deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 14:57:23 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/it-client/_git/it-client

Browse Source
This commit is contained in:
Beth Levin 2019-01-17 08:57:46 -08:00
commit ac032e732d
4 changed files with 37 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -1765,6 +1765,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
|New or updated topic | Description|
|--- | ---|
|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.|
|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.|
### December 2018

61
windows/client-management/mdm/sharedpc-csp.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 06/26/2017
ms.date: 01/16/2019
---
# SharedPC CSP
@ -27,18 +27,18 @@ The supported operation is Get.
<a href="" id="enablesharedpcmode"></a>**EnableSharedPCMode**
A boolean value that specifies whether Shared PC mode is enabled.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
Setting this value to True triggers the action to configure a device to Shared PC mode.
The default value is False.
The default value is Not Configured and SharedPC mode is not enabled.
<a href="" id="setedupolicies"></a>**SetEduPolicies**
A boolean value that specifies whether the policies for education environment are enabled. Setting this value to true triggers the action to configure a device as education environment.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value changed to false in Windows 10, version 1703. This node needs to be configured independent of EnableSharedPCMode. In Windows 10, version 1607, the default value is true and education environment is automatically configured when SharedPC mode is configured.
The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode. In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured.
<a href="" id="setpowerpolicies"></a>**SetPowerPolicies**
Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
@ -46,9 +46,9 @@ Optional. A boolean value that specifies that the power policies should be set w
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value is True.
The default value is Not Configured and the effective power settings are determined by the OS's default power settings. Its value in the SharedPC provisioning package is True.
<a href="" id="maintenancestarttime"></a>**MaintenanceStartTime**
Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
@ -56,9 +56,9 @@ Optional. An integer value that specifies the daily start time of maintenance ho
> [!Note]
>  If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value is 0 (12 AM).
The default value is Not Configured and its value in the SharedPC provisioning package is 0 (12 AM).
<a href="" id="signinonresume"></a>**SignInOnResume**
Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
@ -66,9 +66,9 @@ Optional. A boolean value that, when set to True, requires sign in whenever the
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value is True.
The default value is Not Configured and its value in the SharedPC provisioning package is True.
<a href="" id="sleeptimeout"></a>**SleepTimeout**
The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional.
@ -76,9 +76,9 @@ The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps.
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value changed to 300 in Windows 10, version 1703. The default value is 3600 in Windows 10, version 1607.
The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in the SharedPC provisioning package for Windows 10, version 1703 is 300, and in Windows 10, version 1607 is 3600.
<a href="" id="enableaccountmanager"></a>**EnableAccountManager**
A boolean that enables the account manager for shared PC mode.
@ -86,9 +86,9 @@ A boolean that enables the account manager for shared PC mode.
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The default value is True.
The default value is Not Configured and its value in the SharedPC provisioning package is True.
<a href="" id="accountmodel"></a>**AccountModel**
Configures which type of accounts are allowed to use the PC.
@ -96,7 +96,7 @@ Configures which type of accounts are allowed to use the PC.
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
The following list shows the supported values:
@ -104,13 +104,15 @@ The following list shows the supported values:
- 1 - Only domain-joined accounts are enabled.
- 2 - Domain-joined and guest accounts are allowed.
Its value in the SharedPC provisioning package is 1 or 2.
<a href="" id="deletionpolicy"></a>**DeletionPolicy**
Configures when accounts are deleted.
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
For Windows 10, version 1607, here is the list shows the supported values:
@ -123,17 +125,19 @@ For Windows 10, version 1703, here is the list of supported values:
- 1 - Delete at disk space threshold
- 2 - Delete at disk space threshold and inactive threshold
The default value is Not Configured. Its value in the SharedPC provisioning package is 1 or 2.
<a href="" id="diskleveldeletion"></a>**DiskLevelDeletion**
Sets the percentage of disk space remaining on a PC before cached accounts will be deleted to free disk space. Accounts that have been inactive the longest will be deleted first.
> [!Note]
> If used, this value must be set before the action on the **EnableSharedPCMode** node is taken.
The default value is 25.
The default value is Not Configured. Its default value in the SharedPC provisioning package is 25.
For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless whether the PC is actively in use or not.
For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a daily maintenance period, accounts will be deleted (oldest last used first) when the system is idle until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under half of the deletion threshold and disk space is very low, regardless of whether the PC is actively in use or not.
The supported operations are Get and Replace.
The supported operations are Add, Get, Replace, and Delete.
<a href="" id="disklevelcaching"></a>**DiskLevelCaching**
Sets the percentage of available disk space a PC should have before it stops deleting cached accounts.
@ -141,15 +145,16 @@ Sets the percentage of available disk space a PC should have before it stops del
> [!Note]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
The default value is 50.
The default value is Not Configured. The default value in the SharedPC provisioning package is 25.
For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevelDeletion** number is set to 25 (both default values). Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) during a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign off of an account if free space is under the deletion threshold and disk space is very low, regardless whether the PC is actively in use or not.
The supported operations are Add, Get, Replace, and Delete.
<a href="" id="restrictlocalstorage"></a>**RestrictLocalStorage**
Added in Windows 10, version 1703. Restricts the user from using local storage. This node is optional.
Default value is true Value type is bool. Supported operations are Get and Replace.
The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
> [!Note]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
@ -157,7 +162,7 @@ Default value is true Value type is bool. Supported operations are Get and Repla
<a href="" id="kioskmodeaumid"></a>**KioskModeAUMID**
Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional.
Value type is string. Supported operations are Get and Replace.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
> [!Note]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
@ -165,7 +170,7 @@ Value type is string. Supported operations are Get and Replace.
<a href="" id="kioskmodeusertiledisplaytext"></a>**KioskModeUserTileDisplayText**
Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen which launches the app specified by KioskModeAUMID. This node is optional.
Value type is string. Supported operations are Get and Replace.
Value type is string. Supported operations are Add, Get, Replace, and Delete.
> [!Note]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
@ -173,7 +178,9 @@ Value type is string. Supported operations are Get and Replace.
<a href="" id="inactivethreshold"></a>**InactiveThreshold**
Added in Windows 10, version 1703. Accounts will start being deleted when they have not been logged on during the specified period, given as number of days.
Default value is 30. Value type is integer. Supported operations are Get and Replace.
The default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The default in the SharedPC provisioning package is 30.
<a href="" id="maxpagefilesizemb"></a>**MaxPageFileSizeMB**
Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32 GB storage and at least 3 GB of RAM. This node is optional.
@ -181,9 +188,9 @@ Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applie
> [!Note]
> If used, this value must set before the action on the **EnableSharedPCMode** node is taken.
Default value is 1024. Value type is integer. Supported operations are Get and Replace.
Default value is Not Configured. Value type is integer. Supported operations are Add, Get, Replace, and Delete.
The default in the SharedPC provisioning package is 1024.
## Related topics

4
windows/security/threat-protection/windows-defender-application-guard/test-scenarios-wd-app-guard.md
View File

@ -8,7 +8,7 @@ ms.pagetype: security
ms.localizationpriority: medium
author: justinha
ms.author: justinha
ms.date: 10/16/2018
ms.date: 01/16/2019
---
# Application Guard testing scenarios
@ -46,7 +46,7 @@ How to install, set up, turn on, and configure Application Guard for Enterprise-
### Install, set up, and turn on Application Guard
Before you can use Application Guard in enterprise mode, you must install Windows 10 Enterprise edition, version 1709, which includes the functionality. Then, you must use Group Policy to set up the required settings.
1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard) steps in this guide.
1. Install Application Guard, using the [installation](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard/install-wd-app-guard#install-application-guard) steps in this guide.
2. Restart the device and then start Microsoft Edge.

51
windows/whats-new/ltsc/whats-new-windows-10-2019.md
View File

@ -395,62 +395,11 @@ In the Feedback and Settings page under Privacy Settings you can now delete the
## Configuration
<<<<<<< HEAD
### Kiosk configuration
Microsoft Edge has many improvements specifically targeted to Kiosks, however Edge is not available in the LTSC release of Windows 10. Internet Explorer is included in Windows 10 LTSC releases as its feature set is not changing, and it will continue to get security fixes for the life of a Windows 10 LTSC release.
If you wish to take advantage of [Kiosk capabilities in Edge](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy), consider [Kiosk mode](https://docs.microsoft.com/windows/configuration/kiosk-methods) with a semi-annual release channel.
=======
### Kiosk Configuration
We introduced a simplified assigned access configuration experience in **Settings** that allows device administrators to easily set up a PC as a kiosk or digital sign. A wizard experience walks you through kiosk setup including creating a kiosk account that will automatically sign in when a device starts.
To use this feature, go to **Settings**, search for **assigned access**, and open the **Set up a kiosk** page.
![set up a kiosk](../images/kiosk-mode.png "set up a kiosk")
Microsoft Edge kiosk mode running in single-app assigned access has two kiosk types.
1. **Digital / Interactive signage** that displays a specific website full-screen and runs InPrivate mode.
2. **Public browsing** supports multi-tab browsing and runs InPrivate mode with minimal features available. Users cannot minimize, close, or open new Microsoft Edge windows or customize them using Microsoft Edge Settings. Users can clear browsing data and downloads, and restart Microsoft Edge by clicking **End session**. Administrators can configure Microsoft Edge to restart after a period of inactivity.
![single app assigned access](../images/SingleApp_contosoHotel_inFrame@2x.png "single app assigned access")
Microsoft Edge kiosk mode running in multi-app assigned access has two kiosk types.
>[!NOTE]
>The following Microsoft Edge kiosk mode types cannot be setup using the new simplified assigned access configuration wizard in Windows 10 Settings.
1. **Public browsing** supports multi-tab browsing and runs InPrivate mode with minimal features available. In this configuration, Microsoft Edge can be one of many apps available. Users can close and open multiple InPrivate mode windows.
![multi-app assigned access](../images/Multi-app_kiosk_inFrame.png "multi-app assigned access")
2. **Normal mode** runs a full version of Microsoft Edge, although some features may not work depending on what apps are configured in assigned access. For example, if the Microsoft Store is not set up, users cannot get books.
![normal mode](../images/Normal_inFrame.png "normal mode")
Learn more about [Microsoft Edge kiosk mode](https://docs.microsoft.com/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy).
The AssignedAccess CSP has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using a provisioning package. For more information, see [Create a Windows 10 kiosk that runs multiple apps](https://docs.microsoft.com/windows/configuration/lock-down-windows-10-to-specific-apps).
### Windows 10 kiosk and Kiosk Browser
With this release you can easily deploy and manage kiosk devices with Microsoft Intune in single and multiple app scenarios. This includes the new Kiosk Browser available from the Microsoft Store. Kiosk Browser is great for delivering a reliable and custom-tailored browsing experience for scenarios such as retail and signage. A summary of new features is below.
- Using Intune, you can deploy the Kiosk Browser from the Microsoft Store, configure start URL, allowed URLs, and enable/disable navigation buttons.
- Using Intune, you can deploy and configure shared devices and kiosks using assigned access to create a curated experience with the correct apps and configuration policies
- Support for multiple screens for digital signage use cases.
- The ability to ensure all MDM configurations are enforced on the device prior to entering assigned access using the Enrollment Status page.
- The ability to configure and run Shell Launcher in addition to existing UWP Store apps.
- A simplified process for creating and configuring an auto-logon kiosk account so that a public kiosk automatically enters a desired state after a reboot, a critical security requirement for public-facing use cases.
- For multi-user Firstline Worker kiosk devices, instead of specifying every user, its now possible to assign different assigned access configurations to Azure AD groups or Active Directory groups.
- To help with troubleshooting, you can now view error reports generated if an assigned access-configured app has issues.
For more information, see:
- [Making IT simpler with a modern workplace](https://www.microsoft.com/en-us/microsoft-365/blog/2018/04/27/making-it-simpler-with-a-modern-workplace/)
- [Simplifying kiosk management for IT with Windows 10](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Simplifying-kiosk-management-for-IT-with-Windows-10/ba-p/187691)
>>>>>>> 29ecd8ba10cf9401b75cb72a382839f4b4becd26
### Co-management