deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into jdshonline

Browse Source
This commit is contained in:
jdeckerMS 2016-12-19 09:24:20 -08:00
commit b2e9baec95
11 changed files with 189 additions and 144 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
View File

@ -1620,7 +1620,7 @@ In the following cmdlets, `$strPolicy` is the name of the ActiveSync policy, and
Note that in order to run the cmdlets, you need to set up a remote PowerShell session and:
- Your admin account must be remote-PowerShell-enabled. This allows the admin to use the PowerShell cmdlets that are needed by the script. (This permission can be set using set-user `$admin -RemotePowerShellEnabled $true`)
- Your admin account must be remote-PowerShell-enabled. This allows the admin to use the PowerShell cmdlets that are needed by the script. (This permission can be set using `set-user $admin -RemotePowerShellEnabled $true`)
- Your admin account must have the "Reset Password" role if you plan to run the creation scripts. This allows the admin to change the password of the account, which is needed for the script. The Reset Password Role can be enabled using the Exchange Admin Center.
Create the policy.

9
education/windows/take-a-test-single-pc.md
View File

@ -25,17 +25,10 @@ The **Take a Test** app in Windows 10, Version 1607, creates the right environme
- Students cant change settings, extend their display, see notifications, get updates, or use autofill features.
- Cortana is turned off.
<<<<<<< HEAD
> **Tip!**
> To exit **Take a Test**, press Ctrl+Alt+Delete.
=======
> [!TIP]
> To exit **Take a Test**, press Ctrl+Alt+Delete.
>>>>>>> f50c53382577edc4df9f4e8c3f911e5a8da4bc83
## How you use Take a Test
![Use test account or test url in Take a Test](images/take-a-test-flow.png)

BIN
windows/keep-secure/images/atp-disableantispyware-regkey.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 49 KiB

2
windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
View File

@ -113,4 +113,4 @@ When Windows Defender is not the active antimalware in your organization and you
## Windows Defender Early Launch Antimalware (ELAM) driver is enabled
If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information on how to validate and enable the Windows Defender ELAM driver see, [Ensure the Windows Defender ELAM driver is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-windows-defender-elam-driver-is-enabled).
If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).

103
windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
View File

@ -65,7 +65,7 @@ Event ID | Error Type | Resolution steps
5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
10 | Onboarding data couldn't be written to registry | Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
15 | Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).
15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) for instructions.
15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy) for instructions.
30 | The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
35 | The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
@ -124,7 +124,7 @@ If the deployment tools used does not indicate an error in the onboarding proces
- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
- [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled)
- [Ensure that Windows Defender is not disabled by a policy](#ensure-that-windows-defender-is-not-disabled-by-a-policy)
### View agent onboarding errors in the endpoint event log
@ -222,98 +222,31 @@ To ensure that sensor has service connectivity, follow the steps described in th
If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.
### Ensure the Windows Defender ELAM driver is enabled
If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled.
### Ensure that Windows Defender is not disabled by a policy
**Problem**: The Windows Defender ATP service does not start after onboarding.
**Check the ELAM driver status:**
**Symptom**: Onboarding successfully completes, but you see error 577 when trying to start the service.
1. Open a command-line prompt on the endpoint:
**Solution**: If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled. You must ensure that it's not disabled in system policy.
a. Click **Start**, type **cmd**, and select **Command prompt**.
- Depending on the tool that you use to implement policies, you'll need to verify that the following Windows Defender policies are set to ```0``` or that the settings are cleared:
2. Enter the following command, and press Enter:
```
sc qc WdBoot
```
If the ELAM driver is enabled, the output will be:
- ```DisableAntiSpyware```
- ```DisableAntiVirus```
```
[SC] QueryServiceConfig SUCCESS
For example, in Group Policy:
SERVICE_NAME: WdBoot
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 BOOT_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\WdBoot.sys
LOAD_ORDER_GROUP : Early-Launch
TAG : 0
DISPLAY_NAME : Windows Defender Boot Driver
DEPENDENCIES :
SERVICE_START_NAME :
```
If the ELAM driver is disabled the output will be:
```
[SC] QueryServiceConfig SUCCESS
```<Key Path="SOFTWARE\Policies\Microsoft\Windows Defender"><KeyValue Value="0" ValueKind="DWord" Name="DisableAntiSpyware"/></Key>
```
- After clearing the policy, run the onboarding steps again on the endpoint.
SERVICE_NAME: WdBoot
TYPE : 1 KERNEL_DRIVER
START_TYPE : 0 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : \SystemRoot\system32\drivers\WdBoot.sys
LOAD_ORDER_GROUP : _Early-Launch
TAG : 0
DISPLAY_NAME : Windows Defender Boot Driver
DEPENDENCIES :
SERVICE_START_NAME :
```
- You can also check the following registry key values to verify that the policy is disabled:
#### Enable the ELAM driver
1. Open the registry ```key HKEY_LOCAL_MACHINE\ SOFTWARE\Policies\Microsoft\Windows Defender```.
2. Find the value ```DisableAntiSpyware```.
3. Ensure that the value is set to 0.
1. Open an elevated PowerShell console on the endpoint:
a. Click **Start**, type **powershell**.
b. Right-click **Command prompt** and select **Run as administrator**.
2. Run the following PowerShell cmdlet:
```text
'Set-ExecutionPolicy -ExecutionPolicy Bypass
```
3. Run the following PowerShell script:
```text
Add-Type @'
using System;
using System.IO;
using System.Runtime.InteropServices;
using Microsoft.Win32.SafeHandles;
using System.ComponentModel;
public static class Elam{
[DllImport("Kernel32", CharSet=CharSet.Auto, SetLastError=true)]
public static extern bool InstallELAMCertificateInfo(SafeFileHandle handle);
public static void InstallWdBoot(string path)
{
Console.Out.WriteLine("About to call create file on {0}", path);
var stream = File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read);
var handle = stream.SafeFileHandle;
Console.Out.WriteLine("About to call InstallELAMCertificateInfo on handle {0}", handle.DangerousGetHandle());
if (!InstallELAMCertificateInfo(handle))
{
Console.Out.WriteLine("Call failed.");
throw new Win32Exception(Marshal.GetLastWin32Error());
}
Console.Out.WriteLine("Call successful.");
}
}
'@
$driverPath = $env:SystemRoot + "\System32\Drivers\WdBoot.sys"
[Elam]::InstallWdBoot($driverPath)
```
![Image of registry key for Windows Defender](images/atp-disableantispyware-regkey.png)

6
windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
View File

@ -64,6 +64,12 @@ EU region:
See the topic [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md) for a list of event IDs that are reported by the Windows Defender ATP service. The topic also contains troubleshooting steps for event errors.
### Windows Defender ATP service fails to start after a reboot and shows error 577
If onboarding endpoints successfully completes but Windows Defender ATP does not start after a reboot and shows error 577, check that Windows Defender is not disabled by a policy.
For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
### Related topic
- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)

1
windows/manage/change-history-for-manage-and-update-windows-10.md
View File

@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
| New or changed topic | Description |
| --- | --- |
| [Quick guide to Windows as a service](waas-quick-start.md) | New |
| [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md) | Added video demonstration of the latest in modern management for Windows 10 |
## November 2016

3
windows/manage/index.md
View File

@ -14,6 +14,9 @@ author: jdeckerMS
Learn about managing and updating Windows 10.
>[!NOTE]
>Information for Windows 10 Enterprise also applies to Windows 10 IoT Enterprise, and information for Windows 10 Mobile Enterprise also applies to Windows 10 IoT Mobile. For information about managing devices running Windows 10 IoT Core, see [Windows 10 IoT Core Commercialization](https://www.windowsforiotdevices.com/).
## In this section
<table>

4
windows/manage/manage-windows-10-in-your-organization-modern-management.md
View File

@ -18,6 +18,10 @@ Your organization might have considered bringing in Windows 10 devices and downg
Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as System Center Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance.
<iframe width="560" height="315" src="https://www.youtube.com/embed/g1rIcBhhxpA" frameborder="0" allowfullscreen></iframe>
This topic offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. The topic covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
- [Deployment and Provisioning](#deployment-and-provisioning)

202
windows/manage/windows-store-for-business-overview.md
View File

@ -211,56 +211,162 @@ For more information, see [Manage settings in the Store for Business](../manage/
## Supported markets
Store for Business is currently available in these markets.
|Country or locale|Paid apps|Free apps|
|-----------------|---------|---------|
|Argentina|X|X|
|Australia|X|X|
|Austria|X|X|
|Belgium (Dutch, French)|X|X|
|Brazil| |X|
|Canada (English, French)|X|X|
|Chile|X|X|
|Columbia|X|X|
|Croatia|X|X|
|Czech Republic|X|X|
|Denmark|X|X|
|Finland|X|X|
|France|X|X|
|Germany|X|X|
|Greece|X|X|
|Hong Kong SAR|X|X|
|Hungary|X|X|
|India| |X|
|Indonesia|X|X|
|Ireland|X|X|
|Italy|X|X|
|Japan|X|X|
|Malaysia|X|X|
|Mexico|X|X|
|Netherlands|X|X|
|New Zealand|X|X|
|Norway|X|X|
|Philippines|X|X|
|Poland|X|X|
|Portugal|X|X|
|Romania|X|X|
|Russia| |X|
|Singapore|X|X|
|Slovakia|X|X|
|South Africa|X|X|
|Spain|X|X|
|Sweden|X|X|
|Switzerland (French, German)|X|X|
|Taiwan| |X|
|Thailand|X|X|
|Turkey|X|X|
|Ukraine| |X|
|United Kingdom|X|X|
|United States|X|X|
|Vietnam|X|X|
<table>
<tr>
<th align="center" colspan="4">Support for free and paid apps</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Algeria</li>
<li>Angola</li>
<li>Argentina</li>
<li>Australia</li>
<li>Austria</li>
<li>Bahamas</li>
<li>Bahrain</li>
<li>Bangladesh</li>
<li>Barbados</li>
<li>Belgium</li>
<li>Belize</li>
<li>Bermuda</li>
<li>Bolivia</li>
<li>Botswana</li>
<li>Brunei Darussalam</li>
<li>Bulgaria</li>
<li>Cameroon</li>
<li>Canada</li>
<li>Cape Verde</li>
<li>Cayman Islands</li>
<li>Chile</li>
<li>Colombia</li>
<li>Costa Rica</li>
<li>C&ocirc;te D'ivoire</li>
<li>Croatia</li>
<li>Cur&ccedil;ao</li>
<li>Cyprus</li>
<li>Czech Republic</li>
<li>Denmark</li>
</ul>
</td>
<td>
<ul>
<li>Dominican Republic</li>
<li>Ecuador</li>
<li>Egypt</li>
<li>El Salvador</li>
<li>Estonia</li>
<li>Faroe Islands</li>
<li>Fiji</li>
<li>Finland</li>
<li>France</li>
<li>Germany</li>
<li>Ghana</li>
<li>Greece</li>
<li>Guatemala</li>
<li>Honduras</li>
<li>Hong Kong</li>
<li>Hungary</li>
<li>Iceland</li>
<li>Indonesia</li>
<li>Iraq</li>
<li>Ireland</li>
<li>Israel</li>
<li>Italy</li>
<li>Jamaica</li>
<li>Japan</li>
<li>Jordan</li>
<li>Kenya</li>
<li>Kuwait</li>
<li>Latvia</li>
<li>Lebanon</li>
</ul>
</td>
<td>
<ul>
<li>Libya</li>
<li>Liechtenstein</li>
<li>Lithuania</li>
<li>Luxembourg</li>
<li>Malaysia</li>
<li>Malta</li>
<li>Mexico</li>
<li>Mongolia</li>
<li>Montenegro</li>
<li>Morocco</li>
<li>Namibia</li>
<li>Netherlands</li>
<li>New Zealand</li>
<li>Nicaragua</li>
<li>Nigeria</li>
<li>Norway</li>
<li>Oman</li>
<li>Pakistan</li>
<li>Palestinian Territory</li>
<li>Panama</li>
<li>Paraguay</li>
<li>Peru</li>
<li>Philippines</li>
<li>Poland</li>
<li>Portugal</li>
<li>Puerto Rico</li>
<li>Qatar</li>
<li>Romania</li>
<li>Rwanda</li>
</ul>
</td>
<td>
<ul>
<li>Saint Kitts and Nevis</li>
<li>Saudi Arabia</li>
<li>Senegal</li>
<li>Serbia</li>
<li>Singapore</li>
<li>Slovakia</li>
<li>Slovenia</li>
<li>South Africa</li>
<li>Spain</li>
<li>Sweden</li>
<li>Switzerland</li>
<li>Tanzania</li>
<li>Thailand</li>
<li>Trinidad and Tobago</li>
<li>Tunisia</li>
<li>Turkey</li>
<li>Uganda</li>
<li>United Arab Emirates</li>
<li>United Kingdom</li>
<li>United States</li>
<li>Uruguay</li>
<li>Viet Nam</li>
<li>Virgin Islands, U.S.</li>
<li>Zambia</li>
<li>Zimbabwe<br>&nbsp;<br>&nbsp;<br>&nbsp;<br>&nbsp;</li>
</ul>
</td>
</tr>
</table>
<table>
<tr>
<th align="center">Support for free apps only</th>
</tr>
<tr align="left">
<td>
<ul>
<li>Brazil</li>
<li>India</li>
<li>Russia</li>
<li>Taiwan</li>
<li>Ukraine</li>
</ul>
</td>
</tr>
</table>
## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business

1
windows/manage/working-with-line-of-business-apps.md
View File

@ -12,7 +12,6 @@ localizationpriority: high
# Working with line-of-business apps
**Applies to**
- Windows 10