903" ,
is broken because it points to the wrong directory for the file
'whats-new-in-windows-server-1903' which resides in the new directory
/get-started-19/ instead of the old directory /get-started/.

This directory difference is only present in the docs.microsoft.com
pages, not on Github. The links are therefore pointing directly to the
docs.microsoft.com pages instead of being relative to the Github
directory structure.

Broken link:
https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1903

Operative link:
https://docs.microsoft.com/windows-server/get-started-19/whats-new-in-windows-server-1903

Closes #4784

* Update TOC.md

* Added multifactor unlock

Added multifactor unlock feature update using Passport for work CSP.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/4700

* Added policies for 1803 and 1809 (1903 not out yet)

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3912

* Fix typo

* Actually fix typos

* Windows Defender Antivirus: amend broken link

From the issue ticket
> Set-mppreference is configured with dead URL. (#4831)

- The link "Use the [Set-MpPreference][]" is broken,
  but without the empty brackets it will work as expected.
- Removing the redundant empty brackets after the next link too.

Closes #4831

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update upgrading-to-mbam-25-sp1-from-mbam-25.md

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update windows/client-management/new-policies-for-windows-10.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* URL addition of OWA

Added URL for OWA attachment protection using WIP

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3747

* Update windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Fixed text

"Automated investigation" instead of "Alert"

* Update waas-overview.md

Corrected a typo

* Update windows/deployment/update/waas-overview.md

Makes sense.

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* edit

* Update microsoft-recommended-block-rules.md

updated typo in description.

* Update windows/security/threat-protection/auditing/audit-token-right-adjusted.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* note ragarding Company Portal change

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/3843

info found here: https://blogs.technet.microsoft.com/cbernier/2018/03/08/windows-information-protection-adding-the-intune-company-portal-for-windows-as-an-exempt-app/

* Update microsoft-defender-atp-mac-install-with-intune.md

* Microsoft Defender ATP: amend copy-paste error

When using Microsoft Intune as part of the Defender ATP setup,
it will become necessary to configure some controlled folder access.
This bug looks like it could have been transferred from one of the
other pages during editing, but I could not locate it easily enough.

Anyway, the correct part of this step is to refer to
-- Controlled folder access --
exactly as the page name points to.

Thanks to jcampos79 for discovering this text-based bug.

Closes #4854

* Updated how to disable HVCI

Prior guidance to disable HVCI was outdated

* Update windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update content of upgrade mbam2.5 sp1

* Removed bullet

Removed bullet as it was not making any sense.

* format setting

a minor format setting

* Update windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Update windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* sample script syntax error due to ASCII codes for quotes

sample script filter syntax contained ASCII codes for single quotes instead of actual quotes, causing the Get-CimInstance commands to error out.

* Update how-windows-update-works.md: amend typo

Simple typo correction, along with a few MarkDown
codestyle corrections for MD blockquote (`>`) indenting.

- typo correction: initates -> initiates
- codestyle corrections:
  3 MarkDown blockquote indentations amended

Thanks to Jessie Gouw (jessiegouw) for reporting the typo.

Closes #4866

* Moved '.' syntax description to a separate table

* fixes #4760, broken table

The formatting was broken because a pipe character was in the wrong place. There was also an extra row due to double spacing below the table.

* Enterprise Mode schema: convert Important notes

As previously discussed in this PR, I have converted the
**Important** section headings by using their MarkDown equivalent
> [!IMPORTANT] (as well as adding the blockquote for its text content).

* Update text in windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

Per review.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update text in windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md

Per review.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Spelled out acronym, fixed typo

* pull from public to private and fix warnings

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910100213 (#1073)

* pull from public to private and fix warnings

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910112417 (#1077)

* Cat auto publish 20190910112417 (#1081)

* Merge changes from master to live (#950)

* v 1.6

* removed a known issue

* removed references to CB, CBB

* Latest changes for publish today (#949)

* Merge from master to live (#956)

* safety checkin

* added location for group policy object

* replaced reboot w/ restart

* safety commit for some initial noodlings

* restructured to emphasize new policy; connected to TOC

* adjusting heading levels

* fixing tables

* Latest change for August 20 (#955)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190823163336 (#980) (#981)

* CAT Auto Pulish for Windows Release Messages - 20190829112356 (#1007)

* Update deploy-the-latest-firmware-and-drivers-for-surface-devices.md

* add table

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190829102107 (#1006)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190829175859 (#1012) (#1013)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190830100739 (#1018) (#1019)

* CAT Auto Pulish for Windows Release Messages - 20190903135254 (#1033)

* SIEM connector: change alert notion to Detection

* update casing and redirects

* remove space json file

* fix json

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190903123340 (#1031)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190906173611 (#1061) (#1062)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910100213 (#1073) (#1074)

* CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190910112417
This commit is contained in:
John Liu 2019-09-10 13:41:31 -07:00 committed by GitHub
parent dedefa870c
commit a8680be7fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 1200 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
View File

@ -30,10 +30,10 @@ If you don't want to use the Enterprise Mode Site List Manager, you also have th
## Enterprise Mode schema v.1 example
The following is an example of the Enterprise Mode schema v.1. This schema can run on devices running Windows 7 and Windows 8.1.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both https://contoso.com and https://contoso.com.
> [!IMPORTANT]
> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<domain>contoso.com</domain>` automatically applies to both http://contoso.com and https://contoso.com.
``` xml
```xml
<rules version="1">
<emie>
<domain exclude="false">www.cpandl.com</domain>
@ -206,7 +206,7 @@ For example, say you want all of the sites in the contoso.com domain to open usi
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, `https://`, `https://`, or custom protocols. They break parsing.
- Dont use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.
@ -217,7 +217,7 @@ You can use trailing slashes at the path-level, but not at the domain-level:
**Example**
``` xml
```xml
<domain exclude="true">contoso.com
<path exclude="false">/about/</path>
</domain>

22
browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
View File

@ -26,8 +26,8 @@ ms.date: 12/04/2017
Use the Enterprise Mode Site List Manager to create and update your site list for devices running Windows 7, Windows 8.1, and Windows 10, using the version 2.0 (v.2) of the Enterprise Mode schema. If you don't want to use the Enterprise Mode Site List Manager, you also have the option to update your XML schema using Notepad, or any other XML-editing app.
**Important**<br>
If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
> [!IMPORTANT]
> If you're running Windows 7 or Windows 8.1 and you've been using the version 1.0 (v.1) of the schema, you can continue to do so, but you won't get the benefits that come with the updated schema. For info about the v.1 schema, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
## Enterprise Mode schema v.2 updates
Because of the schema changes, you can't combine the old version (v.1) with the new version (v.2) of the schema. If you look at your XML file, you can tell which version you're using by:
@ -41,10 +41,10 @@ You can continue to use the v.1 version of the schema on Windows 10, but you wo
### Enterprise Mode v.2 schema example
The following is an example of the v.2 version of the Enterprise Mode schema.
**Important**<br>
Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both https://contoso.com and https://contoso.com.
> [!IMPORTANT]
> Make sure that you don't specify a protocol when adding your URLs. Using a URL like `<url="contoso.com">`, automatically applies to both http://contoso.com and https://contoso.com.
``` xml
```xml
<site-list version="205">
<!--- File creation header --->
<created-by>
@ -214,7 +214,7 @@ In this example, if <a href="https://contoso.com/travel" data-raw-source="https:
<td>url</td>
<td>Specifies the URL (and port number using standard port conventions) to which the child elements apply. The URL can be a domain, sub-domain, or any path URL.
<br><b>Note</b><br>
Make sure that you don&#39;t specify a protocol. Using &lt;site url=&quot;contoso.com&quot;&gt; applies to both <a href="https://contoso.com" data-raw-source="https://contoso.com">https://contoso.com</a> and <a href="https://contoso.com" data-raw-source="https://contoso.com">https://contoso.com</a>.
Make sure that you don&#39;t specify a protocol. Using &lt;site url=&quot;contoso.com&quot;&gt; applies to both <a href="http://contoso.com" data-raw-source="http://contoso.com">http://contoso.com</a> and <a href="https://contoso.com" data-raw-source="https://contoso.com">https://contoso.com</a>.
<p><b>Example</b>
<pre class="syntax">
&lt;site url=&quot;contoso.com:8080&quot;&gt;
@ -284,19 +284,15 @@ With:
While the old, replaced attributes aren't supported in the v.2 version of the schema, they'll continue to work in the v.1 version of the schema. If, however, you're using the v.2 version of the schema and these attributes are still there, the v.2 version schema takes precedence. We dont recommend combining the two schemas, and instead recommend that you move to the v.2 version of the schema to take advantage of the new features.
**Important**<br>
Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
> [!IMPORTANT]
> Saving your v.1 version of the file using the new Enterprise Mode Site List Manager (schema v.2) automatically updates the XML to the new v.2 version of the schema.
### What not to include in your schema
We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
- Dont use protocols. For example, https://, https://, or custom protocols. They break parsing.
- Dont use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
- Dont use wildcards.
- Dont use query strings, ampersands break parsing.
## Related topics
- [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)

1
mdop/mbam-v25/TOC.md
View File

@ -83,6 +83,7 @@
#### [Monitoring Web Service Request Performance Counters](monitoring-web-service-request-performance-counters.md)
### [Using Windows PowerShell to Administer MBAM 2.5](using-windows-powershell-to-administer-mbam-25.md)
## [Troubleshooting MBAM 2.5](troubleshooting-mbam-25.md)
### [Upgrade from MBAM 2.5 to MBAM 2.5 SP1](upgrade-mbam2.5-sp1.md)
## [Applying hotfixes on MBAM 2.5 SP1](apply-hotfix-for-mbam-25-sp1.md)
## [Technical Reference for MBAM 2.5](technical-reference-for-mbam-25.md)
### [Client Event Logs](client-event-logs.md)

5
mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
View File

@ -260,8 +260,9 @@ The following table lists the installation prerequisites for the MBAM Administra
<td align="left"><p>Windows Server Features</p></td>
<td align="left"><p><strong>.NET Framework 4.5 features:</strong></p>
<ul>
<li><p><strong>.NET Framework 4.5</strong></p>
<li><p><strong>.NET Framework 4.5 or 4.6</strong></p>
<ul>
<li><p><strong>Windows Server 2016</strong> - .NET Framework 4.6 is already installed for these versions of Windows Server, but you must enable it.</p></li>
<li><p><strong>Windows Server 2012 or Windows Server 2012 R2</strong> - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it.</p></li>
<li><p><strong>Windows Server 2008 R2</strong> - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must <a href="https://go.microsoft.com/fwlink/?LinkId=392318" data-raw-source="[download Microsoft .NET Framework 4.5](https://go.microsoft.com/fwlink/?LinkId=392318)">download Microsoft .NET Framework 4.5</a> and install it separately.</p>
<div class="alert">
@ -274,7 +275,7 @@ The following table lists the installation prerequisites for the MBAM Administra
<li><p><strong>WCF Activation</strong></p>
<ul>
<li><p>HTTP Activation</p></li>
<li><p>Non-HTTP Activation</p>
<li><p>Non-HTTP Activation (Only for Windows Server 2008, 2012, and 2012 R2)</p>
<p></p></li>
</ul></li>
<li><p><strong>TCP Activation</strong></p></li>

61
mdop/mbam-v25/upgrade-mbam2.5-sp1.md
View File

@ -2,48 +2,67 @@
title: Upgrading from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update
author: TobyTu
ms.author: ksharma
manager: dcscontentpm
manager:
audience: ITPro
ms.topic: article
ms.prod: mbam
ms.prod: w10
manager: miaposto
localization_priority: Normal
---
# Upgrading from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update
# Upgrade from MBAM 2.5 to MBAM 2.5 SP1 Servicing Release Update
This article provides step-by-step instructions for upgrading Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 to MBAM 2.5 SP1 along with Microsoft Desktop Optimization Pack (MDOP) July 2018 Servicing update in a stand-alone configuration. In this guide we will use a two-server configuration. One of the two servers will be a database server that's running Microsoft SQL Server 2016. This server will host the MBAM databases and reports. The additional server will be a Windows Server 2012 R2 web server and will host "Administration and Monitoring Server" and "Self-Service Portal."
This article provides step-by-step instructions to upgrade Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 to MBAM 2.5 Service Pack 1 (SP1) together with the Microsoft Desktop Optimization Pack (MDOP) July 2018 servicing update in a standalone configuration.
## Preparation steps before you upgrade MBAM 2.5 SP1 server
In this guide, we will use a two-server configuration. One server will be a database server that's running Microsoft SQL Server 2016. This server will host the MBAM databases and reports. The other server will be a Windows Server 2012 R2 web server. This server will host "Administration and Monitoring" and "Self-Service Portal."
### Know the MBAM Servers in your environment
## Prepare to upgrade MBAM 2.5 SP1
1. SQL Server Database Engine: Server Hosting the MBAM Databases.
2. SQL Server Reporting Services: Server Hosting the MBAM Reports.
3. Internet Information Services (IIS) Web Servers: Server Hosting MBAM Web Applications and Services.
4. (Optional) Microsoft System Center Configuration Manager (SCCM) Primary Site Server: MBAM Configuration Application is run on this server to integrate MBAM Repots with SCCM which are then merged with existing SCCM reports on the SCCMs SQL Server Reporting Services (SSRS) instance.
### Know the MBAM servers in your environment
### Identify Service Accounts, Groups, Server Name and Reports URL
1. SQL Server Database Engine: Server that hosts the MBAM databases.
2. SQL Server Reporting Services: Server that hosts the MBAM reports.
3. Internet Information Services (IIS) web servers: Server that hosts MBAM Web Applications and MBAM services.
4. (Optional) Microsoft System Center Configuration Manager primary site server: The MBAM configuration application is run on this server to integrate MBAM reports with Configuration Manager. These reports are then merged with existing Configuration Manager reports on the Configuration Manager SQL Server Reporting Services (SSRS) instance.
### Identify service accounts, groups, server name, and reports URL
1. Identify the MBAM application pool service account that's used by IIS web servers to read and write data to MBAM databases.
2. Identify the groups that are used during the MBAM web features configuration and the reports web service URL.
3. Identify the SQL Server name and instance name. Watch this video to learn more.
1. Identify the MBAM App Pool Svc Account used by IIS web servers to Read and Write Data to MBAM Databases.
2. Identify the Groups used during MBAM Web Features Configuration and the Reports Web Service URL.
3. Identify the SQL Server Name and Instance Name.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ANP1]
4. Identify the SQL Server Reporting Services Account used for reading compliance data from Compliance and Audit Database.
4. Identify the SQL Server Reporting Services Account that's used for reading compliance data from the Compliance and Audit database. Watch this video to learn more.
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALdZ]
## Upgrade the MBAM Infrastructure to the latest version available
## Upgrade the MBAM infrastructure to the latest version available
MBAM Server infrastructure installation or upgrade is always performed in the order listed below:
- SQL Server Database Engine: Databases
- SQL Server Reporting Services: Reports
- Web Server: Web Applications
- SCCM Server: SCCM Integrated Reports if applicable
- Clients: MBAM Agent or Client Update
- Group Policy Templates: Update the existing Group Policy with new templates and enable new settings on existing MBAM Group Policy
> [!NOTE]
> We recommend that you take a full database backup of the MBAM Databases before performing upgrades.
> We recommend that you create a full database backup of the MBAM databases before you run the upgrades.
### Upgrade the MBAM SQL Server
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALew]
Watch this video to learn how to upgrade the MBAM SQL Server:
### Upgrade MBAM Web Server
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALew]
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALex]
### Upgrade the MBAM Web Server
Watch this video to learn how to upgrade the MBAM Web Server:
> [!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE3ALex]
## More information
For more about MBAM 2.5 SP1 known issues, please refer [Release Notes for MBAM 2.5 SP1](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/release-notes-for-mbam-25-sp1).
For more information about known issues in MBAM 2.5 SP1, see [Release Notes for MBAM 2.5 SP1](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/release-notes-for-mbam-25-sp1).

14
mdop/mbam-v25/upgrading-to-mbam-25-sp1-from-mbam-25.md
View File

@ -17,8 +17,8 @@ ms.date: 2/16/2018
This topic describes the process for upgrading the Microsoft BitLocker Administration and Monitoring (MBAM) Server 2.5 and the MBAM Client from 2.5 to MBAM 2.5 SP1.
### Before you begin
#### Download the July 2018 servicing release
[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=57157)
#### Download the May 2019 servicing release
[Desktop Optimization Pack](https://www.microsoft.com/download/details.aspx?id=58345)
#### Verify the installation documentaion
Verify you have a current documentation of your MBAM environment, including all server names, database names, service accounts and their passwords.
@ -29,7 +29,7 @@ Verify you have a current documentation of your MBAM environment, including all
Note: You will not see an option to remove the Databases; this is expected.
2. Install 2.5 SP1 (Located with MDOP - Microsoft Desktop Optimization Pack 2015 from the Volume Licensing Service Center site: <https://www.microsoft.com/Licensing/servicecenter/default.aspx>
3. Do not configure it at this time 
4. Install the July 2018 Rollup: https://www.microsoft.com/download/details.aspx?id=57157
4. Install the May 2019 Rollup: https://www.microsoft.com/download/details.aspx?id=58345
5. Using the MBAM Configurator; re-add the Reports role
6. This will configure the SSRS connection using the latest MBAM code from the rollup 
7. Using the MBAM Configurator; re-add the SQL Database role on the SQL Server.
@ -40,13 +40,13 @@ Verify you have a current documentation of your MBAM environment, including all
1. Using the MBAM Configurator; remove the Admin and Self Service Portals from the IIS server
2. Install MBAM 2.5 SP1
3. Do not configure it at this time  
4. Install the July 2018 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=57157)
4. Install the May 2019 Rollup on the IIS server(https://www.microsoft.com/download/details.aspx?id=58345)
5. Using the MBAM Configurator; re-add the Admin and Self Service Portals to the IIS server 
6. This will configure the sites using the latest MBAM code from the July 2018 Rollup
6. This will configure the sites using the latest MBAM code from the May 2019 Rollup
7. Open an elevated command prompt, Type: **IISRESET** and Hit Enter.
#### Steps to upgrade the MBAM Clients/Endpoints
1. Uninstall the 2.5 Agent from client endpoints
2. Install the 2.5 SP1 Agent on the client endpoints
3. Push out the July 2018 Rollup Client update to clients running the 2.5 SP1 Agent 
4. There is no need to uninstall the existing client prior to installing the July 2018 Rollup.  
3. Push out the May 2019 Rollup Client update to clients running the 2.5 SP1 Agent 
4. There is no need to uninstall the existing client prior to installing the May 2019 Rollup.  

4
windows/client-management/TOC.md
View File

@ -22,6 +22,10 @@
##### [Troubleshoot port exhaustion](troubleshoot-tcpip-port-exhaust.md)
##### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
### [Advanced troubleshooting for Windows startup](troubleshoot-windows-startup.md)
#### [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
#### [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
#### [Introduction to the page file](introduction-page-file.md)
#### [Configure system failure and recovery options in Windows](system-failure-recovery-options.md)
#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
#### [Advanced troubleshooting for Windows-based computer freeze](troubleshoot-windows-freeze.md)
#### [Advanced troubleshooting for stop error or blue screen error](troubleshoot-stop-errors.md)

129
windows/client-management/determine-appropriate-page-file-size.md Normal file
View File

@ -0,0 +1,129 @@
---
title: How to determine the appropriate page file size for 64-bit versions of Windows
description: Learn how to determine the appropriate page file size for 64-bit versions of Windows.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
manager: dcscontentpm
---
# How to determine the appropriate page file size for 64-bit versions of Windows
Page file sizing depends on the system crash dump setting requirements and the peak usage or expected peak usage of the system commit charge. Both considerations are unique to each system, even for systems that are identical. This means that page file sizing is also unique to each system and cannot be generalized.
## Determine the appropriate page file size
Use the following considerations for page file sizing for all versions of Windows and Windows Server.
### Crash dump setting
If you want a crash dump file to be created during a system crash, a page file or a dedicated dump file must exist and be large enough to back up the system crash dump setting. Otherwise, a system memory dump file is not created.
For more information, see [Support for system crash dumps](introduction-page-file.md#support-for-system-crash-dumps) section.
### Peak system commit charge
The system commit charge cannot exceed the system commit limit. This limit is the sum of physical memory (RAM) and all page files combined. If no page files exist, the system commit limit is slightly less than the physical memory that is installed. Peak system-committed memory usage can vary greatly between systems. Therefore, physical memory and page file sizing also vary.
### Quantity of infrequently accessed pages
The purpose of a page file is to *back* (support) infrequently accessed modified pages so that they can be removed from physical memory. This provides more available space for more frequently accessed pages. The "\Memory\Modified Page List Bytes" performance counter measures, in part, the number of infrequently accessed modified pages that are destined for the hard disk. However, be aware that not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list. Therefore, consider extending or adding a page file if all the following conditions are true:
- More available physical memory (\Memory\Available MBytes) is required.
- The modified page list contains a significant amount of memory.
- The existing page files are fairly full (\Paging Files(*)\% Usage).
## Support for system crash dumps
A system crash (also known as a “bug check” or a "Stop error") occurs when the system cannot run correctly. The dump file that is produced from this event is called a system crash dump. A page file or dedicated dump file is used to write a crash dump file (Memory.dmp) to disk. Therefore, a page file or a dedicated dump file must be large enough to support the kind of crash dump selected. Otherwise, the system cannot create the crash dump file.
>[!Note]
>During startup, system-managed page files are sized respective to the system crash dump settings. This assumes that enough free disk space exists.
|System crash dump setting |Minimum page file size requirement|
|-----------|-------------------|
|Small memory dump (256 KB) |1 MB|
|Kernel memory dump |Depends on kernel virtual memory usage|
|Complete memory dump |1 x RAM plus 257 MB*|
|Automatic memory dump |Depends on kernel virtual memory usage. For details, see Automatic memory dump.|
\* 1 MB of header data and device drivers can total 256 MB of secondary crash dump data.
The **Automatic memory dump** setting is enabled by default. This is a setting instead of a kind of crash dump. This setting automatically selects the best page file size, depending on the frequency of system crashes.
The Automatic memory dump feature initially selects a small paging file size. It would accommodate the kernel memory most of the time. If the system crashes again within four weeks, the Automatic memory dump feature sets the page file size as either the RAM size or 32 GB, whichever is smaller.
Kernel memory crash dumps require enough page file space or dedicated dump file space to accommodate the kernel mode side of virtual memory usage. If the system crashes again within four weeks of the previous crash, a Complete memory dump is selected at restart. This requires a page file or dedicated dump file of at least the size of physical memory (RAM) plus 1 MB for header information plus 256 MB for potential driver data to support all the potential data that is dumped from memory. Again, the system-managed page file will be increased to back this kind of crash dump. If the system is configured to have a page file or a dedicated dump file of a specific size, make sure that the size is sufficient to back the crash dump setting that is listed in the table earlier in this section together with and the peak system commit charge.
### Dedicated dump files
Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file.
## System-managed page files
By default, page files are system-managed. This means that the page files increase and decrease based on many factors, such as the amount of physical memory installed, the process of accommodating the system commit charge, and the process of accommodating a system crash dump.
For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth.
The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10.
|Minimum page file size |Maximum page file size|
|---------------|------------------|
|Varies based on page file usage history, amount of RAM (RAM ÷ 8, max 32 GB) and crash dump settings. |3 × RAM or 4 GB, whichever is larger. This is then limited to the volume size ÷ 8. However, it can grow to within 1 GB of free space on the volume if required for crash dump settings.|
## Performance counters
Several performance counters are related to page files. This section describes the counters and what they measure.
### \Memory\Page/sec and other hard page fault counters
The following performance counters measure hard page faults (which include, but are not limited to, page file reads):
- \Memory\Page/sec
- \Memory\Page Reads/sec
- \Memory\Page Inputs/sec
The following performance counters measure page file writes:
- \Memory\Page Writes/sec
- \Memory\Page Output/sec
Hard page faults are faults that must be resolved by retrieving the data from disk. Such data can include portions of DLLs, .exe files, memory-mapped files, and page files. These faults might or might not be related to a page file or to a low-memory condition. Hard page faults are a standard function of the operating system. They occur when the following items are read:
- Parts of image files (.dll and .exe files) as they are used
- Memory-mapped files
- A page file
High values for these counters (excessive paging) indicate disk access of generally 4 KB per page fault on x86 and x64 versions of Windows and Windows Server. This disk access might or might not be related to page file activity but may contribute to poor disk performance that can cause system-wide delays if the related disks are overwhelmed.
Therefore, we recommend that you monitor the disk performance of the logical disks that host a page file in correlation with these counters. Be aware that a system that has a sustained 100 hard page faults per second experiences 400 KB per second disk transfers. Most 7,200 RPM disk drives can handle about 5 MB per second at an IO size of 16 KB or 800 KB per second at an IO size of 4 KB. No performance counter directly measures which logical disk the hard page faults are resolved for.
### \Paging File(*)\% Usage
The \Paging File(*)\% Usage performance counter measures the percentage of usage of each page file. 100 percent usage of a page file does not indicate a performance problem as long as the system commit limit is not reached by the system commit charge, and if a significant amount of memory is not waiting to be written to a page file.
>[!Note]
>The size of the Modified Page List (\Memory\Modified Page List Bytes) is the total of modified data that is waiting to be written to disk.
If the Modified Page List (a list of physical memory pages that are the least frequently accessed) contains lots of memory, and if the **% Usage** value of all page files is greater than 90, you can make more physical memory available for more frequently access pages by increasing or adding a page file.
>[!Note]
>Not all the memory on the modified page list is written out to disk. Typically, several hundred megabytes of memory remains resident on the modified list.
## Multiple page files and disk considerations
If a system is configured to have more than one page files, the page file that responds first is the one that is used. This means that page files that are on faster disks are used more frequently. Also, whether you put a page file on a “fast” or “slow” disk is important only if the page file is frequently accessed and if the disk that is hosting the respective page file is overwhelmed. Be aware that actual page file usage depends greatly on the amount of modified memory that the system is managing. This means that files that already exist on disk (such as .txt, .doc, .dll, and .exe) are not written to a page file. Only modified data that does not already exist on disk (for example, unsaved text in Notepad) is memory that could potentially be backed by a page file. After the unsaved data is saved to disk as a file, it is backed by the disk and not by a page file.

111
windows/client-management/generate-kernel-or-complete-crash-dump.md Normal file
View File

@ -0,0 +1,111 @@
---
title: Generate a kernel or complete crash dump
description: Learn how to generate a kernel or complete crash dump.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
ms.date: 8/28/2019
ms.reviewer:
manager: dcscontentpm
---
# Generate a kernel or complete crash dump
A system crash (also known as a “bug check” or a "Stop error") occurs when Windows can't run correctly. The dump file that is produced from this event is called a system crash dump.
A manual kernel or complete memory dump file is useful when you troubleshoot several issues because the process captures a record of system memory at the time of a crash.
## Set up page files
See [Support for system crash dumps](determine-appropriate-page-file-size.md#support-for-system-crash-dumps) for the page file size requirement for system crash dump.
## Enable memory dump setting
You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.
To enable memory dump setting, follow these steps:
1. In **Control Panel**, select **System and Security** > **System**.
2. Select **Advanced system settings**, and then select the **Advanced** tab.
3. In the **Startup and Recovery** area, select **Settings**.
4. Make sure that **Kernel memory dump** or **Complete memory dump** is selected under **Writing Debugging Information**.
5. Restart the computer.
>[!Note]
>You can change the dump file path by edit the **Dump file** field. In other words, you can change the path from %SystemRoot%\Memory.dmp to point to a local drive that has enough disk space, such as E:\Memory.dmp.
### Tips to generate memory dumps
When the computer crashes and restarts, the contents of physical RAM are written to the paging file that is located on the partition on which the operating system is installed.
Depending on the speed of the hard disk on which Windows is installed, dumping more than 2 gigabytes (GB) of memory may take a long time. Even in a best case scenario, if the dump file is configured to reside on another local hard drive, a significant amount of data will be read and written to the hard disks. This can cause a prolonged server outage.
>[!Note]
>Use this method to generate complete memory dump files with caution. Ideally, you should do this only when you are explicitly requested to by the Microsoft Support engineer. Any kernel or complete memory dump file debugging should be the last resort after all standard troubleshooting methods have been completely exhausted.
## Manually generate a memory dump file
### Use the NotMyFault tool
If you can log on while the problem is occurring, you can use the Microsoft Sysinternals NotMyFault tool. To do this, follow these steps:
1. Download the [NotMyFault](https://download.sysinternals.com/files/NotMyFault.zip) tool.
2. Select **Start**, and then select **Command Prompt**.
3. At the command line, run the following command:
```cmd
notMyfault.exe /crash
```
>[!Note]
>This operation generates a memory dump file and a D1 Stop error.
### Use NMI
On some computers, you cannot use keyboard to generate a crash dump file. For example, Hewlett-Packard (HP) BladeSystem servers from the Hewlett-Packard Development Company are managed through a browser-based graphical user interface (GUI). A keyboard is not attached to the HP BladeSystem server.
In these cases, you must generate a complete crash dump file or a kernel crash dump file by using the Non-Maskable Interrupt (NMI) switch that causes an NMI on the system processor.
To do this, follow these steps:
> [!IMPORTANT]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
1. In Registry Editor, locate the following registry subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
2. Right-click **CrashControl**, point to **New**, and then click **DWORD Value**.
3. Type NMICrashDump, and then press Enter.
4. Right-click **NMICrashDump**, and then select **Modify**.
5. In the **Value data** box, type **1**, and then select **OK**.
6. Restart the computer.
7. Hardware vendors, such as HP, IBM, and Dell, may provide an Automatic System Recovery (ASR) feature. You should disable this feature during troubleshooting. For example, if the HP and Compaq ASR feature is enabled in the BIOS, disable this feature while you troubleshoot to generate a complete Memory.dmp file. For the exact steps, contact your hardware vendor.
8. Enable the NMI switch in the BIOS or by using the Integrated Lights Out (iLO) Web interface.
>[!Note]
>For the exact steps, see the BIOS reference manual or contact your hardware vendor.
9. Test this method on the server by using the NMI switch to generate a dump file. You will see a STOP 0x00000080 hardware malfunction.
### Use the keyboard
[Forcing a System Crash from the Keyboard](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-keyboard)
### Use Debugger
[Forcing a System Crash from the Debugger](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/forcing-a-system-crash-from-the-debugger)

BIN
windows/client-management/images/out-of-memory.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

BIN
windows/client-management/images/task-manager-commit.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 94 KiB

BIN
windows/client-management/images/task-manager.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

70
windows/client-management/introduction-page-file.md Normal file
View File

@ -0,0 +1,70 @@
---
title: Introduction to the page file
description: Learn about the page files in Windows.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
ms.reviewer: greglin
manager: willchen
---
# Introduction to page files
A page file (also known as a "paging file") is an optional, hidden system file on a hard disk.
## Functionality
Page files have the following functionalities.
### Physical extension of RAM
Page files enable the system to remove infrequently accessed modified pages from physical memory to let the system use physical memory more efficiently for more frequently accessed pages.
### Application requirements
Some products or services require a page file for various reasons. For specific information, check the product documentation.
For example, the following Windows servers requires page files:
- Windows Server domain controllers (DCs)
- DFS Replication (DFS-R) servers
- Certificate servers
- ADAM/LDS servers
This is because the algorithm of the database cache for Extensible Storage Engine (ESENT, or ESE in Microsoft Exchange Server) depends on the "\Memory\Transition Pages RePurposed/sec" performance monitor counter. A page file is required to make sure that the database cache can release memory if other services or applications request memory.
For Windows Server 2012 Hyper-V and Windows Server 2012 R2 Hyper-V, the page file of the management OS (commonly called the host OS) should be left at the default of setting of "System Managed" .
### Support for system crash dumps
Page files can be used to "back" (or support) system crash dumps and extend how much system-committed memory (also known as “virtual memory”) a system can support.
For more information about system crash dumps, see [system crash dump options](system-failure-recovery-options.md#under-write-debugging-information).
## Page files in Windows with large physical memory
When large physical memory is installed, a page file might not be required to support the system commit charge during peak usage. For example, 64-bit versions of Windows and Windows Server support more physical memory (RAM) than 32-bit versions support. The available physical memory alone might be large enough.
However, the reason to configure the page file size has not changed. It has always been about supporting a system crash dump, if it is necessary, or extending the system commit limit, if it is necessary. For example, when a lot of physical memory is installed, a page file might not be required to back the system commit charge during peak usage. The available physical memory alone might be large enough to do this. However, a page file or a dedicated dump file might still be required to back a system crash dump.
## System committed memory
Page files extend how much "committed memory" (also known as "virtual memory") is used to store modified data.
The system commit memory limit is the sum of physical memory and all page files combined. It represents the maximum system-committed memory (also known as the "system commit charge") that the system can support.
![Task manager](images/task-manager.png)
The system commit charge is the total committed or "promised" memory of all committed virtual memory in the system. If the system commit charge reaches the system commit limit, the system and processes might not get committed memory. This condition can cause freezing, crashing, and other malfunctions. Therefore, make sure that you set the system commit limit high enough to support the system commit charge during peak usage.
![Out of memory](images/out-of-memory.png)
![Task Manager](images/task-manager-commit.png)
The system committed charge and system committed limit can be measured on the **Performance** tab in Task Manager or by using the "\Memory\Committed Bytes" and "\Memory\Commit Limit" performance counters. The \Memory\% Committed Bytes In Use counter is a ratio of \Memory\Committed Bytes to \Memory\Commit Limit values.
>[!Note]
>System-managed page files automatically grow up to three times the physical memory or 4 GB (whichever is larger) when the system commit charge reaches 90 percent of the system commit limit. This assumes that enough free disk space is available to accommodate the growth.

24
windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
View File

@ -50,17 +50,17 @@ New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{Pare
Get-CimInstance -Namespace $namespaceName -ClassName $className
# Query instances with matching properties
Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=&#39;./Vendor/MSFT/Policy/Config&#39; and InstanceID=&#39;WiFi&#39;"
Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
# Modify existing instance
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=&#39;./Vendor/MSFT/Policy/Config&#39; and InstanceID=&#39;WiFi&#39;"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
$obj.WLANScanMode=500
Set-CimInstance -CimInstance $obj
# Delete existing instance
try
{
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=&#39;./Vendor/MSFT/Policy/Config&#39; and InstanceID=&#39;WiFi&#39;"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT/Policy/Config' and InstanceID='WiFi'"
Remove-CimInstance -CimInstance $obj
}
catch [Exception]
@ -113,9 +113,9 @@ $session = New-CimSession
# Create a new instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$newInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", &#39;./Vendor/MSFT/Policy/Config&#39;, "string", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", &#39;Authentication&#39;, "String", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$newInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("AllowEAPCertSSO", 1, "Sint32", "Property")
$newInstance.CimInstanceProperties.Add($property)
@ -138,9 +138,9 @@ $session.EnumerateInstances($namespaceName, $className, $options)
# with matching properties
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", &#39;./Vendor/MSFT/Policy/Config&#39;, "string", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", &#39;Authentication&#39;, "String", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
@ -155,9 +155,9 @@ catch [Exception]
# Modify existing instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", &#39;./Vendor/MSFT/Policy/Config&#39;, "string", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", &#39;Authentication&#39;, "String", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
@ -174,9 +174,9 @@ catch [Exception]
# Delete existing instance for MDM_Policy_User_Config01_Authentication02
##########################################################################
$getInstance = New-Object Microsoft.Management.Infrastructure.CimInstance $className, $namespaceName
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", &#39;./Vendor/MSFT/Policy/Config&#39;, "string", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("ParentID", './Vendor/MSFT/Policy/Config', "string", "Key")
$getInstance.CimInstanceProperties.Add($property)
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", &#39;Authentication&#39;, "String", "Key")
$property = [Microsoft.Management.Infrastructure.CimProperty]::Create("InstanceID", 'Authentication', "String", "Key")
$getInstance.CimInstanceProperties.Add($property)
try
{
@ -209,7 +209,7 @@ $params.Add($param)
try
{
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID=&#39;./Vendor/MSFT&#39; and InstanceID=&#39;WindowsLicensing&#39;"
$instance = Get-CimInstance -Namespace $namespaceName -ClassName $className -Filter "ParentID='./Vendor/MSFT' and InstanceID='WindowsLicensing'"
$session.InvokeMethod($namespaceName, $instance, $methodName, $params)
}
catch [Exception]

226
windows/client-management/new-policies-for-windows-10.md
View File

@ -25,6 +25,232 @@ ms.topic: reference
Windows 10 includes the following new policies for management. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://www.microsoft.com/download/details.aspx?id=56121).
## New Group Policy settings in Windows 10, version 1809
The following Group Policy settings were added in Windows 10, version 1809:
**Start Menu and Taskbar**
- Start Menu and Taskbar\Force Start to be either full screen size or menu size
- Start Menu and Taskbar\Remove "Recently added" list from Start Menu
- Start Menu and Taskbar\Remove All Programs list from the Start menu
- Start Menu and Taskbar\Remove frequent programs list from the Start Menu
**System**
- System\Group Policy\Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services
- System\Group Policy\Configure Applications preference extension policy processing
- System\Group Policy\Configure Data Sources preference extension policy processing
- System\Group Policy\Configure Devices preference extension policy processing
- System\Group Policy\Configure Drive Maps preference extension policy processing
- System\Group Policy\Configure Environment preference extension policy processing
- System\Group Policy\Configure Files preference extension policy processing
- System\Group Policy\Configure Folder Options preference extension policy processing
- System\Group Policy\Configure Folders preference extension policy processing
- System\Group Policy\Configure Ini Files preference extension policy processing
- System\Group Policy\Configure Internet Settings preference extension policy processing
- System\Group Policy\Configure Local Users and Groups preference extension policy processing
- System\Group Policy\Configure Network Options preference extension policy processing
- System\Group Policy\Configure Network Shares preference extension policy processing
- System\Group Policy\Configure Power Options preference extension policy processing
- System\Group Policy\Configure Printers preference extension policy processing
- System\Group Policy\Configure Regional Options preference extension policy processing
- System\Group Policy\Configure Registry preference extension policy processing
- System\Group Policy\Configure Scheduled Tasks preference extension policy processing
- System\Group Policy\Configure Services preference extension policy processing
- System\Group Policy\Configure Shortcuts preference extension policy processing
- System\Group Policy\Configure Start Menu preference extension policy processing
- System\Group Policy\Logging and tracing\Configure Applications preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Data Sources preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Devices preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Drive Maps preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Environment preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Files preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Folder Options preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Folders preference logging and tracing
- System\Group Policy\Logging and tracing\Configure INI Files preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Internet Settings preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Local Users and Groups preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Network Options preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Network Shares preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Power Options preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Printers preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Regional Options preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Registry preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Scheduled Tasks preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Services preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Shortcuts preference logging and tracing
- System\Group Policy\Logging and tracing\Configure Start Menu preference logging and tracing
- System\Kernel DMA Protection\Enumeration policy for external devices incompatible with Kernel DMA Protection
- System\OS Policies\Allow Clipboard History
- System\OS Policies\Allow Clipboard synchronization across devices
**Windows Components**
- Windows Components\Data Collection and Preview Builds\Configure Microsoft 365 Update Readiness upload endpoint
- Windows Components\Data Collection and Preview Builds\Disable deleting diagnostic data
- Windows Components\Data Collection and Preview Builds\Disable diagnostic data viewer
- Windows Components\Delivery Optimization\[Reserved for future use] Cache Server Hostname
- Windows Components\Location and Sensors\Windows Location Provider\Turn off Windows Location Provider
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\DFS Management
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\File Server Resource Manager
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Share and Storage Management
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Storage Manager for SANs
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\DFS Management Extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Disk Management Extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\File Server Resource Manager Extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Share and Storage Management Extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins\Storage Manager for SANS Extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy Management Editor
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy Starter GPO Editor
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Application snap-ins
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Applications preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Control Panel Settings (Computers)
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Control Panel Settings (Users)
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Data Sources preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Devices preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Drive Maps preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Environment preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Files preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Folder Options preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Folders preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Ini Files preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Internet Settings preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Local Users and Groups preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Network Options preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Network Shares preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Power Options preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Preferences tab
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Printers preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Regional Options preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Registry preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Scheduled Tasks preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Services preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Shortcuts preference extension
- Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Preference snap-in extensions\Permit use of Start Menu preference extension
- Windows Components\OOBE\Don't launch privacy settings experience on user logon
- Windows Components\OOBE\Don't launch privacy settings experience on user logon
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Do not use Remote Desktop Session Host server IP address when virtual IP address is not available
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Select the network adapter to be used for Remote Desktop IP Virtualization
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn off Windows Installer RDS Compatibility
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Application Compatibility\Turn on Remote Desktop IP Virtualization
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow remote start of unlisted programs
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Turn off Fair Share CPU Scheduling
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Allow time zone redirection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow Clipboard redirection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection\Redirect only the default client printer
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use RD Connection Broker load balancing
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Allow desktop composition for remote desktop sessions
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Always show desktop on connection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Do not allow font smoothing
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Remove remote desktop wallpaper
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\Set time limit for logoff of RemoteApp sessions
- Windows Components\Windows Defender Antivirus\Configure detection for potentially unwanted applications
- Windows Components\Windows Defender Antivirus\Scan\Configure low CPU priority for scheduled scans
- Windows Components\Windows Defender Application Guard\Allow camera and microphone access in Windows Defender Application Guard
- Windows Components\Windows Defender Application Guard\Allow users to trust files that open in Windows Defender Application Guard
- Windows Components\Windows Defender Application Guard\Allow Windows Defender Application Guard to use Root Certificate Authorities from the users device
- Windows Components\Windows Defender Application Guard\Configure additional sources for untrusted files in Windows Defender Application Guard
- Windows Components\Windows Hello for Business\Use Windows Hello for Business certificates as smart card certificates
- Windows Components\Windows Media Player\Do Not Show First Use Dialog Boxes
- Windows Components\Windows Media Player\Prevent Automatic Updates
- Windows Components\Windows Media Player\Prevent CD and DVD Media Information Retrieval
- Windows Components\Windows Media Player\Prevent Desktop Shortcut Creation
- Windows Components\Windows Media Player\Prevent Media Sharing
- Windows Components\Windows Media Player\Prevent Music File Media Information Retrieval
- Windows Components\Windows Media Player\Prevent Quick Launch Toolbar Shortcut Creation
- Windows Components\Windows Media Player\Prevent Radio Station Preset Retrieval
- Windows Components\Windows Media Player\Prevent Video Smoothing
- Windows Components\Windows Media Player\Networking\Configure HTTP Proxy
- Windows Components\Windows Media Player\Networking\Configure MMS Proxy
- Windows Components\Windows Media Player\Networking\Configure Network Buffering
- Windows Components\Windows Media Player\Networking\Configure RTSP Proxy
- Windows Components\Windows Media Player\Networking\Hide Network Tab
- Windows Components\Windows Media Player\Networking\Streaming Media Protocols
- Windows Components\Windows Media Player\Playback\Allow Screen Saver
- Windows Components\Windows Media Player\Playback\Prevent Codec Download
- Windows Components\Windows Media Player\User Interface\Do Not Show Anchor
- Windows Components\Windows Media Player\User Interface\Hide Privacy Tab
- Windows Components\Windows Media Player\User Interface\Hide Security Tab
- Windows Components\Windows Media Player\User Interface\Set and Lock Skin
- Windows Components\Windows Security\Account protection\Hide the Account protection area
- Windows Components\Windows Security\App and browser protection\Hide the App and browser protection area
- Windows Components\Windows Security\App and browser protection\Prevent users from modifying settings
- Windows Components\Windows Security\Device performance and health\Hide the Device performance and health area
- Windows Components\Windows Security\Device security\Disable the Clear TPM button
- Windows Components\Windows Security\Device security\Hide the Device security area
- Windows Components\Windows Security\Device security\Hide the Secure boot area
- Windows Components\Windows Security\Device security\Hide the Security processor (TPM) troubleshooter page
- Windows Components\Windows Security\Device security\Hide the TPM Firmware Update recommendation
- Windows Components\Windows Security\Enterprise Customization\Configure customized contact information
- Windows Components\Windows Security\Enterprise Customization\Configure customized notifications
- Windows Components\Windows Security\Enterprise Customization\Specify contact company name
- Windows Components\Windows Security\Enterprise Customization\Specify contact email address or Email ID
- Windows Components\Windows Security\Enterprise Customization\Specify contact phone number or Skype ID
- Windows Components\Windows Security\Enterprise Customization\Specify contact website
- Windows Components\Windows Security\Family options\Hide the Family options area
- Windows Components\Windows Security\Firewall and network protection\Hide the Firewall and network protection area
- Windows Components\Windows Security\Notifications\Hide all notifications
- Windows Components\Windows Security\Notifications\Hide non-critical notifications
- Windows Components\Windows Security\Systray\Hide Windows Security Systray
- Windows Components\Windows Security\Virus and threat protection\Hide the Ransomware data recovery area
- Windows Components\Windows Security\Virus and threat protection\Hide the Virus and threat protection area
- Windows Components\Windows Update\Display options for update notifications
- Windows Components\Windows Update\Remove access to "Pause updates" feature
**Control Panel**
- Control Panel\Settings Page Visibility
- Control Panel\Regional and Language Options\Allow users to enable online speech recognition services
**Network**
- Network\Windows Connection Manager\Enable Windows to soft-disconnect a computer from a network
## New Group Policy settings in Windows 10, version 1803
The following Group Policy settings were added in Windows 10, version 1803:
**System**
- System\Credentials Delegation\Encryption Oracle Remediation
- System\Group Policy\Phone-PC linking on this device
- System\OS Policies\Allow upload of User Activities
**Windows Components**
- Windows Components\App Privacy\Let Windows apps access an eye tracker device
- Windows Components\Cloud Content\Turn off Windows Spotlight on Settings
- Windows Components\Data Collection and Preview Builds\Allow device name to be sent in Windows diagnostic data
- Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in setting user interface
- Windows Components\Data Collection and Preview Builds\Configure telemetry opt-in change notifications
- Windows Components\Delivery Optimization\Maximum Background Download Bandwidth (percentage)
- Windows Components\Delivery Optimization\Maximum Foreground Download Bandwidth (percentage)
- Windows Components\Delivery Optimization\Select the source of Group IDs
- Windows Components\Delivery Optimization\Delay background download from http (in secs)
- Windows Components\Delivery Optimization\Delay Foreground download from http (in secs)
- Windows Components\Delivery Optimization\Select a method to restrict Peer Selection
- Windows Components\Delivery Optimization\Set Business Hours to Limit Background Download Bandwidth
- Windows Components\Delivery Optimization\Set Business Hours to Limit Foreground Download Bandwidth
- Windows Components\IME\Turn on Live Sticker
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection\Do not allow video capture redirection
- Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\Use hardware graphics adapters for all Remote Desktop Services sessions
- Windows Components\Search\Allow Cortana Page in OOBE on an AAD account
- Windows Components\Store\Disable all apps from Microsoft Store
- Windows Components\Text Input\Allow Uninstallation of Language Features
- Windows Components\Text Input\Improve inking and typing recognition
- Windows Components\Windows Defender Application Guard\Allow hardware-accelerated rendering for Windows Defender Application Guard
- Windows Components\Windows Defender Security Center\Account protection\Hide the Account protection area
- Windows Components\Windows Defender Security Center\Device security\Hide the Device security area
- Windows Components\Windows Defender Security Center\Device security\Hide the Security processor (TPM) troubleshooter page
- Windows Components\Windows Defender Security Center\Device security\Hide the Secure boot area
- Windows Components\Windows Defender Security Center\Virus and threat protection\Hide the Ransomware data recovery area
## New Group Policy settings in Windows 10, version 1709
The following Group Policy settings were added in Windows 10, version 1709:

205
windows/client-management/system-failure-recovery-options.md Normal file
View File

@ -0,0 +1,205 @@
---
title: Configure system failure and recovery options in Windows
description: Learn about the system failure and recovery options in Windows.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: Deland-Han
ms.localizationpriority: medium
ms.author: delhan
ms.date: 8/22/2019
ms.reviewer:
manager: dcscontentpm
---
# Configure system failure and recovery options in Windows
This article describes how to configure the actions that Windows takes when a system error (also referred to as a bug check, system crash, fatal system error, or Stop error) occurs. You can configure the following actions:
- Write an event to the System log.
- Alert administrators (if you have set up administrative alerts).
- Put system memory into a file that advanced users can use for debugging.
- Automatically restart the computer.
>[!Note]
> You must be logged on as an administrator or a member of the Administrators group to complete this procedure. If your computer is connected to a network, network policy settings may prevent you from completing this procedure.
## Configuring system failure and recovery options
> [!IMPORTANT]
> Follow the steps in this section carefully. Serious problems might occur if you modify the registry incorrectly. Before you modify it, [back up the registry for restoration](https://support.microsoft.com/help/322756) in case problems occur.
The options are available in the **Startup and Recovery** dialog box. You can also use the following methods:
- Modify the values under the following registry subkey:
**HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl**
- To modify the option on your local computer, use the command line utility (Wmic.exe) to access Windows Management Instrumentation (WMI).
Follow these steps to view the options in **Startup and Recovery**. (The registry value and Wmic commands are also listed for each option.)
1. In Control Panel, select **System and Security > System**.
2. Select **Advanced system settings**, select the **Advanced** tab, and select **Settings** in the **Startup and Recovery** area.
### Under "System failure"
Select the check boxes for the actions that you want Windows to perform when a system error occurs.
#### Write an event to the System log
This option specifies that event information is recorded in the System log. By default, this option is turned on.
To turn off this option, run the following command or modify the registry value:
- ```cmd
wmic recoveros set WriteToSystemLog = False
```
- Set the **LogEvent** DWORD value to **0**.
#### Send an administrative alert
The option specifies that administrators are notified of the system error if you configured administrative alerts. By default, this option is turned on.
To turn off this option, run the following command or modify the registry value:
- ```cmd
wmic recoveros set SendAdminAlert = False
```
- Set the **SendAlert** DWORD value to **0**.
#### Automatically restart
The option specifies that Windows automatically restarts your computer. By default, this option is turned on.
To turn off this option, run the following command or modify the registry value:
- ```cmd
wmic recoveros set AutoReboot = False
```
- Set the **AutoReboot** DWORD value to **0**.
### Under "Write debugging information"
Select one of the following type of information that you want Windows to record in a memory dump file if the computer stops unexpectedly:
#### (none)
The option does not record any information in a memory dump file.
To specify that you do not want Windows to record information in a memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugInfoType = 0
```
- Set the **CrashDumpEnabled** DWORD value to **0**.
#### Small Memory Dump
The option records the smallest amount of information to help identify the problem. This option requires a paging file of at least 2 megabytes (MB) on the boot volume of your computer, and specifies that Windows will create a new file each time the system stops unexpectedly. A history of these files is stored in the folder that is listed under Small Dump Directory (%SystemRoot%\Minidump). In Windows XP and Windows Server 2003, the small memory dump file is used together with the Windows Error Reporting feature.
To specify that you want to use a small memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugInfoType = 3
```
- Set the **CrashDumpEnabled** DWORD value to **3**.
To specify that you want to use a folder as your Small Dump Directory, run the following command or modify the registry value:
- ```cmd
wmic recoveros set MiniDumpDirectory = <folderpath>
```
- Set the **MinidumpDir** Expandable String Value to \<folderpath\>.
#### Kernel Memory Dump
The option records only kernel memory. This option stores more information than a small memory dump file, but it takes less time to complete than a complete memory dump file. The file is stored in %SystemRoot%\Memory.dmp by default, and any previous kernel or complete memory dump files are overwritten if the **Overwrite any existing file** check box is selected. If you set this option, you must have a sufficiently large paging file on the boot volume. The required size depends on the amount of RAM in your computer However, the maximum amount of space that must be available for a kernel memory dump on a 32-bit system is 2 GB plus 16 MB. On a 64-bit system, the maximum amount of space that must be available for a kernel memory dump is the size of the RAM plus 128 MB. The following table provides guidelines for the size of the paging file:
|RAM size |Paging file should be no smaller than|
|-------|-----------------|
|256 MB1,373 MB |1.5 times the RAM size|
|1,374 MB or greater |32-bit system: 2 GB plus 16 MB <br /> 64-bit system: size of the RAM plus 128 MB|
To specify that you want to use a kernel memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugInfoType = 2
```
- Set the **CrashDumpEnabled** DWORD value to **2**.
To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugFilePath = <filepath>
```
- Set the **DumpFile** Expandable String Value to \<filepath\>.
To specify that you do not want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
- ```cmd
wmic recoveros set OverwriteExistingDebugFile = 0
```
- Set the **Overwrite** DWORD value to **0**.
#### Complete Memory Dump
The option records the contents of system memory when the computer stops unexpectedly. This option is not available on computers that have 2 or more GB of RAM. If you select this option, you must have a paging file on the boot volume that is sufficient to hold all the physical RAM plus 1 MB. The file is stored as specified in %SystemRoot%\Memory.dmp by default.
The extra megabyte is required for a complete memory dump file because Windows writes a header in addition to dumping the memory contents. The header contains a crash dump signature and specifies the values of some kernel variables. The header information does not require a full megabyte of space, but Windows sizes your paging file in increments of megabytes.
To specify that you want to use a complete memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugInfoType = 1
```
- Set the **CrashDumpEnabled** DWORD value to **1**.
To specify that you want to use a file as your memory dump file, run the following command or modify the registry value:
- ```cmd
wmic recoveros set DebugFilePath = <filepath>
```
- Set the DumpFile Expandable String Value to \<filepath\>.
To specify that you do not want to overwrite any previous kernel or complete memory dump files, run the following command or modify the registry value:
- ```cmd
wmic recoveros set OverwriteExistingDebugFile = 0
```
- Set the **Overwrite** DWORD value to **0**.
>[!Note]
>If you contact Microsoft Support about a Stop error, you might be asked for the memory dump file that is generated by the Write Debugging Information option.
To view system failure and recovery settings for your local computer, type **wmic recoveros** at a command prompt, and then press Enter. To view system failure and recovery settings for a remote computer on your local area network, type **wmic /node:<computer_name> recoveros** at a command prompt, and then press Enter.
>[!Note]
>To successfully use these Wmic.exe command line examples, you must be logged on by using a user account that has administrative rights on the computer. If you are not logged on by using a user account that has administrative rights on the computer, use the **/user:user_name** and **/password:password** switches.
### Tips
- To take advantage of the dump file feature, your paging file must be on the boot volume. If you have moved the paging file to another volume, you must move it back to the boot volume before you use this feature.
- If you set the Kernel Memory Dump or the Complete Memory Dump option, and you select the **Overwrite any existing file** check box, Windows always writes to the same file name. To save individual dump files, click to clear the **Overwrite any existing file** check box, and then change the file name after each Stop error.
- You can save some memory if you click to clear the **Write an event to the system log** and **Send an administrative alert** check boxes. The memory that you save depends on the computer, but these features typically require about 60 to 70 KB.
## References
[Varieties of Kernel-Mode Dump Files](https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/varieties-of-kernel-mode-dump-files)

40
windows/client-management/troubleshoot-windows-startup.md
View File

@ -14,8 +14,40 @@ manager: dansimp
# Advanced troubleshooting for Windows start-up issues
In these topics, you will learn how to troubleshoot common problems related to Windows start-up.
In these topics, you will learn how to troubleshoot common problems that are related to Windows startup.
- [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
- [Advanced troubleshooting for Stop error or blue screen error](troubleshoot-stop-errors.md)
- [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
## How it works
When Microsoft Windows experiences a condition that compromises safe system operation, the system halts. These Windows startup problems are categorized in the following groups:
- Bug check: Also commonly known as a system crash, a kernel error, or a Stop error.
- No boot: The system may not produce a bug check but is unable to start up into Windows.
- Freeze: Also known as "system hang".
## Best practices
To understand the underlying cause of Windows startup problems, it's important that the system be configured correctly. Here are some best practices for configuration:
### Page file settings
- [Introduction of page file](introduction-page-file.md)
- [How to determine the appropriate page file size for 64-bit versions of Windows](determine-appropriate-page-file-size.md)
### Memory dump settings
- [Configure system failure and recovery options in Windows](system-failure-recovery-options.md)
- [Generate a kernel or complete crash dump](generate-kernel-or-complete-crash-dump.md)
## Troubleshooting
These articles will walk you through the resources you need to troubleshoot Windows startup issues:
- [Advanced troubleshooting for Windows boot problems](https://docs.microsoft.com/en-us/windows/client-management/advanced-troubleshooting-boot-problems)
- [Advanced troubleshooting for Stop error or blue screen error](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-stop-errors)
- [Advanced troubleshooting for Windows-based computer freeze issues](https://docs.microsoft.com/en-us/windows/client-management/troubleshoot-windows-freeze)

5
windows/configuration/kiosk-mdm-bridge.md
View File

@ -35,7 +35,8 @@ Heres an example to set AssignedAccess configuration:
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
$obj.Configuration = @"
Add-Type -AssemblyName System.Web
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
<?xml version="1.0" encoding="utf-8" ?>
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
<Profiles>
@ -84,7 +85,7 @@ $obj.Configuration = @"
</Config>
</Configs>
</AssignedAccessConfiguration>
"@
"@)
Set-CimInstance -CimInstance $obj
```

12
windows/deployment/update/how-windows-update-works.md
View File

@ -16,7 +16,7 @@ ms.topic: article
# How does Windows Update work?
>Applies to: Windows 10
> Applies to: Windows 10
The Windows Update workflow has four core areas of functionality:
@ -35,7 +35,7 @@ The Windows Update workflow has four core areas of functionality:
### Install
1. Orchestrator initates the installation.
1. Orchestrator initiates the installation.
2. The arbiter calls the installer to install the package.
@ -96,8 +96,8 @@ When users start scanning in Windows Update through the Settings panel, the foll
![Windows Update scan log 2](images/update-scan-log-2.png)
- Common service IDs
>[!IMPORTANT]
>ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to, it's totally controlled by the SLS responses.
> [!IMPORTANT]
> ServiceId here identifies a client abstraction, not any specific service in the cloud. No assumption should be made of which server a serviceId is pointing to, it's totally controlled by the SLS responses.
|Service|ServiceId|
|-------|---------|
@ -116,8 +116,8 @@ Common update failure is caused due to network issues. To find the root of the i
- "SOAP faults" can be either client- or server-side issues; read the message.
- The WU client uses SLS (Service Locator Service) to discover the configurations and endpoints of Microsoft network update sources WU, MU, Flighting.
>[!NOTE]
>Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
> [!NOTE]
> Warning messages for SLS can be ignored if the search is against WSUS/SCCM.
- On sites that only use WSUS/SCCM, the SLS may be blocked at the firewall. In this case the SLS request will fail, and cant scan against Windows Update or Microsoft Update but can still scan against WSUS/SCCM, since its locally configured.
![Windows Update scan log 3](images/update-scan-log-3.png)

2
windows/deployment/update/waas-overview.md
View File

@ -132,7 +132,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s
> [!NOTE]
> Windows 10 Enterprise LTSB is a separate Long Term Servicing Channel version.
>
>Long-term Servicing channel is not intended for deployment on most or all the devicess in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
> Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the Semi-Annual servicing channel.
Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSC releases every 23 years, and organizations can choose to install them as in-place upgrades or even skip releases over a 10-year life cycle.

10
windows/deployment/update/waas-servicing-differences.md
View File

@ -25,8 +25,8 @@ Today, many enterprise customers have a mix of modern and legacy client and serv
The following provides an initial overview of how updating client and server differs between the Windows 10-era Operating Systems (such as, Windows 10 version 1709, Windows Server 2016) and legacy operating systems (such as Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2).
>[!NOTE]
>A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc.
> [!NOTE]
> A note on naming convention in this article: For brevity, "Windows 10" refers to all operating systems across client, server and IoT released since July 2015, while "legacy" refers to all operating systems prior to that period for client and server, including Windows 7, Window 8.1, Windows Server 2008 R2, Windows Server 2012 R2, etc.
## Infinite fragmentation
Prior to Windows 10, all updates to operating system (OS) components were published individually. On "Update Tuesday," customers would pick and choose individual updates they wanted to apply. Most chose to update security fixes, while far fewer selected non-security fixes, updated drivers, or installed .NET Framework updates.
@ -87,6 +87,12 @@ Moving to the cumulative model for legacy OS versions continues to improve predi
## Public preview releases
Lastly, the cumulative update model directly impacts the public Preview releases offered in the 3rd and/or 4th weeks of the month. Update Tuesday, also referred to as the "B" week release occurs on the second Tuesday of the month. It is always a required security update across all operating systems. In addition to this monthly release, Windows also releases non-security update "previews" targeting the 3rd (C) and the 4th (D) weeks of the month. These preview releases include that months B-release plus a set of non-security updates for testing and validation as a cumulative package. We recommend IT Administrators uses the C/D previews to test the update in their environments. Any issues identified with the updates in the C/D releases are identified and then fixed or removed, prior to being rolled up in to the next months B release package together with new security updates. Security-only Packages are not part of the C/D preview program.
> [!NOTE]
> Only preview updates for the most recent release of Windows 10 are published to Windows Server Update Services (WSUS). For customers using the WSUS channel, and products such as System Center Configuration Manager that rely on it, will not see preview updates for older versions of Windows 10.
> [!NOTE]
> Preview updates for Windows 10 are not named differently than their LCU counterparts and do not contain the word 'Preview'. They can be identified by their release date (C or D week) and their classification as non-security updates.
### Examples
Windows 10 version 1709:
- (9B) September 11, 2018 Update Tuesday / B release - includes security, non-security and IE update. This update is categorized as "Required, Security" it requires a system reboot.

14
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -8,8 +8,10 @@ ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
ms.audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.collection: M365-analytics
ms.topic: article
@ -53,12 +55,12 @@ If you've followed the steps in the [Enrolling devices in Windows Analytics](win
### Devices not appearing in Upgrade Readiness
In Log Analytics, go to **Settings > Connected sources > Windows telemetry** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
In Log Analytics workspace, go to **Solutions** and verify that you are subscribed to the Windows Analytics solutions you intend to use.
Even though devices can take 2-3 days after enrollment to show up due to latency in the system, you can now verify the status of your devices within a few hours of running the deployment script as described in [You can now check on the status of your computers within hours of running the deployment script](https://techcommunity.microsoft.com/t5/Windows-Analytics-Blog/You-can-now-check-on-the-status-of-your-computers-within-hours/ba-p/187213) on the Tech Community Blog.
>[!NOTE]
> If you generate the status report and get an error message saying "Sorry! Were not recognizing your Commercial Id," go to **Settings > Connected sources > Windows telemetry** remove the Upgrade Readiness solution, and then re-add it.
> If you generate the status report and get an error message saying "Sorry! Were not recognizing your Commercial Id, See [Enrolling devices in Windows Analytics](https://docs.microsoft.com/windows/deployment/update/windows-analytics-get-started).
If devices are not showing up as expected, find a representative device and follow these steps to run the latest pilot version of the Upgrade Readiness deployment script on it to troubleshoot issues:
@ -230,9 +232,7 @@ We have identified an incompatibility between AbnormalShutdownCount and the Limi
If you want to stop using Upgrade Readiness and stop sending diagnostic data to Microsoft, follow these steps:
1. Unsubscribe from the Upgrade Readiness solution in Azure Portal. In Azure Portal, go to **Settings** > **Connected Sources** > **Windows Telemetry** and choose the **Unsubscribe** option.
![Upgrade Readiness unsubscribe](images/upgrade-analytics-unsubscribe.png)
1. Delete the Upgrade Readiness solution in Log Analytics workspace. In Log Analytics workspace. select **Solutions** > **Compatibility Assessment** > **Delete**.
2. Disable the Commercial Data Opt-in Key on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the diagnostic data level to **Security**:

82
windows/deployment/update/windows-update-resources.md
View File

@ -4,9 +4,11 @@ description: Additional resources for Windows Update
ms.prod: w10
ms.mktglfcycl:
ms.sitesec: library
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.localizationpriority: medium
ms.audience: itpro author: greg-lindsay
ms.audience: itpro
author: greg-lindsay
ms.date: 09/18/2018
ms.reviewer:
manager: laurawi
@ -70,42 +72,46 @@ The following resources provide additional information about using Windows Updat
cd /d %windir%\system32
```
6. Reregister the BITS files and the Windows Update files. To do this, type the following commands at a command prompt. Press ENTER after you type each command.
- regsvr32.exe atl.dll
- regsvr32.exe urlmon.dll
- regsvr32.exe mshtml.dll
- regsvr32.exe shdocvw.dll
- regsvr32.exe browseui.dll
- regsvr32.exe jscript.dll
- regsvr32.exe vbscript.dll
- regsvr32.exe scrrun.dll
- regsvr32.exe msxml.dll
- regsvr32.exe msxml3.dll
- regsvr32.exe msxml6.dll
- regsvr32.exe actxprxy.dll
- regsvr32.exe softpub.dll
- regsvr32.exe wintrust.dll
- regsvr32.exe dssenh.dll
- regsvr32.exe rsaenh.dll
- regsvr32.exe gpkcsp.dll
- regsvr32.exe sccbase.dll
- regsvr32.exe slbcsp.dll
- regsvr32.exe cryptdlg.dll
- regsvr32.exe oleaut32.dll
- regsvr32.exe ole32.dll
- regsvr32.exe shell32.dll
- regsvr32.exe initpki.dll
- regsvr32.exe wuapi.dll
- regsvr32.exe wuaueng.dll
- regsvr32.exe wuaueng1.dll
- regsvr32.exe wucltui.dll
- regsvr32.exe wups.dll
- regsvr32.exe wups2.dll
- regsvr32.exe wuweb.dll
- regsvr32.exe qmgr.dll
- regsvr32.exe qmgrprxy.dll
- regsvr32.exe wucltux.dll
- regsvr32.exe muweb.dll
- regsvr32.exe wuwebv.dll
```
regsvr32.exe atl.dll
regsvr32.exe urlmon.dll
regsvr32.exe mshtml.dll
regsvr32.exe shdocvw.dll
regsvr32.exe browseui.dll
regsvr32.exe jscript.dll
regsvr32.exe vbscript.dll
regsvr32.exe scrrun.dll
regsvr32.exe msxml.dll
regsvr32.exe msxml3.dll
regsvr32.exe msxml6.dll
regsvr32.exe actxprxy.dll
regsvr32.exe softpub.dll
regsvr32.exe wintrust.dll
regsvr32.exe dssenh.dll
regsvr32.exe rsaenh.dll
regsvr32.exe gpkcsp.dll
regsvr32.exe sccbase.dll
regsvr32.exe slbcsp.dll
regsvr32.exe cryptdlg.dll
regsvr32.exe oleaut32.dll
regsvr32.exe ole32.dll
regsvr32.exe shell32.dll
regsvr32.exe initpki.dll
regsvr32.exe wuapi.dll
regsvr32.exe wuaueng.dll
regsvr32.exe wuaueng1.dll
regsvr32.exe wucltui.dll
regsvr32.exe wups.dll
regsvr32.exe wups2.dll
regsvr32.exe wuweb.dll
regsvr32.exe qmgr.dll
regsvr32.exe qmgrprxy.dll
regsvr32.exe wucltux.dll
regsvr32.exe muweb.dll
regsvr32.exe wuwebv.dll
```
7. Reset Winsock. To do this, type the following command at a command prompt, and then press ENTER:
```
netsh winsock reset

2
windows/deployment/upgrade/setupdiag.md
View File

@ -213,7 +213,7 @@ Each rule name and its associated unique rule identifier are listed with a descr
8. CompatBlockedApplicationAutoUninstall BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
- This rule indicates there is an application that needs to be uninstalled before setup can continue.
9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
- When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat /ignore warning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing.
- When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat ignorewarning”. This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that have prevented setup from continuing.
10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
- This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing. This typically requires manual removal of the files associated with this application to continue.
11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B

6
windows/deployment/windows-autopilot/autopilot-support.md
View File

@ -7,7 +7,8 @@ ms.mktglfcycl: deploy
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
audience: itpro author: greg-lindsay
audience: itpro
author: greg-lindsay
ms.author: greglin
ms.date: 10/31/2018
ms.reviewer:
@ -29,9 +30,8 @@ Before contacting the resources listed below for Windows Autopilot-related issue
|---------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| OEM or Channel Partner registering devices as a CSP (via MPC) | Use the help resources available in MPC. Whether you are a named partner or a channel partner (distributor, reseller, SI, etc.), if youre a CSP registering Autopilot devices through MPC (either manually or through the MPC API), your first-line of support should be the help resources within MPC. |
| OEM registering devices using OEM Direct API | Contact MSOEMOPS@microsoft.com. Response time depends on priority: <br>Low 120 hours <br>Normal 72 hours <br>High 24 hours <br>Immediate 4 hours |
| OEM with a PFE | Reach out to your PFE for support. |
| Partners with a Partner Technology Strategist (PTS) | If you have a PTS (whether youre a CSP or not), you may first try working through your accounts specific Partner Technology Strategist (PTS). |
| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether youre a CSP or not), you may first try working through your accounts specific Ecosystem PM, especially for technical issues. |
| Partners with an Ecosystem PM | If you have an Ecosystem PM (whether youre a CSP or not), you may first try working through your accounts specific Ecosystem PM, especially for technical issues. To learn more about Ecosystem PMs and the services they offer, contact epsoinfo@microsoft.com. |
| Enterprise customers | Contact your Technical Account Manager (TAM), or Account Technology Strategist (ATS), or Customer Service Support (CSS) representative. |
| End-user | Contact your IT administrator. |
| Microsoft Partner Center (MPC) users | Use the [help resources](https://partner.microsoft.com/support) available in MPC. |

5
windows/deployment/windows-autopilot/windows-autopilot-requirements.md
View File

@ -46,9 +46,10 @@ Windows Autopilot depends on a variety of internet-based services. Access to the
In environments that have more restrictive Internet access, or for those that require authentication before internet access can be obtained, additional configuration may be required to whitelist access to the required services. For additional details about each of these services and their specific requirements, review the following details:
<table><th>Service<th>Information
<tr><td><b>Windows Autopilot Deployment Service and Windows Activation<b><td>After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 builds 18204 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com. <br>
<tr><td><b>Windows Autopilot Deployment Service<b><td>After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used: https://ztd.dds.microsoft.com, https://cs.dds.microsoft.com. <br>
<tr><td><b>Windows Activation<b><td>Windows Autopilot also requires Windows Activation services. See <a href="https://support.microsoft.com/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33">Windows activation or validation fails with error code 0x8004FE33</a> for details about the URLs that need to be accessible for the activation services.<br>
For all supported Windows 10 releases, Windows Autopilot also uses Windows Activation services. See <a href="https://support.microsoft.com/help/921471/windows-activation-or-validation-fails-with-error-code-0x8004fe33">Windows activation or validation fails with error code 0x8004FE33</a> for details about problems that might occur when you connect to the Internet through a proxy server.
<tr><td><b>Azure Active Directory<b><td>User credentials are validated by Azure Active Directory, and the device can also be joined to Azure Active Directory. See <a href="https://docs.microsoft.com/office365/enterprise/office-365-ip-web-service">Office 365 IP Address and URL Web service</a> for more information.
<tr><td><b>Intune<b><td>Once authenticated, Azure Active Directory will trigger enrollment of the device into the Intune MDM service. See the following link for details about network communication requirements: <a href="https://docs.microsoft.com/intune/network-bandwidth-use#network-communication-requirements">Intune network configuration requirements and bandwidth</a>.
<tr><td><b>Windows Update<b><td>During the OOBE process, as well as after the Windows 10 OS is fully configured, the Windows Update service is leveraged to retrieve needed updates. If there are problems connecting to Windows Update, see <a href="https://support.microsoft.com/help/818018/how-to-solve-connection-problems-concerning-windows-update-or-microsof">How to solve connection problems concerning Windows Update or Microsoft Update</a>.<br>

2
windows/release-information/windows-message-center.yml
View File

@ -50,7 +50,7 @@ sections:
text: "
<table border ='0'><tr><td width='80%'>Message</td><td width='20%'>Date</td></tr>
<tr><td><b>September 2019 security update available for all supported versions of Windows</b><br><div>The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, , follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>September 10, 2019 <br>09:34 AM PT</td></tr>
<tr><td><b>September 2019 security update available for all supported versions of Windows</b><br><div>The September 2019 security update release, referred to as our “B” release, is now available for Windows 10, version 1903 and all supported versions of Windows. We recommend that you install these updates promptly. To be informed about the latest updates and releases, follow us on Twitter&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>.</div></td><td>September 10, 2019 <br>09:34 AM PT</td></tr>
<tr><td><a href = 'https://support.microsoft.com/help/4512941' target='_blank'><b>Status update: Windows 10, version 1903 \"D\" optional release available August 30th</b></a><br><div>The August optional monthly “D” release for Windows 10, version 1903 is now available. Follow&nbsp;<a href=\"https://twitter.com/windowsupdate\" target=\"_blank\">@WindowsUpdate</a>&nbsp;for the latest on the availability of this release.</div></td><td>August 30, 2019 <br>08:00 AM PT</td></tr>
<tr><td><b>Feature update install notification on Windows 10, version 1809 (the October 2018 Update)</b><br><div>We've had reports on August 29th that some customers running Windows 10, version 1809 (the October 2018 Update) have received notification to install the latest feature update (version 1903) early. Updating remains in your control.&nbsp;To install the update, you must select one of the following options: \"Pick a Time\", \"Restart Tonight,\" or \"Restart Now\". If you are not ready to update at this time, simply dismiss the notification by clicking the arrow in the top right corner. If you have updated to Windows 10, version 1903 and would like to go back to your previous version, see the instructions <a href=\"https://support.microsoft.com/help/12415/windows-10-recovery-options#section6\" target=\"_blank\">here</a>.</div></td><td>August 29, 2019 <br>04:39 PM PT</td></tr>
<tr><td><a href = 'https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297' target='_blank'><b>Take Action: Internet Explorer 11 now available on Windows Update/WSUS for Windows Server 2012 and Windows Embedded 8 Standard</b></a><br><div>Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4492872\" target=\"_blank\">KB 4492872</a>) is now available via Windows Update (WU) and Windows Server Update Services (WSUS) for commercial customers running Windows Server 2012 and Windows Embedded 8 Standard. For details about these changes and end of support for IE10, please refer to the&nbsp;<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Bringing-Internet-Explorer-11-to-Windows-Server-2012-and-Windows/ba-p/325297\" target=\"_blank\">IT Pro blog</a>.&nbsp;</div></td><td>August 29, 2019 <br>08:00 AM PT</td></tr>

4
windows/security/identity-protection/credential-guard/credential-guard-manage.md
View File

@ -113,7 +113,7 @@ You can do this by using either the Control Panel or the Deployment Image Servic
You can also enable Windows Defender Credential Guard by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
```
DG_Readiness_Tool_v3.5.ps1 -Enable -AutoReboot
DG_Readiness_Tool_v3.6.ps1 -Enable -AutoReboot
```
> [!IMPORTANT]
> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSArch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.
@ -136,7 +136,7 @@ You can view System Information to check that Windows Defender Credential Guard
You can also check that Windows Defender Credential Guard is running by using the [Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
```
DG_Readiness_Tool_v3.5.ps1 -Ready
DG_Readiness_Tool_v3.6.ps1 -Ready
```
> [!IMPORTANT]
> When running the Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool on a non-English operating system, within the script, change `*$OSArch = $(gwmi win32_operatingsystem).OSArchitecture` to be `$OSAch = $((gwmi win32_operatingsystem).OSArchitecture).tolower()` instead, in order for the tool to work.

1
windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
View File

@ -332,6 +332,7 @@ The Group Policy object contains the policy settings needed to trigger Windows H
> * PIN **must** be in at least one of the groups
> * Trusted signals **must** be combined with another credential provider
> * You cannot use the same unlock factor to satisfy both categories. Therefore, if you include any credential provider in both categories, it means it can satisfy either category, but not both.
> * The multifactor unlock feature is also supported via the Passport for Work CSP. See [Passport For Work CSP](https://docs.microsoft.com/windows/client-management/mdm/passportforwork-csp) for more information.
1. Start the **Group Policy Management Console** (gpmc.msc)
2. Expand the domain and select the **Group Policy Object** node in the navigation pane.

4
windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
View File

@ -82,6 +82,10 @@ Microsoft still has apps that are unenlightened, but which have been tested and
- Skype for Business
## Adding enlightened Microsoft apps to the allowed apps list
> [!NOTE]
> As of January 2019 it is no longer necessary to add Intune Company Portal as an exempt app since it is now included in the default list of protected apps.
You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and System Center Configuration Manager.

1
windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
View File

@ -35,6 +35,7 @@ This table includes the recommended URLs to add to your Enterprise Cloud Resourc
|-----------------------------|---------------------------------------------------------------------|
|Office 365 for Business |<ul><li>contoso.sharepoint.com</li><li>contoso-my.sharepoint.com</li><li>contoso-files.sharepoint.com</li><li>tasks.office.com</li><li>protection.office.com</li><li>meet.lync.com</li><li>teams.microsoft.com</li></ul> |
|Yammer |<ul><li>www.yammer.com</li><li>yammer.com</li><li>persona.yammer.com</li></ul> |
|Outlook Web Access (OWA) |attachments.office.net |
|Microsoft Dynamics |contoso.crm.dynamics.com |
|Visual Studio Online |contoso.visualstudio.com |
|Power BI |contoso.powerbi.com |

2
windows/security/threat-protection/auditing/advanced-security-audit-policy-settings.md
View File

@ -65,7 +65,7 @@ Detailed Tracking security policy settings and audit events can be used to monit
- [Audit Process Termination](audit-process-termination.md)
- [Audit RPC Events](audit-rpc-events.md)
- [Audit Credential Validation](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-credential-validation)
> **Note:** For more information, see [Security Monitoring](https://blogs.technet.microsoft.com/nathangau/2018/01/25/security-monitoring-a-possible-new-way-to-detect-privilege-escalation/)
- [Audit Token Right Adjusted](https://docs.microsoft.com/windows/security/threat-protection/auditing/audit-token-right-adjusted)
## DS Access

27
windows/security/threat-protection/auditing/audit-token-right-adjusted.md Normal file
View File

@ -0,0 +1,27 @@
---
title: Audit Token Right Adjusted (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Token Right Adjusted, which determines whether the operating system generates audit events when specific changes are made to the privileges of a token.
---
# Audit Token Right Adjusted
**Applies to**
- Windows 10
- Windows Server 2016
Audit Token Right Adjusted allows you to audit events generated by adjusting the privileges of a token.
For more information, see [Security Monitoring: A Possible New Way to Detect Privilege Escalation](https://blogs.technet.microsoft.com/nathangau/2018/01/25/security-monitoring-a-possible-new-way-to-detect-privilege-escalation/).
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Domain Controller | IF | No | IF | No | IF With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is System Center Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Member Server | IF | No | IF | No | IF With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is System Center Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
| Workstation | IF | No | IF | No | IF With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is System Center Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesnt have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
**Events List:**
- [4703](event-4703.md)(S): A user right was adjusted.
**Event volume**: High.

129
windows/security/threat-protection/auditing/event-5155.md
View File

@ -24,35 +24,46 @@ By default Windows firewall won't prevent a port from being listened by an appli
You can add your own filters using the WFP APIs to block listen to reproduce this event: <https://msdn.microsoft.com/library/aa364046(v=vs.85).aspx>.
There is no event example in this document.
***Subcategory:***&nbsp;[Audit Filtering Platform Connection](audit-filtering-platform-connection.md)
***Event Schema:***
***Event Description:***
*The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.*
This event generates every time the [Windows Filtering Platform](https://docs.microsoft.com/windows/win32/fwp/windows-filtering-platform-start-page) blocks an application or service from listening on a port for incoming connections.
*Application Information:*
<br clear="all">
> *Process ID:%1*
>
> *Application Name:%2*
*Network Information:*
> *Source Address:%3*
>
> *Source Port:%4*
>
> *Protocol:%5*
*Filter Information:*
> *Filter Run-Time ID:%6*
>
> *Layer Name:%7*
>
> *Layer Run-Time ID:%8*
***Event XML:***
```xml
<Event
xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>5155</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12810</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2019-04-18T03:49:08.507780900Z" />
<EventRecordID>42196</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="2788" />
<Channel>Security</Channel>
<Computer>NATHAN-AGENT2</Computer>
<Security />
</System>
<EventData>
<Data Name="ProcessId">2628</Data>
<Data Name="Application">\device\harddiskvolume2\users\test\desktop\netcat\nc.exe</Data>
<Data Name="SourceAddress">0.0.0.0</Data>
<Data Name="SourcePort">5555</Data>
<Data Name="Protocol">6</Data>
<Data Name="FilterRTID">84576</Data>
<Data Name="LayerName">%%14609</Data>
<Data Name="LayerRTID">40</Data>
</EventData>
</Event>
```
***Required Server Roles:*** None.
@ -60,6 +71,76 @@ There is no event example in this document.
***Event Versions:*** 0.
***Field Descriptions:***
**Application Information**:
- **Process ID** \[Type = Pointer\]: Hexadecimal Process ID (PID) of the process which was permitted to bind to the local port. The PID is a number used by the operating system to uniquely identify an active process. To see the PID for a specific process you can, for example, use Task Manager (Details tab, PID column):
<img src="images/task-manager.png" alt="Task manager illustration" width="585" height="375" />
If you convert the hexadecimal value to decimal, you can compare it to the values in Task Manager.
You can also correlate this process ID with a process ID in other events, for example, “[4688](event-4688.md): A new process has been created” **Process Information\\New Process ID**.
<!-- -->
- **Application Name** \[Type = UnicodeString\]**:** Full path and the name of the executable for the process.
Logical disk is displayed in the format \\device\\harddiskvolume\#. You can get all local volume numbers by using the **diskpart** utility. The command to get volume numbers using diskpart is “**list volume**”:
<img src="images/diskpart.png" alt="DiskPart illustration" width="786" height="246" />
**Network Information:**
- **Source Address** \[Type = UnicodeString\]**:** The local IP address of the computer running the application.
- IPv4 Address
- IPv6 Address
- :: - all IP addresses in IPv6 format
- 0.0.0.0 - all IP addresses in IPv4 format
- 127.0.0.1 , ::1 - localhost
- **Source Port** \[Type = UnicodeString\]**:** The port number used by the application.
- **Protocol** \[Type = UInt32\]: the protocol number being used.
| Service | Protocol Number |
|----------------------------------------------------|-----------------|
| Internet Control Message Protocol (ICMP) | 1 |
| Transmission Control Protocol (TCP) | 6 |
| User Datagram Protocol (UDP) | 17 |
| General Routing Encapsulation (PPTP data over GRE) | 47 |
| Authentication Header (AH) IPSec | 51 |
| Encapsulation Security Payload (ESP) IPSec | 50 |
| Exterior Gateway Protocol (EGP) | 8 |
| Gateway-Gateway Protocol (GGP) | 3 |
| Host Monitoring Protocol (HMP) | 20 |
| Internet Group Management Protocol (IGMP) | 88 |
| MIT Remote Virtual Disk (RVD) | 66 |
| OSPF Open Shortest Path First | 89 |
| PARC Universal Packet Protocol (PUP) | 12 |
| Reliable Datagram Protocol (RDP) | 27 |
| Reservation Protocol (RSVP) QoS | 46 |
**Filter Information:**
- **Filter Run-Time ID** \[Type = UInt64\]: A unique filter ID which blocks the application from binding to the port. By default, Windows firewall won't prevent a port from binding to an application, and if this application doesnt match any filters, you will get a 0 value in this field.
To find a specific Windows Filtering Platform filter by ID, you need to execute the following command: **netsh wfp show filters**. As a result of this command, a **filters.xml** file will be generated. You need to open this file and find the specific substring with the required filter ID (**&lt;filterId&gt;**), for example:
<img src="images/filters-xml-file.png" alt="Filters.xml file illustration" width="840" height="176" />
- **Layer Name** \[Type = UnicodeString\]: [Application Layer Enforcement](https://msdn.microsoft.com/library/windows/desktop/aa363971(v=vs.85).aspx) layer name.
- **Layer Run-Time ID** \[Type = UInt64\]: Windows Filtering Platform layer identifier. To find a specific Windows Filtering Platform layer ID, you need to execute the following command: **netsh wfp show state**. As result of this command, a **wfpstate.xml** file will be generated. You need to open this file and find the specific substring with the required layer ID (**&lt;layerId&gt;**), for example:
<img src="images/wfpstate-xml.png" alt="Wfpstate xml illustration" width="1563" height="780" />
## Security Monitoring Recommendations
- If you use Windows Filtering Platform APIs to block application or services from listening on a port, then you can use this event for troubleshooting and monitoring.

7
windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
View File

@ -274,9 +274,12 @@ B. If you experience software or device malfunction after using the above proced
C. If you experience a critical error during boot or your system is unstable after using the above procedure to turn on HVCI, you can recover using the Windows Recovery Environment (Windows RE). To boot to Windows RE, see [Windows RE Technical Reference](https://docs.microsoft.com/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference). After logging in to Windows RE, you can turn off HVCI by renaming or deleting the SIPolicy.p7b file from the file location in step 3 above and then restart your device.
## How to turn off HVCI on the Windows 10 Fall Creators Update
## How to turn off HVCI
1. Rename or delete the SIPolicy.p7b file located at C:\Windows\System32\CodeIntegrity.
1. Run the following command from an elevated prompt to set the HVCI registry key to off
```ini
reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 0 /f
```
2. Restart the device.
3. To confirm HVCI has been successfully disabled, open System Information and check **Virtualization-based security Services Running**, which should now have no value displayed.

2
windows/security/threat-protection/microsoft-defender-atp/automated-investigations.md
View File

@ -40,7 +40,7 @@ Entities are the starting point for Automated investigations. When an alert cont
>- Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/en-us/help/4493464/windows-10-update-kb4493464)) or later
>- Later versions of Windows 10
The alerts start by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
The Automated investigation starts by analyzing the supported entities from the alert and also runs a generic machine playbook to see if there is anything else suspicious on that machine. The outcome and details from the investigation is seen in the Automated investigation view.
### Details of an Automated investigation

4
windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
View File

@ -55,7 +55,7 @@ For more information about disabling local list merging, see [Prevent or allow u
> If controlled folder access is configured with Group Policy, PowerShell, or MDM CSPs, the state will change in the Windows Security app after a restart of the device.
> If the feature is set to **Audit mode** with any of those tools, the Windows Security app will show the state as **Off**.
>If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive.
> If you are protecting user profile data, we recommend that the user profile should be on the default Windows installation drive.
## Intune
@ -63,7 +63,7 @@ For more information about disabling local list merging, see [Prevent or allow u
1. Click **Device configuration** > **Profiles** > **Create profile**.
1. Name the profile, choose **Windows 10 and later** and **Endpoint protection**.
![Create endpoint protection profile](../images/create-endpoint-protection-profile.png)
1. Click **Configure** > **Windows Defender Exploit Guard** > **Network filtering** > **Enable**.
1. Click **Configure** > **Windows Defender Exploit Guard** > **Controlled folder access** > **Enable**.
1. Type the path to each application that has access to protected folders and the path to any additional folder that needs protection and click **Add**.
![Enable controlled folder access in Intune](../images/enable-cfa-intune.png)

3
windows/security/threat-protection/microsoft-defender-atp/machine-tags.md
View File

@ -67,7 +67,8 @@ Machines with similar tags can be handy when you need to apply contextual action
Use the following registry key entry to add a tag on a machine:
- Registry key: `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection\DeviceTagging\`
- Registry key value (string): Group
- Registry key name: `Group`
- Registry key value (REG_SZ): `Name of the tag you want to set`
>[!NOTE]
>The device tag is part of the machine information report that's generated once a day. As an alternative, you may choose to restart the endpoint that would transfer a new machine information report.

6
windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
View File

@ -23,12 +23,12 @@ ms.date: 04/11/2019
The cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact on the security recommendation list. Prioritized recommendation helps shorten the mean time to mitigate or remediate vulnerabilities and drive compliance.
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and SCCM. It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collect information from your environment.
Each security recommendation includes an actionable remediation recommendation which can be pushed into the IT task queue through a built-in integration with Microsoft Intune and Microsoft System Center Configuration Manager (SCCM). It is also dynamic in the sense that when the threat landscape changes, the recommendation also changes as it continuously collect information from your environment.
## The basis of the security recommendation
Each machine in the organization is scored based on three important factors: threat, likelihood to be breached, and value, to help customers to focus on the right things at the right time.
- Threat - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the correponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
- Threat - Characteristics of the vulnerabilities and exploits in your organizations' devices and breach history. Based on these factors, the security recommendations shows the corresponding links to active alerts, ongoing threat campaigns, and their corresponding threat analytic reports.
- Breach likelihood - Your organization's security posture and resilience against threats
@ -36,7 +36,7 @@ Each machine in the organization is scored based on three important factors: thr
## Navigate through your security recommendations
You can access the security recommendation from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page, to give you the context that you need as you require it.
You can access the security recommendation from the Microsoft Defender ATP Threat & Vulnerability Management menu, dashboard, software page, and machine page, to give you the context that you need, as you require it.
There are security recommendations for application, operating system, network, accounts, and security controls.

3
windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
View File

@ -35,13 +35,12 @@ The following table lists and explains the allowed encryption types.
| Encryption type | Description and version support |
| - | - |
| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10 and Windows Server 2008 R2 operating systems do not support DES| by default.
| DES_CBC_CRC | Data Encryption Standard with Cipher Block Chaining using the Cyclic Redundancy Check function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10 and Windows Server 2008 R2 operating systems do not support DES by default. |
| DES_CBC_MD5| Data Encryption Standard with Cipher Block Chaining using the Message-Digest algorithm 5 checksum function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The Windows 7, Windows 10 and Windows Server 2008 R2 operating systems do not support DES by default. |
| RC4_HMAC_MD5| Rivest Cipher 4 with Hashed Message Authentication Code using the Message-Digest algorithm 5 checksum function<br/>Supported in Windows 2000 Server, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2.|
| AES128_HMAC_SHA1| Advanced Encryption Standard in 128 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2. |
| AES256_HMAC_SHA1| Advanced Encryption Standard in 256 bit cipher block with Hashed Message Authentication Code using the Secure Hash Algorithm (1).<br/>Not supported in Windows 2000 Server, Windows XP, or Windows Server 2003. Supported in Windows Vista, Windows Server 2008, Windows 7, Windows 10 and Windows Server 2008 R2. |
| Future encryption types| Reserved by Microsoft for additional encryption types that might be implemented.|
 
### Possible values

2
windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
View File

@ -41,7 +41,7 @@ Tool|Deployment options (<a href="#fn2" id="ref2">2</a>)|Management options (net
Microsoft Intune|[Add endpoint protection settings in Intune](https://docs.microsoft.com/intune/endpoint-protection-configure)|[Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure)| [Use the Intune console to manage devices](https://docs.microsoft.com/intune/device-management)
System Center Configuration Manager ([1](#fn1))|Use the [Endpoint Protection point site system role][] and [enable Endpoint Protection with custom client settings][]|With [default and customized antimalware policies][] and [client management][]|With the default [Configuration Manager Monitoring workspace][] and [email alerts][]
Group Policy and Active Directory (domain-joined)|Use a Group Policy Object to deploy configuration changes and ensure Windows Defender Antivirus is enabled.|Use Group Policy Objects (GPOs) to [Configure update options for Windows Defender Antivirus][] and [Configure Windows Defender features][]|Endpoint reporting is not available with Group Policy. You can generate a list of [Group Policies to determine if any settings or policies are not applied][]
PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference][] and [Update-MpSignature] [] cmdlets available in the Defender module|Use the appropriate [Get- cmdlets available in the Defender module][]
PowerShell|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set-MpPreference] and [Update-MpSignature] cmdlets available in the Defender module.|Use the appropriate [Get- cmdlets available in the Defender module][]
Windows Management Instrumentation|Deploy with Group Policy, System Center Configuration Manager, or manually on individual endpoints.|Use the [Set method of the MSFT_MpPreference class][] and the [Update method of the MSFT_MpSignature class][]|Use the [MSFT_MpComputerStatus][] class and the get method of associated classes in the [Windows Defender WMIv2 Provider][]
Microsoft Azure|Deploy Microsoft Antimalware for Azure in the [Azure portal, by using Visual Studio virtual machine configuration, or using Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#antimalware-deployment-scenarios). You can also [Install Endpoint protection in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-install-endpoint-protection)|Configure [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) or [use code samples](https://gallery.technet.microsoft.com/Antimalware-For-Azure-5ce70efe)|Use [Microsoft Antimalware for Virtual Machines and Cloud Services with Azure PowerShell cmdlets](https://docs.microsoft.com/azure/security/azure-security-antimalware#enable-and-configure-antimalware-using-powershell-cmdlets) to enable monitoring. You can also review usage reports in Azure Active Directory to determine suspicious activity, including the [Possibly infected devices][] report and configure an SIEM tool to report on [Windows Defender Antivirus events][] and add that tool as an app in AAD.

6
windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-install-with-intune.md
View File

@ -166,6 +166,12 @@ Once the Intune changes are propagated to the enrolled devices, you can see them
![Microsoft Defender icon in status bar screenshot](images/MDATP_Icon_Bar.png)
## Troubleshooting
Issue: No license found
Solution: Follow the steps above to create a device profile using WindowsDefenderATPOnboarding.xml
## Logging installation issues
For more information on how to find the automatically generated log that is created by the installer when an error occurs, see [Logging installation issues](microsoft-defender-atp-mac-resources.md#logging-installation-issues) .

2
windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
View File

@ -1,6 +1,6 @@
---
title: Microsoft recommended block rules (Windows 10)
description: To help you plan and begin the initial test stages of a deployment of Microsoft Windows Defender Application Comntrol, this article outlines how to gather information, create a plan, and begin to create and test initial code integrity policies.
description: To help you plan and begin the initial test stages of a deployment of Microsoft Windows Defender Application Control, this article outlines how to gather information, create a plan, and begin to create and test initial code integrity policies.
keywords: virtualization, security, malware
ms.prod: w10
ms.mktglfcycl: deploy

12
windows/security/threat-protection/windows-defender-application-guard/configure-wd-app-guard.md
View File

@ -33,9 +33,17 @@ These settings, located at **Computer Configuration\Administrative Templates\Net
|Policy name|Supported versions|Description|
|-----------|------------------|-----------|
|Private network ranges for apps|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of IP address ranges that are in your corporate network. Included endpoints or endpoints that are included within a specified IP address range, are rendered using Microsoft Edge and won't be accessible from the Application Guard environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Notes: 1) Include a full domain name in the configuration, for example **www.contoso.com**, to trust only in this literal value. 2) You may optionally use "." as a wildcard character to automatically trust subdomains on only one level of the domain hierarchy that is to the left of the dot. Configuring **".constoso.com"** will automatically trust **"local.contoso.com"**, **"shop.contoso.com"**, and all other values on the left. 3) You may optionally use ".." as a wildcard character to automatically trust subdomains on all the levels of the domain hierarchy that are to the left of the dots. Configuring **"..constoso.com"** will automatically trust **"us.shop.contoso.com"**, **"trainning.contoso.com"**, and all other values on the left. |
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment.|
|Enterprise resource domains hosted in the cloud|At least Windows Server 2012, Windows 8, or Windows RT|A pipe-separated (\|) list of your domain cloud resources. Included endpoints are rendered using Microsoft Edge and won't be accessible from the Application Guard environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
|Domains categorized as both work and personal|At least Windows Server 2012, Windows 8, or Windows RT|A comma-separated list of domain names used as both work or personal resources. Included endpoints are rendered using Microsoft Edge and will be accessible from the Application Guard and regular Edge environment. Note: This list supports the wildcards detailed in the [Network isolation settings wildcards](#network-isolation-settings-wildcards) table.|
## Network isolation settings wildcards
|Value|Number of dots to the left|Meaning|
|-----|--------------------------|-------|
|contoso.com|0|Trust only the literal value of **contoso.com**.|
|www.contoso.com|0|Trust only the literal value of **www.contoso.com**.|
|.contoso.com|1|Trust any domain that ends with the text **contoso.com**. Matching sites include **spearphishingcontoso.com**, **contoso.com**, and **www.contoso.com**.|
|..contoso.com|2|Trust all levels of the domain hierarchy that are to the left of the dot. Matching sites include **shop.contoso.com**, **us.shop.contoso.com**, **www.us.shop.contoso.com**, but NOT **contoso.com** itself.|
## Application-specific settings
These settings, located at **Computer Configuration\Administrative Templates\Windows Components\Windows Defender Application Guard**, can help you to manage your company's implementation of Application Guard.