deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 15:27:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' into v-smandalika-5494946

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2021-11-04 12:47:51 -07:00 committed by GitHub
commit bb2f78ef30
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
50 changed files with 289 additions and 1429 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
.openpublishing.redirection.json
View File

@ -1,5 +1,75 @@
{
"redirections": [
{
"source_path": "windows/configuration/wcd/wcd-textinput.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-shell.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-rcspresence.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-otherassets.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-nfc.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-multivariant.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-modemconfigurations.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-messaging.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-internetexplorer.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-initialsetup.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-deviceinfo.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-calling.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-callandmessagingenhancement.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-automatictime.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/configuration/wcd/wcd-theme.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",

1
windows/client-management/mdm/index.md
View File

@ -40,6 +40,7 @@ The MDM security baseline includes policies that cover the following areas:
For more details about the MDM policies defined in the MDM security baseline and what Microsofts recommended baseline policy values are, see:
- [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1909](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1909-MDM-SecurityBaseLine-Document.zip)
- [MDM Security baseline for Windows 10, version 1903](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/1903-MDM-SecurityBaseLine-Document.zip)

4
windows/client-management/mdm/windows-mdm-enterprise-settings.md
View File

@ -12,12 +12,12 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
ms.date: 11/02/2021
---
# Enterprise settings, policies, and app management
The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://go.microsoft.com/fwlink/p/?LinkId=267526).
The actual management interaction between the device and server is done via the DM client. The DM client communicates with the enterprise management server via DM v1.2 SyncML syntax. The full description of the OMA DM protocol v1.2 can be found at the [OMA website](https://www.openmobilealliance.org/release/DM/V1_2-20070209-A/OMA-TS-DM_Protocol-V1_2-20070209-A.pdf).
Windows currently supports one MDM server. The DM client that is configured via the enrollment process is granted access to enterprise related settings. Enterprise MDM settings are exposed via various configuration service providers to the DM client. For the list of available configuration service providers, see [Configuration service provider reference](configuration-service-provider-reference.md).

10
windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 10/11/2021
ms.date: 11/02/2021
ms.reviewer:
manager: dansimp
---
@ -266,7 +266,7 @@ ADMX Info:
<!--/ADMXMapped-->
<a href="" id="status"></a>**Status**
Returns bitmask that indicates status of Application Guard installation and pre-requisites on the device.
Returns bitmask that indicates status of Application Guard installation for Microsoft Edge and prerequisites on the device.
Value type is integer. Supported operation is Get.
@ -275,11 +275,13 @@ Value type is integer. Supported operation is Get.
- Bit 2 - Set to 1 when the client machine has a valid OS license and SKU.
- Bit 3 - Set to 1 when Application Guard installed on the client machine.
- Bit 4 - Set to 1 when required Network Isolation Policies are configured.
> [!IMPORTANT]
> If you are deploying Application Guard via Intune, Network Isolation Policy must be configured to enable Application Guard for Microsoft Edge.
- Bit 5 - Set to 1 when the client machine meets minimum hardware requirements.
- Bit 6 - Set to 1 when system reboot is required.
- Bit 6 - Set to 1 when system reboot is required.
<a href="" id="platformstatus"></a>**PlatformStatus**
Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device.
Added in Windows 10, version 2004. Applies to Microsoft Office/Generic platform. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device.
Value type is integer. Supported operation is Get.

40
windows/configuration/TOC.yml
View File

@ -190,14 +190,8 @@
href: wcd/wcd-admxingestion.md
- name: AssignedAccess
href: wcd/wcd-assignedaccess.md
- name: AutomaticTime
href: wcd/wcd-automatictime.md
- name: Browser
href: wcd/wcd-browser.md
- name: CallAndMessagingEnhancement
href: wcd/wcd-callandmessagingenhancement.md
- name: Calling
href: wcd/wcd-calling.md
- name: CellCore
href: wcd/wcd-cellcore.md
- name: Cellular
@ -218,8 +212,6 @@
href: wcd/wcd-developersetup.md
- name: DeviceFormFactor
href: wcd/wcd-deviceformfactor.md
- name: DeviceInfo
href: wcd/wcd-deviceinfo.md
- name: DeviceManagement
href: wcd/wcd-devicemanagement.md
- name: DeviceUpdateCenter
@ -236,10 +228,6 @@
href: wcd/wcd-folders.md
- name: HotSpot
href: wcd/wcd-hotspot.md
- name: InitialSetup
href: wcd/wcd-initialsetup.md
- name: InternetExplorer
href: wcd/wcd-internetexplorer.md
- name: KioskBrowser
href: wcd/wcd-kioskbrowser.md
- name: Licensing
@ -247,23 +235,13 @@
- name: Location
href: wcd/wcd-location.md
- name: Maps
href: wcd/wcd-maps.md
- name: Messaging
href: wcd/wcd-messaging.md
- name: ModemConfigurations
href: wcd/wcd-modemconfigurations.md
- name: Multivariant
href: wcd/wcd-multivariant.md
href: wcd/wcd-maps.md
- name: NetworkProxy
href: wcd/wcd-networkproxy.md
- name: NetworkQOSPolicy
href: wcd/wcd-networkqospolicy.md
- name: NFC
href: wcd/wcd-nfc.md
href: wcd/wcd-networkqospolicy.md
- name: OOBE
href: wcd/wcd-oobe.md
- name: OtherAssets
href: wcd/wcd-otherassets.md
href: wcd/wcd-oobe.md
- name: Personalization
href: wcd/wcd-personalization.md
- name: Policies
@ -271,13 +249,9 @@
- name: Privacy
href: wcd/wcd-privacy.md
- name: ProvisioningCommands
href: wcd/wcd-provisioningcommands.md
- name: RcsPresence
href: wcd/wcd-rcspresence.md
href: wcd/wcd-provisioningcommands.md
- name: SharedPC
href: wcd/wcd-sharedpc.md
- name: Shell
href: wcd/wcd-shell.md
href: wcd/wcd-sharedpc.md
- name: SMISettings
href: wcd/wcd-smisettings.md
- name: Start
@ -293,9 +267,7 @@
- name: TabletMode
href: wcd/wcd-tabletmode.md
- name: TakeATest
href: wcd/wcd-takeatest.md
- name: TextInput
href: wcd/wcd-textinput.md
href: wcd/wcd-takeatest.md
- name: Time
href: wcd/wcd-time.md
- name: UnifiedWriteFilter

70
windows/configuration/wcd/wcd-automatictime.md
View File

@ -1,70 +0,0 @@
---
title: AutomaticTime (Windows 10)
description: This section describes the AutomaticTime settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---
# AutomaticTime (Windows Configuration Designer reference)
Use these settings to configure automatic time updates. Mobile devices primarily rely on Network Identify and Time zone (NITZ), which is provided by the mobile operator, to automatically update the time on the device. When NITZ is available from the cellular network, there are no issues maintaining accurate time in devices. However, for devices that do not have a SIM or have had the SIM removed for some time, or for devices that have a SIM but NITZ is not supported, the device may run into issues maintaining accurate time on the device.
The OS includes support for Network Time Protocol (NTP), which enables devices to receive time when NITZ is not supported or when cellular data is not available. NTP gets the time by querying a server at a specified time interval. NTP is based on Coordinated Universal Time (UTC) and doesn't support time zone or daylight saving time so users will need to manually update the time zone after an update from NTP if users move between time zones.
## Applies to
| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [EnableAutomaticTime](#enableautomatictime) | | ✔️ | | | |
| [NetworkTimeUpdateThreshold](#networktimeupdatethreshold) | | ✔️ | | | |
| [NTPEnabled](#ntpenabled) | | ✔️ | | | |
| [NTPRegularSyncInterval](#ntpregularsyncinterval) | | ✔️ | | | |
| [NTPRetryInterval](#ntpretryinterval) | | ✔️ | | | |
| [NTPServer](#ntpserver) | | ✔️ | | | |
| [PreferredSlot](#preferredslot) | | ✔️ | | | |
## EnableAutomaticTime
Set to **True** to enable automatic time and to **False** to disable automatic time.
## NetworkTimeUpdateThreshold
Specify the difference (in number of seconds) between the NITZ information and the current device time before a device time update is triggered.
## NTPEnabled
Set to **True** to enable the NTP client and to **False** to disable the NTP client.
## NTPRegularSyncInterval
Set the regular sync interval for phones that are set to use Network Time Protocol (NTP) time servers. Select a value between `1` and `168` hours, inclusive, The default sync interval is `12` hours.
## NTPRetryInterval
Set the retry interval if the regular sync fails. Select a value between `1` and `24` hours, inclusive.
## NTPServer
Change the default NTP server for phones that are set to use NTP. To enumerate the NTP source server(s) used by the NTP client, set the value for NTPServer to a list of server names, delimited by semi-colons.
**Example**:
`ntpserver1.contoso.com;ntpserver2.fabrikam.com;ntpserver3.contoso.com`
The list should contain one or more server names. The default NTP source server value is `time.windows.com`.
## PreferredSlot
Specify which UICC slot will be preferred for NITZ handling on a C+G dual SIM phone.
- Set to `0` to use the UICC in Slot 0 for NITZ handling.
- Set to '1' to use the UICC in Slot 1 for NITZ handling.

42
windows/configuration/wcd/wcd-callandmessagingenhancement.md
View File

@ -1,42 +0,0 @@
---
title: CallAndMessageEnhancement (Windows 10)
description: This section describes the CallAndMessagingEnhancement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/21/2017
ms.reviewer:
manager: dansimp
---
# CallAndMessagingEnhancement (Windows Configuration Designer reference)
Use to configure call origin and blocking apps.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [BlockingApp](#blockingapp) | | ✔️ | | | |
| [CallOriginApp](#calloriginapp) | | ✔️ | | | |
## BlockingApp
| Setting | Value | Description |
| --- | --- | --- |
| ActiveBlockingAppUserModelId | AUMID | The AUMID of the application that will be set as the active blocking app by default. |
| DefaultBlockingAppUserModelId | AUMID | The AUMID of the application that the OS will select as the active blocking app if the user uninstalls the current active blocking app. This app should be uninstallable. |
## CallOriginApp
| Setting | Value | Description |
| --- | --- | --- |
| ActiveCallOriginAppUserModelId | AUMID | The AUMID of the application to be set as the active call origin provider app by default. |
| DefaultCallOriginAppUserModelId | AUMID | The AUMID of the application that the OS will select as the active call origin provider app if the user uninstalls the current active call origin app. This app should be uninstallable. |

213
windows/configuration/wcd/wcd-calling.md
View File

@ -1,213 +0,0 @@
---
title: Calling (Windows 10)
description: This section describes the Calling settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---
# Calling (Windows Configuration Designer reference)
Use to configure settings for Calling.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | ✔️ | | | |
## Branding
See [Branding for phone calls](/windows-hardware/customize/mobile/mcsf/branding-for-phone-calls).
## CallIDMatchOverrides
Enter a GEOID, select **Add**, and then enter the number of digits for matching caller ID.
For a list of GEOID codes and default number of digits for each country/region, see [Overriding the OS default minimu number of digits for caller ID matching](/windows-hardware/customize/mobile/mcsf/caller-id-matching#a-href-idoverriding-os-default-min-number-digitsaoverriding-the-os-default-minimum-number-of-digits-for-caller-id-matching).
## CauseCodeRegistrationTable
See [Cause codes](/windows-hardware/customize/mobile/mcsf/cause-codes).
## CDMAHeuristics
CDMA Heuristics (on by default) makes CDMA calling more user-friendly by exposing an interface that supports multiple calls with call waiting, swapping, and three-way calling.
For **CDMAPriorityCallPrefix**, enter a custom call prefix that would allow the user to override an ongoing call with a remote party mostly used in emergency services and law enforcement.
Set **DisableCdmaHeuristics** to **True** to disable the built-in heuristics.
## PartnerAppSupport
See [Dialer codes to launch diagnostic applications](/windows-hardware/customize/mobile/mcsf/dialer-codes-to-launch-diagnostic-applications).
## PerSimSettings
Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, select **Add**, and then configure the following settings.
### Critical
Setting | Description
--- | ---
MOSimFallbackVoicemailNumber | Partners who do not have the voicemail numbers on the device SIM can configure the voicemail number for their devices. If the voicemail number is not on the SIM and the registry key is not set, the default voicemail will not be set and the user will need to set the number. Set MOSimFallbackVoicemailNumber to the voicemail number that you want to use for the phone.
SimOverrideVoicemailNumber | Mobile operators can override the voicemail number on the UICC with a different voicemail number that is configured in the registry. Set SimOverrideVoicemailNumber to a string that contains the digits of the voicemail number to use instead of the voicemail number on the UICC.
### General
Setting | Description
--- | ---
AllowMixedAudioVideoConferencing | Set as **True** to enable audio and video calls in the same conference.
AllowVideoConferencing | Set as **True** to enable the ability to conference video calls.
AutoDismissUssedWaitingDialog | Set as **True** to enable automatic dismissal of "Waiting" dialog on USSD session termination.
CallerIdBlockingPrefixList | Enter a list of prefixes which will not see the caller ID. Use a semicolon (;) as a delimiter.
DefaultCallerIdSetting | Configure the default setting for caller ID. Select between `No one`, `Only contacts`, `Every one`, and `Network default`. If set to `Network default`, set `ShowCallerIdNetworkDefaultSetting` to **True**.
DefaultEnableVideoCalling | Set as **True** to enable LTE video calling as the default setting.
DefaultEnableVideoCapability | Set as **True** to enable LTE video capability sharing as the default setting.
EnableSupplementaryServiceEraseToDeactivateOverride | Enables conversion of supplementary service erase commands to deactivate commands.
IgnoreCallerIdBlockingPrefix | DO NOT USE
IgnoreMWINotifications | Set as **True** to configure the voicemail system so the phone ignores message waiting indicator (MWI) notifications.
IgnoreProhibitedDialingPrefix | Ignore prohibited dialing prefix. An OEM/MO can specify a certain set of strings by region that when dialed will block a user's caller ID from being displayed on the device receiving the call. The list is separated by semicolon. This setting does not apply beyond Windows 10, version 1709.
IgnoreUssdExclusions | Set as **True** to ignore Unstructured Supplementary Service Data (USSD) exclusions.
ProhibitedDialingPrefixList | A semicolon delimited list of previxes that are prohibited from being dialed.
ResetCallForwarding | When set to **True**, user is provided with an option to retry call forwarding settings query.
ShowCallerIdNetworkDefaultSetting | Indicates whether the network default setting can be allowed for outgoing caller ID.
ShowVideoCallingSwitch | Use to specify whether to show the video capability sharing switch on the mobile device's Settings screen.
ShowVideoCapabilitySwitch | Configure the phone settings to show the video capability sharing switch.
SupressVideoCallingChargesDialog | Configure the phone settings CPL to suppress the video calling charges dialog.
UssdExclusionList | List used to exclude predefined USSD entries, allowing the number to be sent as standard DTMF tones instead. Set UssdExclusionList to the list of desired exclusions, separated by semicolons. For example, setting the value to 66;330 will override 66 and 330. Leading zeros are specified by using F. For example, to override code 079, set the value to F79. If you set UssdExclusionList, you must set IgnoreUssdExclusions as well. Otherwise, the list will be ignored. See [List of USSD codes](#list-of-ussd-codes) for values.
WiFiCallingOperatorName | Enter the operator name to be shown when the phone is using WiFi calling. If you don't set a value for WiFiCallingOperatorName, the device will always display **SIMServiceProviderName Wi-Fi**, where *SIMServiceProviderName* is a string that corresponds to the SPN for the SIM on the device. If the service provider name in the SIM is not set, only **Wi-Fi** will be displayed.
### HDAudio
To customize call progress branding when a call is made using a specific audio codec, select the audio codec from the dropdown menu and select **Add**. Select the codec in **Available Customizations** and then enter a text string (up to 10 characters) to be used for call progress branding for calls using that codec. For more information, see [Use HD audio codec for call branding](/windows-hardware/customize/mobile/mcsf/use-hd-audio-codec-for-call-branding).
### IMSSubscriptionUpdate
These are Verizon/Sprint-only settings to allow the operator to send an OMA-DM update to the device with the given alert characteristics, which are defined between the mobile operator and OEM, which in turn will inform the device to turn on or off IMS.
### RoamingNumberOverrides
See [Dial string overrides when roaming](/windows-hardware/customize/mobile/mcsf/dial-string-overrides-when-roaming).
## PhoneSettings
Setting | Description
--- | ---
AdjustCDMACallTime | Change the calculation of CDMA call duration to exclude the time before the call connects.
AssistedDialSetting | Turn off the international assist feature that helps users with the country codes needed for dialing international phone numbers.
CallIDMatch | Sets the number of digits that the OS will try to match against contacts for Caller ID. For any country/region that doesn't exist in the default mapping table, mobile operators can use this legacy CallIDMatch setting to specify the minimum number of digits to use for matching caller ID.
CallRecordingOff | Indicates if call recording is turned off. Users will not see the call recording functionality when this is set to **True**.
ConferenceCallMaximumPartyCount | Enter a number to limit the number of parties that can participate in a conference call.
ContinuousDTMFEnabled | Enable DTMF tone duration for as long as the user presses a dialpad key.
DisableVideoUpgradeStoreNavigation | If there are no compatible video upgrade apps installed, tapping the video upgrade button will launch a dialog that will navigate to the Microsoft Store. If this option is enabled, it will show a dialog that informs the user that no video app is installed, but it will not navigate to the Microsoft Store.
DisableVoicemailPhoneNumberDisplay | Disable the display of the voicemail phone number below the Voicemail label in call progress dialog.
DisplayNoDataMessageDuringCall | Display a message to the user indicating that there is no Internet connectivity during a phone call.
DisplayNumberAsDialed | Display the outgoing number "as dialed" rather than "as connected".
EnableVideoCalling | Set to **True** to enable video calling.
HideCallForwarding | Partners can hide the user option to turn on call forwarding. By default, users can decide whether to turn on call forwarding. Partners can hide this user option so that call forwarding is permanently disabled.
HideSIMSecurityUI | Hide the SIM Security panel from phone Settings.
LowVideoQualityTimeout | Configure the phone timer to automatically drop video when the quality is low, in milliseconds.
MinTimeBetweenCallSwaps | Configure how often the user can swap between two active phone calls, in milliseconds.
PromptVideoCallingCharges | Prompt user for charges associated with video calls.
ShowLongTones | Partners can make a user option visible that makes it possible to toggle between short and long DTMF tones, instead of the default continuous tones. By default, the phone supports Dual-Tone Multi-frequency (DTMF) with continuous tones. Partners can make a user option visible that makes it possible to toggle between short and long tones instead.
UseOKForUssdDialogs | OEMs can change the button label in USSD dialogs from **Close** (the default) to **OK**.
UseVoiceDomainForEmergencyCallBranding | Use voice domain to decide whether to use **Emergency calls only** or **No service** in branding.
VideoCallingChargesMessage | Enter text for the message informing the user about the charges associated with video calls.
VideoCallingChargesTitle | Enter text for the title of the dialog informing the user about the charges associated with video calls.
VideoCallingDescription | Enter text to describe the video calling feature.
VideoCallingLabel | Enter text to describe the video calling toggle.
VideoCapabilityDescription | Enter text to describe the video capability feature.
VideoCapabilityLabel | Enter text to describe the video capability toggle.
VideoTransitionTimeout | Enter the time in milliseconds to check how long the video transition state will remain until the remote party responds. The minimum value is 10000 and the maximum value is 30000.
VoLTEAudioQualityString | Partners can add a string to the call progress screen to indicate if the active call is a high quality voice over LTE (VoLTE). Set the value of VoLTEAudioQualityString to the string that you want to display in the call progress screen to indicate that the call is a VoLTE call. This string is combined with the PLMN so if the string is "VoLTE", the resulting string is "PLMN_String VoLTE". For example, the string displayed in the call progress screen can be "Litware VoLTE" if the PLMN_String is "Litware". The value you specify for VoLTEAudioQualityString must exceed 10 characters.
## PhoneShellUI
Setting | Description
--- | ---
EnableSoftwareProximitySensorMitigation | Enable software proximity sensor mitigation.
## PhoneSmsFilter
Setting | Description
--- | ---
AppId | Enter the app ID for your phone call/SMS filter application.
## SupplementaryServiceCodeOverrides
See [Dialer codes for supplementary services](/windows-hardware/customize/mobile/mcsf/dialer-codes-for-supplementary-services).
## List of USSD codes
Codes | Description | DWORD Value
--- | --- | ---
04 | CHANGEPIN | 000000F4
042 | CHANGEPIN2 | 00000F42
05 | UNBLOCKPIN | 000000F5
052 | UNBLOCKPIN2 | 00000F52
03 | SSCHANGEPASSWORD | 000000F3
75 | EMLPPBASE | 00000075
750 | EMLPPLEVEL0 | 00000750
751 | EMLPPLEVEL1 | 00000751
752 | EMLPPLEVEL2 | 00000752
753 | EMLPPLEVEL3 | 00000753
754 | EMLPPLEVEL4 | 00000754
66 | CALLDEFLECT | 00000066
30 | CALLIDCLIP | 00000030
31 | CALLIDCLIR | 00000031
76 | CALLIDCOLP | 00000076
77 | CALLIDCOLR | 00000077
21 | FWDUNCONDITIONAL | 00000021
67 | FWDBUSY | 00000067
61 | FWDNOREPLY | 00000061
62 | FWDNOTREACHABLE | 00000062
002 | FWDALL | 00000FF2
004 | FWDALLCONDITIONAL | 00000FF4
43 | CALLWAITING | 00000043
360 | UUSALL | 00000360
361 | UUSSERVICE1 | 00000361
362 | UUSSERVICE2 | 00000362
363 | UUSSERVICE3 | 00000363
33 | BARROUT | 00000033
331 | BARROUTINTL | 00000331
332 | BARROUTINTLEXTOHOME | 00000332
35 | BARRIN | 00000035
351 | BARRINROAM | 00000351
330 | BARRALL | 00000330
333 | BARRALLOUT | 00000333
353 | BARRALLIN | 00000353
354 | BARRINCOMINGINTERMEDIATE | 00000354
96 | CALLTRANSFER | 00000096
37 | CALLCOMPLETEBUSY | 00000037
070 | PNP0 | 00000F70
071 | PNP1 | 00000F71
072 | PNP2 | 00000F72
073 | PNP3 | 00000F73
074 | PNP4 | 00000F74
075 | PNP5 | 00000F75
076 | PNP6 | 00000F76
077 | PNP7 | 00000F77
078 | PNP8 | 00000F78
079 | PNP9 | 00000F79
300 | CALLCNAP | 00000300
591 | MSP1 | 00000591
592 | MSP2 | 00000592
593 | MSP3 | 00000593
594 | MSP4 | 00000594

66
windows/configuration/wcd/wcd-deviceinfo.md
View File

@ -1,66 +0,0 @@
---
title: DeviceInfo (Windows 10)
description: This section describes the DeviceInfo settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/21/2017
ms.reviewer:
manager: dansimp
---
# DeviceInfo (Windows Configuration Designer reference)
Use to configure settings for DeviceInfo.
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | ✔️ | | | |
## PhoneMobileOperatorDisplayName
Enter a friendly name for the mobile operator. This string is displayed in the support section of the **Settings > About** screen and in the ringtone list.
## PhoneMobileOperatorName
This setting is used for targeting phone updates. It must contain a code specified by Microsoft that corresponds to the mobile operator. These codes are provided in [Registry values for mobile operator IDs](https://msdn.microsoft.com/library/windows/hardware/dn772250.aspx). For open market phones, in which the mobile operator is not known, use the codes in [Registry values for carrier-unlocked phones](https://msdn.microsoft.com/library/windows/hardware/dn772248.aspx) instead.
This string is not visible to the user.
This setting must not be changed over time even if the user switches SIMs or mobile operators, as updates are always targeted based on the first mobile operator associated with the phone.
The [PhoneManufacturer](/previous-versions/windows/hardware/previsioning-framework/mt138328(v=vs.85)), [PhoneManufacturerModelName](/previous-versions/windows/hardware/previsioning-framework/mt138336(v=vs.85)), and PhoneMobileOperatorName should create a unique Phone-Operator-Pairing (POP).
## PhoneOEMSupportLink
This should be a functional link that starts with http://. The link should be a URL that redirects to the mobile version of the web page. The content in the webpage should reflow to the screen width. This can be achieved by adding the CSS Tag `"@-ms-viewport { width: device-width; }"`.
The default is an empty string (""), which means that a support link will not be displayed to the user.
This setting varies by OEM.
## PhoneSupportLink
This should be a functional link that starts with http://. The link should be a URL that redirects to the mobile version of the web page. The content in the webpage should reflow to the screen width. This can be achieved by adding the CSS Tag `"@-ms-viewport { width: device-width; }"`.
The default is an empty string (""), which means that a support link will not be displayed to the user.
This setting varies by OEM.
## PhoneSupportPhoneNumber
Use to specify the OEM or mobile operator's support contact phone number. The country code is not required. This string is displayed in the About screen in Settings. This setting also corresponds to the Genuine Windows Phone Certificates (GWPC) support number.

33
windows/configuration/wcd/wcd-initialsetup.md
View File

@ -1,33 +0,0 @@
---
title: InitialSetup (Windows 10)
description: This section describes the InitialSetup setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---
# InitialSetup (Windows Configuration Designer reference)
Use to set the name of the Windows mobile device.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| DeviceName | | ✔️ | | | |
In **DeviceName**, enter a name for the device. If **DeviceName** is set to an asterisk (*) or is an empty string, a random device name will be generated.
**DeviceName** is a string with a maximum length of 15 bytes of content:
- **DeviceName** can use ASCII characters (1 byte each) and/or multi-byte characters such as Kanji, so long as you do not exceed 15 bytes of content.
- **DeviceName** cannot use spaces or any of the following characters: { | } ~ [ \ ] ^ ' : ; < = > ? @ ! " # $ % ` ( ) + / . , * &, or contain any spaces.
- **DeviceName** cannot use some non-standard characters, such as emoji.

98
windows/configuration/wcd/wcd-internetexplorer.md
View File

@ -1,98 +0,0 @@
---
title: InternetExplorer (Windows 10)
description: This section describes the InternetExplorer settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---
# InternetExplorer (Windows Configuration Designer reference)
Use to configure settings related to Internet Explorer.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [CustomHTTPHeaders](#customhttpheaders) | | ✔️ | | | |
| [CustomUserAgentString](#customuseragentstring) | | ✔️ | | | |
| DataSaving > [BrowseDataSaver](#browsedatasaver) | | ✔️ | | | |
| DataSaving > [ShowPicturesAutomatically](#showpicturesautomatically) | | ✔️ | | | |
| [FirstRunURL](#firstrunurl) | | ✔️ | | | |
## CustomHTTPHeaders
Configure Microsoft Edge to send custom HTTP headers. These will be sent in addition to the default HTTP headers with all HTTP and HTTPS requests. The header is the portion of the HTTP request that defines the form of the message.
- A maximum of 16 custom headers can be defined.
- Custom headers cannot be used to modify the user agent string.
- Each header must be no more than 1 KB in length.
The following header names are reserved and must not be overwritten:
- Accept
- Accept-Charset
- Accept-Encoding
- Authorization
- Expect
- Host
- If-Match
- If-Modified-Since
- If-None-Match
- If-Range
- If-Unmodified-Since
- Max-Forwards
- Proxy-Authorization
- Range
- Referer
- TE
- USER-AGENT
- X-WAP-PROFILE
1. In **Available customizations**, select **CustomHTTPHeaders**, enter a name, and then click **Add**.
2. In **Available customizations**, select the name that you just created.
3. Enter the custom header.
## CustomUserAgentString
The user agent string indicates which browser you are using, its version number, and details about your system, such as operating system and version. A web server can use this information to provide content that is tailored for your specific browser and phone.
The user agent string for the browser cannot be modified. By default, the string has the following format:
`Mozilla/5.0 (Windows Phone 10.0; Android 4.2.1; <Manufacturer>; <Device>) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Mobile Safari/537.36 Edge/12.10166`
- `<Manufacturer>` is automatically replaced with the OEM name. This is the same as the PhoneManufacturer setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
- `<Device>` is replaced with the device name or phone name. This is the same as the PhoneModelName setting value that is set as part of the customization Phone metadata in DeviceTargetingInfo.
**Limitations and restrictions:**
- The user agent string for the browser cannot be modified outside of the customizations listed above.
- The user agent type registry setting cannot be modified or used to change the default browser view from Mobile to Desktop.
## BrowseDataSaver
Use to set the browser data saver default setting. **True** turns on the browser data saver feature.
Partners can configure the default setting for the browser data saver feature by turning the browser optimization service (through the BrowserDataSaver setting) on or off.
## ShowPicturesAutomatically
Use to enable or disable whether the **Show pictures automatically** setting is available in Internet Explorer **advanced settings**.
## FirstRunURL
Use to set the home page that appears the first time that Microsoft Edge is opened. This page is only shown the first time the browser is opened. After that, the browser displays either the most recently viewed page or an empty page if the user has closed all tabs or opens a new tab.
Specify the **FirstRunURL** value with a valid link that starts with http://. It is recommended you use a forward link that redirects the user to a localized page.

354
windows/configuration/wcd/wcd-messaging.md
View File

@ -1,354 +0,0 @@
---
title: Messaging (Windows 10)
description: This section describes the Messaging settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: dansimp
---
# Messaging (Windows Configuration Designer reference)
Use for settings related to Messaging and Commercial Mobile Alert System (CMAS).
>[!IMPORTANT]
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
>[!NOTE]
>CMAS is now known as Wireless Emergency Alerts (WEA).
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | ✔️ | | | |
## GlobalSettings
### DisplayCmasLifo
Use this setting to change the order in which CMAS alert messages are displayed, from the default first in/first out (FIFO) message order to last in/first out (LIFO) message order.
If the phone receives at least one CMAS alert message which has not been acknowledged by the user, and another CMAS alert message arrives on the phone, partners can configure the order in which the newly received alert messages are displayed on the phone regardless of the service category of the alert. Users will not be able to change the message order once it has been set.
If partners do not specify a value for this customization, the default FIFO display order is used. Users will be able to acknowledge the messages in the reverse order they were received.
When configured as **True**, you set a LIFO message order. When configured as **False**, you set a FIFO message order.
### EnableCustomLineSetupDialog
Enable this setting to allow custom line setup dialogs in the Messaging app.
### ExtractPhoneNumbersInStrings"
Set as **True** to tag any 5-or-more digit number as a tappable phone number.
### ShowSendingStatus
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Set **ShowSendingStatus** to **True** to display the sending status for SMS/MMS messages.
### VoicemailIntercept
Partners can define a filter that intercepts an incoming SMS message and triggers visual voicemail synchronization. The filtered message does not appear in the users conversation list.
A visual voicemail sync is triggered by an incoming SMS message if the following conditions are met:
- The message sender value starts with the string specified in the SyncSender setting. The length of the specified values must be greater than 3 characters but less than 75 characters.
- The body of the message starts with the string specified in the SyncPrefix setting. The length of the specified values must be greater than 3 characters but less than 75 characters.
- Visual voicemail is configured and enabled. For more information, see [Visual voicemail](https://msdn.microsoft.com/library/windows/hardware/dn790032.aspx).
>[!NOTE]
>These settings are atomic, so both SyncSender and SyncPrefix must be set.
>
>The SyncSender and SyncPrefix values vary for each mobile operator, so you must work with your mobile operators to obtain the correct or required values.
Setting | Description
--- | ---
SyncPrefix | Specify a value for SyncPrefix that is greater than 3 characters but less than 75 characters in length. For networks that support it, this value can be the keyword for the SMS notification.
SyncSender | Specify a value for SyncSender that is greater than 3 characters but less than 75 characters in length. For networks that support it, this value can be a short code of the mailbox server that sends a standard SMS notification.
## PerSimSettings
Use to configure settings for each subscriber identification module (SIM) card. Enter the Integrated Circuit Card Identifier (ICCID) for the SIM card, click **Add**, and then configure the following settings.
### AllowMmsIfDataIsOff
Setting | Description
--- | ---
AllowMmsIfDataIsOff | **True** allows MMS if data is off
AllowMmsIfDataIsOffSupported | **True** shows the toggle for allowing MMS if data is turned off
AllowMmsIfDataIsOffWhileRoaming | **True** allows MMS if data is off while roaming
### AllowSelectAllContacts
>[!NOTE]
>This setting is removed in Windows 10, version 1709, and later.
Set to **True** to show the select all contacts/unselect all menu option to allow users to easily select multiple recipients for an SMS or MMS message. This menu option provides users with an easier way to add multiple recipients and may also meet a mandatory requirement for some mobile operator networks.
### AllowSendingDeliveryReport
Specify whether the phone automatically sends a receipt acknowledgment for MMS messages. Partners can specify whether the phone automatically sends a receipt acknowledgment for MMS messages when they arrive, and they can determine whether users can control the receipt acknowledgments by using the **Send MMS acknowledgment** toggle in **Messaging > settings**. By default, this user setting is visible and turned on.
| Setting | Description |
| --- | --- |
| AllowSendingDeliveryReport | **True** sets the **Send MMS acknowledgment** toggle to **On** |
| AllowSendingDeliveryReportIsSupported | **True** shows the **Send MMS acknowledgment** toggle, and **False** hides the toggle |
### AutomaticallyDownload
Specify whether MMS messages are automatically downloaded.
| Setting | Description |
| --- | --- |
| AutomaticallyDownload | **True** sets the **Automatically download MMS** toggle to **On** |
| ShowAutomaticallyDownloadMMSToggle | **True** shows the **Automatically download MMS** toggle, and **False** hides the toggle |
### DefaultContentLocationUrl
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
For networks that require it, you can specify the default GET path within the MMSC to use when the GET URL is missing from the WAP push MMS notification.
Set **DefaultContentLocationUrl** to specify the default GET path within the MMSC.
### ErrorCodeEnabled
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can choose to display additional content in the conversation view when an SMS or MMS message fails to send. This content includes a specific error code in decimal format that the user can report to technical support. Common errors also include a friendly string to help the user self-diagnose and fix the problem.
Set to **True** to display the error message with an explanation of the problem and the decimal-format error codes. When set to **False**, the full error message is not displayed.
### EmergencyAlertOptions
Configure settings for CMAS alerts.
Setting | Description
--- | ---
CmasAMBERAlertEnabled | **True** enables the device to receive AMBER alerts
CmasExtremeAlertEnabled | **True** enables the device to receive extreme alerts
CmasSevereAlertEnabled | **True** enables the device to receive severe alerts
EmOperatorEnabled | Select which Emergency Alerts Settings page is displayed from dropdown menu
EtwsSoundEnabled | Set to **True** to play Earthquake & Tsunami Warning System (ETWS) sound during alert.
SevereAlertDependentOnExtremeAlert | When set as **True**, the CMAS-Extreme alert option must be on to modify CMAS-Severe alert option
### General
Setting | Description
--- | ---
AllowSelectAllContacts | Set to **True** to show the **select all contacts/unselect all** menu option to allow users to easily select multiple recipients for an SMS or MMS message. This menu option provides users with an easier way to add multiple recipients and may also meet a mandatory requirement for some mobile operator networks.
AllowSMStoSMTPAddress | Allow SMS to SMTP address.
AssistedDialingMcc | By setting AssistedDialingMcc and AssistedDialingMnc, international assisted dialing will be enabled for SMS if the user setting for international assisted dialing is enabled. Enter the Mobile Country Code (MCC) to use for sending SMS.
AssistedDialingMnc | By setting AssistedDialingMcc and AssistedDialingMnc, international assisted dialing will be enabled for SMS if the user setting for international assisted dialing is enabled. Enter the Mobile Network Code (MNC) to use for sending SMS.
AssistedDialingPlusCodeSupportOverride | For devices that support IMS over SMS, you can override support for the assisted dialing plus (+) code for SMS by setting AssistedDialingPlusCodeSupportOverride. If enabled, the OS will not convert the plus (+) code to the proper assisted number when the user turns on the dialing assist option.
AutoRetryDownload | You can configure the messaging app to automatically retry downloading an MMS message if the initial download attempt fails. When this customization is enabled, the download is retried 3 times at 20-, 40-, and 60-second intervals.
BroadcastChannels | You can specify one or more ports from which the device will accept cellular broadcast messages. Set the BroadcastChannels value to the port number(s) that can accept cellular broadcast messages.
ConvertLongSMStoMMS | For networks that do support MMS and do not support segmentation of SMS messages, you can specify an automatic switch from SMS to MMS for long messages.
DefaultContentLocationUrl | For networks that require it, you can specify the default GET path within the MMSC to use when the GET URL is missing from the WAP push MMS notification. Set DefaultContentLocationUrl to specify the default GET path within the MMSC.
EarthquakeMessageString | To override the Primary Earthquake default message, specify the EarthquakeMessageString setting value. This string will be used regardless of what language is set on the device.
EarthquakeTsunamiMessageString| To override the Primary Tsunami and Earthquake default message, specify the EarthquakeTsunamiMessageString setting value. This string will be used regardless of what language is set on the device.
ErrorCodeEnabled | You can choose to display additional content in the conversation view when an SMS or MMS message fails to send. This content includes a specific error code in decimal format that the user can report to technical support. Common errors also include a friendly string to help the user self-diagnose and fix the problem. Set to **True** to display the error message with an explanation of the problem and the decimal-format error codes. When set to **False**, the full error message is not displayed.
EtwsSoundFileName | Set the value to the name of a sound file.
HideMediumSIPopups | By default, when a service indication message is received with a signal-medium or signal-high setting, the phone interrupts and shows the user prompt for these messages. However, you can hide the user prompts for signal-medium messages.
ImsiAuthenticationToken | Configure whether MMS messages include the IMSI in the GET and POST header. Set ImsiAuthenticationToken to the token used as the header for authentication. The string value should match the IMSI provided by the UICC.
LimitRecipients | Set the maximum number of recipients to which a single SMS or MMS message can be sent. Enter a number between 1 and 500 to limit the maximum number of recipients.
MaxRetryCount | You can specify the number of times that the phone can retry sending the failed MMS message and photo before the user receives a notification that the photo could not be sent. Specify MaxRetryCount to specify the number of times the MMS transport will attempt resending the MMS message. This value has a maximum limit of 3.
MMSLimitAttachments | You can specify the maximum number of attachments for MMS messages, from 1 to 20. The default is 5.
NIInfoEnabled | NIInfoEnabled
ProxyAuthorizationToken | See [Proxy authorization for MMS.](/windows-hardware/customize/mobile/mcsf/proxy-authorization-for-mms)
RetrySize | For MMS messages that have photo attachments and that fail to send, you can choose to automatically resize the photo and attempt to resend the message. Specify the maximum size to use to resize the photo in KB. Minimum is 0xA (10 KB).
SetCacheControlNoTransform | When set, proxies and transcoders are instructed not to change the HTTP header and the content should not be modified. A value of 1 or 0x1 adds support for the HTTP header Cache-Control No-Transform directive. When the SetCacheControlNoTransform``Value is set to 0 or 0x0 or when the setting is not set, the default HTTP header Cache-Control No-Cache directive is used.
ShowRequiredMonthlyTest | **True** enables devices to receive CMAS Required Monthly Test (RMT) messages and have these show up on the device. **False** disables devices from receiving CMAS RMT messages.
SIProtocols | Additional supported service indication protocol name.
SmscPanelDisabled | **True** disables the short message service center (SMSC) panel.
SMStoSMTPShortCode | Use to configure SMS messages to be sent to email addresses and phone numbers. `0` disables sending SMS messages to SMTP addresses. `1` enables sending SMS messages to SMTP addresses.
TargetVideoFormat | You can specify the transcoding to use for video files sent as attachments in MMS messages. Set TargetVideoFormat to one of the following values to configure the default transcoding for video files sent as attachments in MMS messages:</br></br>- 0 or 0x0 Sets the transcoding to H.264 + AAC + MP4. This is the default set by the OS.</br>- 1 or 0x1 Sets the transcoding to H.264 + AAC + 3GP.</br>- 2 or 0x2 Sets the transcoding to H.263 + AMR.NB + 3GP.</br>- 3 or 0x3 Sets the transcoding to MPEG4 + AMR.NB + 3GP.
TsunamiMessageString | To override the Primary Tsunami default message, specify the TsunamiMessageString setting value. This string will be used regardless of what language is set on the device.
UAProf | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC. There are two ways to correlate a user agent profile with a given phone:</br></br>- You can take the user agent string of the phone that is sent with MMS requests and use it as a hash to map to the user agent profile on the MMSC. The user agent string cannot be modified.</br>- Alternatively, you can directly set the URI of the user agent profile on the phone.</br></br>Set UAProf to the full URI of your user agent profile file. Optionally, you can also specify the custom user agent property name for MMS that is sent in the header by setting UAProfToken to either `x-wap-profile` or `profile`.
UAProfToken | You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
UseDefaultAddress | By default, the MMS transport sends an acknowledgement to the provisioned MMS application server (MMSC). However, on some networks, the correct server to use is sent as a URL in the MMS message. In that case, a registry key must be set, or else the acknowledgement will not be received and the server will continue to send duplicate messages. **True** enables some networks to correctly acknowledge MMS messages. **False** disables the feature.
UseInsertAddressToken | Use insert address token or local raw address.
UserAgentString | Set UserAgentString to the new user agent string for MMS in its entirely. By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber WindowsPhoneOS/OSVersion-buildNumber OEM-deviceName, in which the italicized text is replaced with the appropriate values for the phone.
UseUTF8ForUnspecifiedCharset | Some incoming MMS messages may not specify a character encoding. To properly decode MMS messages that do not specify a character encoding, you can set UTF-8 to decode the message.
WapPushTechnology | For networks that require non-standard handling of single-segment incoming MMS WAP Push notifications, you can specify that MMS messages may have some of their content truncated and that they may require special handling to reconstruct truncated field values. `1` or `0x1` enables MMS messages to have some of their content truncated. `0` or `0x0` disables MMS messages from being truncated
## ImsiAuthenticationToken
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Configure whether MMS messages include the IMSI in the GET and POST header.
Set **ImsiAuthenticationToken** to the token used as the header for authentication. The string value should match the IMSI provided by the UICC.
### LatAlertOptions
Enable `LatLocalAlertEnabled` to enable support for LAT-Alert Local Alerts for devices sold in Chile. For more information, see [Emergency notifications](/windows-hardware/customize/mobile/mcsf/emergency-notifications).
### MaxRetryCount
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify the number of times that the phone can retry sending the failed MMS message and photo before the user receives a notification that the photo could not be sent.
Specify MaxRetryCount to specify the number of times the MMS transport will attempt resending the MMS message. This value has a maximum limit of 3.
### MMSGroupText
Set options for group messages sent to multiple people.
Setting | Description
--- | ---
MMSGroupText | **True** enables group messages to multiple people sent as MMS.
ShowMMSGroupTextUI | **True** shows the toggle for group text in messaging settings.
ShowMmsGroupTextWarning | **True** shows the warning that alerts users of possible additional charges before sending a group text as MMS.
### NIAlertOptions
Enable `NI2AlertEnabled` to enable support for the Netherlands Announcements for devices sold in the Netherlands. For more information, see [Emergency notifications](/windows-hardware/customize/mobile/mcsf/emergency-notifications).
### RcsOptions
Set options for Rich Communications Services (RCS).
| Setting | Description |
| --- | --- |
RcsAllowLeaveClosedGroupChats | Whether or not to allow users to leave closed group chats.
| RcsEnabled | Toggle to enable/disable RCS service. Set to **True** to enable. |
| RcsFileTransferAutoAccept | Set to **True** to auto-accept RCS incoming file transfer if the file size is less than warning file size.|
RcsFiletransferAutoAcceptWhileRoaming | Auto-accept RCS incoming file transfer when the file size is less than the warning file size while roaming.
RcsGroupChatCreationMode | The mode used to create new RCS group chats.
RcsGroupChatCreationgThreadingMode | The mode used to thread newly created RCS group chats.
| RcsSendReadReceipt | Set to **True** to send read receipt to the sender when a message is read. |
RcsTimeWindowsAfterSelfLeave | After RCS receives a self-left message, it will ignore messages during this time (in milliseconds), except self-join.
| ShowRcsEnabled | Set to **True** to show the toggle for RCS activation. |
### RequestDeliveryReport
Set options related to MMS message notifications. You can specify whether users receive notification that MMS messages could not be delivered, and determine whether users can control this by using the MMS delivery confirmation toggle in **Messaging > settings**. By default, this user setting is visible but turned off.
| Setting | Description |
| --- | --- |
| RequestDeliveryReport | Set to **True** to set the default value to on. |
| RequestDeliveryReportIsSupported | **True** shows the toggle for MMS delivery confirmation, and **False** hides the toggle. |
### SMSDeliveryNotify
Setting | Description
--- | ---
DeliveryNotifySupported | Set to **True** to enable SMS delivery confirmation.
SMSDeliveryNotify | Set to **True** to toggle SMS delivery confirmation.
### TargetVideoFormat
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify the transcoding to use for video files sent as attachments in MMS messages.
Set TargetVideoFormat to one of the following values to configure the default transcoding for video files sent as attachments in MMS messages:
| Value | Description |
| --- | --- |
| 0 or 0x0 | Sets the transcoding to H.264 + AAC + MP4. This is the default set by the OS. |
| 1 or 0x1 | Sets the transcoding to H.264 + AAC + 3GP. |
| 2 or 0x2 | Sets the transcoding to H.263 + AMR.NB + 3GP. |
| 3 or 0x3 | Sets the transcoding to MPEG4 + AMR.NB + 3GP. |
### TaiwanAlertOptions
Set options for Taiwan Emergency Alerts system. For more information, see [Emergency notifications](/windows-hardware/customize/mobile/mcsf/emergency-notifications#taiwan-alerts).
Setting | Description
--- | ---
TaiwanAlertEnabled | Receive Taiwan alerts.
TaiwanEmergencyAlertEnabled | Receive Taiwan emergency alerts.
TaiwanPresidentialAlertEnabled | Receive alerts from the Leader of the Taiwan Area.
TaiwanRequiredMonthlytestEnabled | Receive Taiwan Required Monthly Test alerts.
### UAProf
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
There are two ways to correlate a user agent profile with a given phone:
- You can take the user agent string of the phone that is sent with MMS requests and use it as a hash to map to the user agent profile on the MMSC. The user agent string cannot be modified.
- Alternatively, you can directly set the URI of the user agent profile on the phone.
Set **UAProf** to the full URI of your user agent profile file. Optionally, you can also specify the custom user agent property name for MMS that is sent in the header by setting **UAProfToken** to either `x-wap-profile` or `profile`.
### UAProfToken
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
You can specify a user agent profile to use on the phone for MMS messages. The user agent profile XML file details a phones hardware specifications and media capabilities so that an MMS application server (MMSC) can return supported optimized media content to the phone. The user agent profile XML file is generally stored on the MMSC.
Optionally, in addition to specifying **UAProf**, you can also specify the custom user agent property name for MMS that is sent in the header by setting **UAProfToken** to either `x-wap-profile` or `profile`.
### UserAgentString
>[!NOTE]
>This setting is removed in Windows 10, version 1709.
Set **UserAgentString** to the new user agent string for MMS in its entirely.
By default, this string has the format WindowsPhoneMMS/MicrosoftMMSVersionNumber WindowsPhoneOS/OSVersion-buildNumber OEM-deviceName, in which the italicized text is replaced with the appropriate values for the phone.
### w4
| Setting | Description |
| --- | --- |
| ADDR | Specify the absolute MMSC URL. The possible values to configure the ADDR parameter are:</br></br>- A Uniform Resource Identifier (URI)</br>- An IPv4 address represented in decimal format with dots as delimiters</br>- A fully qualified Internet domain name |
| APPID | Set to `w4`. |
| MS | (optional) Specify the maximum size of MMS, in KB. If the value is not a number, or is less than or equal to 10, it will be ignored and outgoing MMS will not be resized. |
| NAME | (optional) Enter userreadable application identity. This parameter is also used to define part of the registry path for the APPLICATION parameters. The possible values to configure the **NAME** parameter are:</br></br>- Character string containing the name</br>- no value specified</br></br>If no value is specified, the registry location will default to `<unnamed>`. If **NAME** is greater than 40 characters, it will be truncated to 40 characters. |
| TONAPID | Specify the network access point identification name (NAPID) defined in the provisioning file. This parameter takes a string value. It is only possible to refer to network access points defined within the same provisioning file (except if the INTERNET attribute is set in the NAPDEF characteristic). For more information about the NAPDEF characteristic, see [NAPDEF configuration service provider](/windows/client-management/mdm/napdef-csp). |
| TOPROXY | Specify one logical proxy with a matching PROXY-ID. It is only possible to refer to proxies defined within the same provisioning file. Only one proxy can be listed. The TO-PROXY value must be set to the value of the PROXY ID in PXLOGICAL that defines the MMS specific-proxy. |
### WapPushTechnology
>[!NOTE]
>These settings are removed in Windows 10, version 1709.
For networks that require non-standard handling of single-segment incoming MMS WAP Push notifications, you can specify that MMS messages may have some of their content truncated and that they may require special handling to reconstruct truncated field values.
| Value | Description |
| --- | --- |
| 1 or 0x1 | Enables MMS messages to have some of their content truncated. |
| 0 or 0x0 | Disables MMS messages from being truncated. |
## Related topics
- [Customizations for SMS and MMS](/windows-hardware/customize/mobile/mcsf/customizations-for-sms-and-mms)

24
windows/configuration/wcd/wcd-modemconfigurations.md
View File

@ -1,24 +0,0 @@
---
title: ModemConfiguration (Windows 10)
description: This section describes the ModemConfiguration settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: dansimp
---
# ModemConfiguration (Windows Configuration Designer reference)
ModemConfiguration settings are removed in Windows 10, version 1709.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | ✔️ | | | |

25
windows/configuration/wcd/wcd-multivariant.md
View File

@ -1,25 +0,0 @@
---
title: Multivariant (Windows 10)
description: This section describes the Multivariant settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: dansimp
---
# Multivariant (Windows Configuration Designer reference)
Use to select a default profile for mobile devices that have multivariant configurations.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| DefaultProfile | | ✔️ | | | |
If you will be adding [multivariant settings](../provisioning-packages/provisioning-multivariant.md) to your provisioning package, you can use the **DefaultProfile** setting to specify which variant should be applied by default if OOBE is skipped. In the **DefaultProfile** field, enter the UINAME from your customizations.xml that you want to use as default.

31
windows/configuration/wcd/wcd-nfc.md
View File

@ -1,31 +0,0 @@
---
title: NFC (Windows 10)
description: This section describes the NFC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.reviewer:
manager: dansimp
---
# NFC (Windows Configuration Designer reference)
Use to configure settings related to near field communications (NFC) subsystem.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | ✔️ | | | |
Expand **NFC** > **SEMgr** > **UI**. The following table describes the settings you can configure.
| Setting | Description |
| --- | --- |
| CardEmulationState | Configure the default state of **Tap to pay**. Select between **OFF**, **When Phone Unlocked**, **When Screen On**, and **Anytime**. |
| DefaultFastCardSetting | Configure the default fast card usage for NFC payments. Select between **When Phone Unlocked**, **When Screen On**, and **Anytime**. |
| HideFastCardsOption | Show or hide the fast cards options drop-down menu in the **NFC** > **Tap to pay** control panel. |

30
windows/configuration/wcd/wcd-otherassets.md
View File

@ -1,30 +0,0 @@
---
title: OtherAssets (Windows 10)
description: This section describes the OtherAssets settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---
# OtherAssets (Windows Configuration Designer reference)
Use to configure settings for Map data.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| MapData | | ✔️ | | | |
Use **MapData** to specify the source directory location of the map region you want to include.
For example, if C:\Path\Maps\Europe contains the downloaded map data that you want to preload, set the value to that directory.
To add additional maps, add a new MapData setting and set the source to the directory location of the map region you want to include.

2
windows/configuration/wcd/wcd-privacy.md
View File

@ -19,7 +19,7 @@ Use **Privacy** to configure settings for app activation with voice.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | X | X | | X |
| All settings | ✔️ | ✔️ | ✔️ | | ✔️ |
## LetAppsActivateWithVoice

2
windows/configuration/wcd/wcd-provisioningcommands.md
View File

@ -21,7 +21,7 @@ Use ProvisioningCommands settings to install Windows desktop applications using
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | |
| All settings | ✔️ | | | | |
For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).

32
windows/configuration/wcd/wcd-rcspresence.md
View File

@ -1,32 +0,0 @@
---
title: RcsPresence (Windows 10)
description: This section describes the RcsPresence settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 04/30/2018
ms.reviewer:
manager: dansimp
---
# RcsPresence (Windows Configuration Designer reference)
Use these settings to configure RcsPresence.
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |
Setting | Description
--- | ---
BypassvideoCapabilities | Do not use.
MaxWaitForCapabilitiesRequestInSeconds | Maximum number of seconds to wait for a Capabilities Request to complete.
MinAvailabilityCacheInSeconds | Number of seconds to cache result of Capabilities Request per each number, to avoid excessive network requests.

20
windows/configuration/wcd/wcd-sharedpc.md
View File

@ -22,7 +22,7 @@ Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as t
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | |
| All settings | ✔️ | | | | |
## AccountManagement
@ -30,19 +30,19 @@ Use these settings to configure settings for accounts allowed on the shared PC.
| Setting | Value | Description |
| --- | --- | --- |
| AccountModel | - Only guest</br>- Domain-joined only</br>- Domain-joined and guest | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. Specifying the guest option will add the Guest option to the sign-in screen and enable anonymous guest access to the PC. </br></br>- Only guest allows anyone to use the PC as a local standard (non-admin) account.</br>- Domain-joined only allows users to sign in with an Active Directory or Azure AD account.</br>- Domain-joined and guest allows users to sign in with an Active Directory, Azure AD, or local standard account. |
| DeletionPolicy | - Delete immediately </br>- Delete at disk space threshold</br>- Delete at disk space threshold and inactive threshold | - Delete immediately will delete the account on sign-out.</br>- Delete at disk space threshold will start deleting accounts when available disk space falls below the threshold you set for DiskLevelDeletion, and it will stop deleting accounts when the available disk space reaches the threshold you set for DiskLevelCaching. Accounts are deleted in order of oldest accessed to most recently accessed.</br>- Delete at disk space threshold and inactive threshold will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by InactiveThreshold |
| AccountModel | - Only guest</br>- Domain-joined only</br>- Domain-joined and guest | This option controls how users can sign in on the PC. Choosing domain-joined will enable any user in the domain to sign in. Specifying the guest option will add the Guest option to the sign in screen and enable anonymous guest access to the PC. </br></br>- Only guest allows anyone to use the PC as a local standard (non-admin) account.</br>- Domain-joined only allows users to sign in with an Active Directory or Azure AD account.</br>- Domain-joined and guest allows users to sign in with an Active Directory, Azure AD, or local standard account. |
| DeletionPolicy | - Delete immediately </br>- Delete at disk space threshold</br>- Delete at disk space threshold and inactive threshold | - **Delete immediately** deletes the account on sign out.</br>- **Delete at disk space threshold** starts deleting accounts when available disk space falls below the threshold you set for `DiskLevelDeletion`. It stops deleting accounts when the available disk space reaches the threshold you set for `DiskLevelCaching`. Accounts are deleted in order of oldest accessed to most recently accessed.</br>- **Delete at disk space threshold and inactive threshold** applies the same disk space checks as noted above. It also deletes accounts if they haven't signed in within the number of days in `InactiveThreshold`. |
| DiskLevelCaching | A number between 0 and 100 | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching. |
| DiskLevelDeletion | A number between 0 and 100 | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion. |
| EnableAccountManager | True or false | Set as **True** to enable automatic account management. If this is not set to true, no automatic account management will be done. |
| InactiveThreshold | Number | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted. |
| KioskModeAUMID | String | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign-in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. Note that the app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) |
| EnableAccountManager | True or false | Set as **True** to enable automatic account management. When set to **False**, no automatic account management will be done. |
| InactiveThreshold | Number | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that hasn't signed in will be deleted. |
| KioskModeAUMID | String | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. The app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82)) |
| KioskModeUserTileDisplayText | String | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. |
## EnableSharedPCMode
Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
Set as **True**. When set to **False**, shared PC mode isn't turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
Some of the remaining settings in SharedPC are optional, but we strongly recommend that you also set **EnableAccountManager** to **True**.
@ -53,13 +53,13 @@ Use these settings to configure policies for shared PC mode.
| Setting | Value | Description |
| --- | --- | --- |
| MaintenanceStartTime | A number between 0 and 1440 | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value. |
| MaxPageFileSizeMB | A number between 1024 and 2048 | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs. |
| MaxPageFileSizeMB | A number between 1024 and 2048 | Adjusts the maximum page file size in MB. This setting can be used to fine-tune page file behavior, especially on low end PCs. |
| RestrictLocalStorage | True or false | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings) |
| SetEduPolicies | True or false | Set to **True** for PCs that will be used in a school. For more information, see [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
| SetPowerPolicies | True or false | When set as **True**:</br></br>- Prevents users from changing power settings</br>- Turns off hibernate</br>- Overrides all power state transitions to sleep (e.g. lid close) |
| SetPowerPolicies | True or false | When set as **True**:</br></br>- Prevents users from changing power settings</br>- Turns off hibernate</br>- Overrides all power state transitions to sleep, such as a lid close. |
| SignInOnResume | True or false | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep. |
| SleepTimeout | Number | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies. |
## Related topics
## Related articles
- [Set up shared or guest PC](../set-up-shared-or-guest-pc.md)

26
windows/configuration/wcd/wcd-shell.md
View File

@ -1,26 +0,0 @@
---
title: Shell (Windows 10)
description: This section describes the Shell settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/06/2017
ms.reviewer:
manager: dansimp
---
# Shell (Windows Configuration Designer reference)
Do not use. Use [Start > StartLayout](wcd-start.md#startlayout)
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | X | | | |

32
windows/configuration/wcd/wcd-smisettings.md
View File

@ -21,19 +21,19 @@ Use SMISettings settings to customize the device with custom shell, suppress Win
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | |
| All settings | ✔️ | | | | |
## All settings in SMISettings
The following table describes the settings in SMISettings. Some settings have additional details in sections after the table.
The following table describes the settings in SMISettings. Some settings have more details in sections after the table.
| Setting | Value | Description |
| --- | --- | --- |
| AutoLogon | Enable</br>Domain name</br>Password</br>UserName | Allows automatic sign-in at startup so that the user does not need to enter a user name and password. |
| AutoLogon | Enable</br>Domain name</br>Password</br>UserName | Allows automatic sign-in at startup. Users don't need to enter a user name and password. |
| BrandingNeutral | See [BrandingNeutral values](#brandingneutral-values) | Specifies which UI elements display on the Welcome screen. |
| CrashDumpEnabled | See [CrashDumpEnabled values](#crashdumpenabled-values) | Specifies the type of information to be saved in the event of a crash. |
| CrashDumpEnabled | See [CrashDumpEnabled values](#crashdumpenabled-values) | Specifies the type of information to be saved if there's a crash. |
| DisableBootMenu | True or false | Disables the F8 and F10 keys during startup to prevent access to the **Advanced Startup Options** menu. |
| DisplayDisabled | True or false | Configures the device to display a blank screen when the OS encounters an error that it cannot recover from. |
| DisplayDisabled | True or false | Configures the device to display a blank screen if the OS has an error that it can't recover from. |
| HideAllBootUI | True or false | Suppresses all Windows UI elements (logo, status indicator, and status message) during startup. |
| HideAutologonUI | True or false | Hides the Welcome screen when automatic sign-in (AutoLogon) is enabled. |
| HideBootLogo | True or false | Suppresses the default Windows logo that displays during the OS loading phase. |
@ -43,7 +43,7 @@ The following table describes the settings in SMISettings. Some settings have ad
| KeyboardFilter | See [KeyboardFilter settings](#keyboardfilter-settings) | Use these settings to configure devices to suppress key presses or key combinations. |
| NoLockScreen | True or false | Disables the lock screen functionality and UI elements |
| ShellLauncher | See [ShellLauncher settings](#shelllauncher-settings) | Settings used to specify the application or executable to use as the default custom shell. |
| UIVerbosityLevel | Suppress or do not suppress | Disables the Windows status messages during device startup, sign-in, and shut down. |
| UIVerbosityLevel | Suppress or don't suppress | Disables the Windows status messages during device startup, sign-in, and shut down. |
## BrandingNeutral values
@ -58,11 +58,11 @@ The default value is **17**, which disables all Welcome screen UI elements and t
| 4 | Disables the Language button |
| 8 | Disables the Ease of access button |
| 16 | Disables the Switch user button |
| 32 | Disables the blocked shutdown resolver (BSDR) screen so that restarting or shutting down the system causes the OS to immediately force close any applications that are blocking system shut down. No UI is displayed and users are not given a chance to cancel the shutdown process. This can result in a loss of data if any open applications have unsaved data. |
| 32 | Disables the blocked shutdown resolver (BSDR) screen. Restarting or shutting down the system causes the OS to immediately force close any applications that are blocking the system shutdown. No UI is displayed, and users aren't given a chance to cancel the shutdown process. This value can result in a loss of data if any open applications have unsaved data. |
## CrashDumpEnabled values
Contains an integer that specifies the type of information to capture in a dump (.dmp) file that is generated when the system stops unexpectedly.
If the system stops unexpectedly, choose the type of information to capture in a dump (.dmp) file.
The .dmp file is typically saved in %SystemRoot% as Memory.dmp.
@ -71,22 +71,22 @@ Set CrashDumpEnabled to one of the following values:
| Value | Description |
| --- | --- |
| 1 | Records all the contents of system memory. This dump file may contain data from processes that were running when the information was collected. |
| 2 | Records only the kernel memory. This dump file includes only memory that is allocated to the kernel, kernel-mode drivers, and other kernel-mode programs. It does not include unallocated memory or any memory that is allocated to user-mode programs.</br></br>For most purposes, this kind of dump file is the most useful because it is significantly smaller than the complete memory dump file, but it contains information that is most likely to have been involved in the issue.</br></br>If a second problem occurs, the dump file is overwritten with new information. |
| 3 | Records the smallest amount of useful information that may help identify why the device stopped unexpectedly. This type of dump file includes the following information:</br></br>- A list of loaded drivers</br></br>- The processor context (PRCB) for the processor that stopped</br></br>- The process information and kernel context (EPROCESS) for the process that stopped</br></br>- The process information and kernel context (ETHREAD) for the thread that stopped</br></br>- The kernel-mode call stack for the thread that stopped</br></br></br>This kind of dump file can be useful when space is limited. However, because of the limited information included, errors that were not directly caused by the thread that was running at the time of the problem may not be discovered by analyzing this file.</br></br>The date is encoded in the file name. If a second problem occurs, the previous file is preserved and the new file is given a distinct name. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder. |
| 2 | Records only the kernel memory. This dump file includes only memory that's allocated to the kernel, kernel-mode drivers, and other kernel-mode programs. It doesn't include unallocated memory, or any memory that's allocated to user-mode programs.</br></br> For most purposes, this kind of dump file is the most useful because it's smaller than the complete memory dump file. It also includes information that's most likely involved in the issue.</br></br> If a second problem occurs, the dump file is overwritten with new information. |
| 3 | Records the smallest amount of useful information that may help identify why the device stopped unexpectedly. This type of dump file includes the following information:</br></br>- A list of loaded drivers</br>- The processor context (PRCB) for the processor that stopped</br>- The process information and kernel context (EPROCESS) for the process that stopped</br>- The process information and kernel context (ETHREAD) for the thread that stopped</br>- The kernel-mode call stack for the thread that stopped</br></br>This dump file can be useful when space is limited. Because of the limited information, errors that aren't directly caused by the running thread at the time of the problem may not be discovered by analyzing this file.</br></br> The date is encoded in the file name. If a second problem occurs, the previous file is preserved and the new file is given a distinct name. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder. |
| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 3. |
| 7 | Records only the kernel memory. This value produces the same results as entering a value of 2. This is the default value. |
| Any other value | Disables crash dump and does not record anything. |
| Any other value | Disables crash dump and doesn't record anything. |
## KeyboardFilter settings
You can use KeyboardFilter to suppress undesirable key presses or key combinations. KeyboardFilter works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard.
Use these settings to suppress undesirable key presses or key combinations. KeyboardFilter works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard.
When you **enable** KeyboardFilter, a number of other settings become available for configuration.
When you **enable** KeyboardFilter, many other settings become available for configuration.
| Setting | Value | Description |
| --- | --- | --- |
| CustomKeyFilters | Allow or block | Add your own key filters to meet any special requirements that you may have that are not included in the predefined key filters. </br></br>Enter a custom key combination in **CustomKeyFilter**, and then select it to allow or block it. The format to add custom filter combinations is "Alt+F9." This also appears as the CustomKey name, which is specified without "+". For more information, see [WEKF_CustomKey](/windows-hardware/customize/enterprise/wekf-customkey). |
| CustomScancodeFilters | Allow or block | Blocks the list of custom scan codes. When a key is pressed on a physical keyboard, the keyboard sends a scan code to the keyboard driver. The driver then sends the scan code to the OS and the OS converts the scan code into a virtual key based on the current active layout.</br></br>Enter a custom scancode in **CustomScancodeFilter**, and then select it to allow or block it. For more information, see [WEKF_Scancode](/windows-hardware/customize/enterprise/wekf-scancode). |
| CustomKeyFilters | Allow or block | Add your own key filters to meet any special requirements that aren't included in the predefined key filters. </br></br>Enter a custom key combination in **CustomKeyFilter**, and then select it to allow or block it. The format to add custom filter combinations is "Alt+F9." This also appears as the CustomKey name, which is specified without "+". For more information, see [WEKF_CustomKey](/windows-hardware/customize/enterprise/wekf-customkey). |
| CustomScancodeFilters | Allow or block | Blocks the list of custom scan codes. When a key is pressed on a physical keyboard, the keyboard sends a scan code to the keyboard driver. The driver then sends the scan code to the OS and the OS converts the scan code into a virtual key based on the current active layout.</br></br>Enter a custom scan code in **CustomScancodeFilter**, and then select it to allow or block it. For more information, see [WEKF_Scancode](/windows-hardware/customize/enterprise/wekf-scancode). |
| DisableKeyboardFilterForAdministrators | True or false | Disables the keyboard filter for administrators. |
| ForceOffAccessibility | True or false | Disables all Ease of Access features and prevents users from enabling them. |
| PredefinedKeyFilters | Allow or block | Specifies the list of predefined keys. For each key, the value will default to **Allow**. Specifying **Block** will suppress the key combination. |
@ -107,7 +107,7 @@ You can also configure ShellLauncher to launch different shell applications for
>
>You cannot use ShellLauncher to launch a Windows app as a custom shell. However, you can use Windows 10 application launcher to launch a Windows app at startup.
ShellLauncher processes the Run and RunOnce registry keys before starting the custom shell, so your custom shell doesn't need to handle the automatic startup of other applications or services. ShellLauncher also handles the behavior of the system when your custom shell exits. You can configure the shell exit behavior if the default behavior does not meet your needs.
ShellLauncher processes the Run and RunOnce registry keys before starting the custom shell. So, your custom shell doesn't need to handle the automatic startup of other applications or services. ShellLauncher also handles the behavior of the system when your custom shell exits. You can configure the shell exit behavior if the default behavior doesn't meet your needs.
>[!IMPORTANT]
>A custom shell is launched with the same level of user rights as the account that is signed in. This means that a user with administrator rights can perform any system action that requires administrator rights, including launching other applications with administrator rights, while a user without administrator rights cannot. If your shell application requires administrator rights and needs to be elevated, and User Account Control (UAC) is present on your device, you must disable UAC in order for ShellLauncher to launch the shell application.

2
windows/configuration/wcd/wcd-startupapp.md
View File

@ -21,6 +21,6 @@ Use StartupApp settings to configure the default app that will run on start for
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| Default | | | | | X |
| Default | | | | | ✔️ |
Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app.

2
windows/configuration/wcd/wcd-startupbackgroundtasks.md
View File

@ -21,5 +21,5 @@ Documentation not available at this time.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | | | | X |
| All settings | | | | | ✔️ |

7
windows/configuration/wcd/wcd-storaged3inmodernstandby.md
View File

@ -13,7 +13,10 @@ manager: dansimp
# StorageD3InModernStandby (Windows Configuration Designer reference)
Use **StorageD3InModernStandby** to enable or disable low power state (D3) during standby. When this setting is configured to **Enable Storage Device D3**, SATA and NVMe devices will be able to enter the D3 state when the system transits to modern standby state, if they are using a Microsoft inbox driver such as StorAHCI, StorNVMe.
Use **StorageD3InModernStandby** to enable or disable low-power state (D3) during standby. When set to **Enable Storage Device D3**, SATA and NVMe devices can enter the D3 state when:
- The system transits to modern standby state.
- If they're using a Microsoft inbox driver such as StorAHCI, StorNVMe
[Learn more about device power states.](/windows-hardware/drivers/kernel/device-power-states)
@ -21,4 +24,4 @@ Use **StorageD3InModernStandby** to enable or disable low power state (D3) durin
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | X | X | | X |
| All settings | ✔️ | ✔️ | ✔️ | | ✔️ |

2
windows/configuration/wcd/wcd-surfacehubmanagement.md
View File

@ -26,7 +26,7 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | | X | | |
| All settings | | | ✔️ | | |
## GroupName

2
windows/configuration/wcd/wcd-tabletmode.md
View File

@ -21,7 +21,7 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | X | X | | |
| All settings | ✔️ | ✔️ | ✔️ | | |
## ConvertibleSlateModePromptPreference

9
windows/configuration/wcd/wcd-takeatest.md
View File

@ -21,11 +21,11 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | |
| All settings | ✔️ | | | | |
## AllowScreenMonitoring
When set to True, students are able to record and take screen captures in the Take A Test app.
When set to True, students can record and take screen captures in the Take A Test app.
## AllowTextSuggestions
@ -43,9 +43,8 @@ When set to True, students can print in the Take A Test app.
Enter the account to use when taking a test.
To specify a domain account, enter **domain\user**. To specify an AAD account, enter <strong>username@tenant.com</strong>. To specify a local account, enter the username.
To specify a domain account, enter **domain\user**. To specify an Azure AD account, enter `username@tenant.com`. To specify a local account, enter the username.
## Related topics
## Related articles
- [SecureAssessment configuration service provider (CSP)](/windows/client-management/mdm/secureassessment-csp)

209
windows/configuration/wcd/wcd-textinput.md
View File

@ -1,209 +0,0 @@
---
title: TextInput (Windows 10)
description: This section describes the TextInput settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
author: greg-lindsay
ms.localizationpriority: medium
ms.author: greglin
ms.topic: article
ms.date: 09/15/2017
ms.reviewer:
manager: dansimp
---
# TextInput (Windows Configuration Designer reference)
Use TextInput settings to configure text intelligence and keyboard for mobile devices.
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| Intelligence > DisablePredictions | | X | | | |
| PreEnabledKeyboard | | X | | | |
## Intelligence
Set **DisablePredictions** to the locale or alternative input language that must have the text intelligence features disabled. For example, to disable text correction and suggestions for English (UK), set the value of **DisablePredictions** to `en-gb`.
## PreEnabledKeyboard
In addition to the automatically-enabled default keyboard, OEMs may choose to pre-enable more keyboards for a particular market.
During phone bring-up, OEMs must set the boot locale, or default locale, for the phone. During first boot, Windows Phone reads the locale setting and automatically enables a default keyboard based on the locale to keyboard mapping table in Set languages and locales.
The mapping works for almost all regions and additional customizations are not needed unless specified in the pre-enabled keyboard column in Set languages and locales. If an OEM chooses to pre-enable more keyboards for a particular market, they can do so by specifying the setting. Pre-enabled keyboards will automatically be enabled during boot. Microsoft recommends that partners limit the number of pre-enabled keyboards to those languages that correspond to the languages spoken within the market.
PreEnabledKeyboard must be entered once for each keyboard you want to pre-enable. As shown below, the format to specify a particular keyboard must be: Locale code.Locale value. See the following table for more information on the locale codes and values that you can use. The setting Value must be set to 1 to enable the keyboard.
The following table shows the values that you can use for the Locale code.Locale value part of the setting name.
>[!NOTE]
>The keyboards for some locales require additional language model files: am-ET, bn-IN, gu-IN, hi-IN, ja-JP, kn-IN, ko-KR, ml-IN, mr-IN, my-MM, or-IN, pa-IN, si-LK, ta-IN, te-IN, zh-TW, zh-CN, and zh-HK.
Name | Locale code | Keyboard layout value
--- | --- | ---
Afrikaans (South Africa) | af-ZA | 1
Albanian | sq-AL | 1
Amharic | am-ET | 1
Arabic | ar-SA | 1
Armenian | hy-AM | 1
Assamese - INSCRIPT | as-IN | 1
Azerbaijani (Cyrillic) | az-Cyrl-AZ | 1
Azerbaijani (Latin) | az-Latn-AZ | 1
Bangla (Bangladesh) - 49 key | bn-BD | 1
Bangla (India) - INSCRIPT |bn-IN|1
Bangla (India) - Phonetic|bn-IN|2
Bashkir|ba-RU|1
Basque|eu-ES|1
Belarusian|be-BY|1
Bosnian (Cyrillic)|bs-Cyrl-BA|1
Bosnian (Latin)|bs-Latn-BA|1
Bulgarian|bg-BG|1
Catalan|ca-ES|1
Central Kurdish|ku-Arab-IQ|1
Cherokee|chr-Cher-US|1
Chinese Simplified QWERTY|zh-CN|1
Chinese Simplified - 12-key|zh-CN|2
Chinese Simplified - Handwriting|zh-CN|3
Chinese Simplified - Stroke|zh-CN|4
Chinese Traditional (Hong Kong SAR) - Cangjie|zh-HK|1
Chinese Traditional (Hong Kong SAR) - Quick|zh-HK|2
Chinese Traditional (Hong Kong SAR) - Stroke|zh-HK|3
Chinese Traditional (Taiwan) - BoPoMoFo|zh-TW|1
Chinese Traditional (Taiwan) - Handwriting|zh-TW|2
Croatian|hr-HR|1
Czech|cs-CZ|1
Danish|da-DK|1
Divehi|dv-MV|1
Dutch (Belgium)|nl-BE|1
Dutch (Netherlands)|nl-NL|1
Dzongkha|dz-BT|1
English (Australia)|en-AU|1
English (Canada)|en-CA|1
English (India)|en-IN|1
English (Ireland)|en-IE|1
English (United Kingdom)|en-GB|1
English (United States)|en-US|1
Estonian|et-EE|1
Faroese|fo-FO|1
Filipino|fil-PH|1
Finnish|fi-FI|1
French (Belgium)|fr-BE|1
French (Canada)|fr-CA|1
French (France)|fr-FR|1
French (Switzerland)|fr-CH|1
Galician|gl-ES|1
Georgian|ka-GE|1
German (Germany)|de-DE|1
German (Switzerland)|de-CH|1
Greek|el-GR|1
Greenlandic|kl-GL|1
Guarani|gn-PY|1
Gujarati - INSCRIPT|gu-IN|1
Gujarati - Phonetic|gu-IN|2
Hausa|ha-Latn-NG|1
Hebrew|he-IL|1
Hindi - 37-key|hi-IN|1
Hindi - INSCRIPT|hi-IN|3
Hindi - Phonetic|hi-IN|2
Hinglish|hi-Latn|1
Hungarian|hu-HU|1
Icelandic|is-IS|1
Igbo|ig-NG|1
Indonesian|id-ID|1
Inuktitut - Latin|iu-Latn-CA|1
Irish|ga-IE|1
Italian|it-IT|1
Japanese - 12-key|ja-JP|1
Japanese - QWERTY|ja-JP|2
Kannada - INSCRIPT|kn-IN|1
Kannada - Phonetic|kn-IN|2
Kazakh|kk-KZ|1
Khmer|km-KH|1
Kinyarwanda|rw-RW|1
Kiswahili|sw-KE|1
Konkani|kok-IN|1
Korean - 12-key Chunjiin|ko-KR|2
Korean - 12-key Naratgeul|ko-KR|3
Korean - 12-key Sky|ko-KR|4
Korean - QWERTY|ko-KR|1
Kyrgyz|ky-KG|1
Lao|lo-LA|1
Latvian|lv-LV|1
Lithuanian|lt-LT|1
Luxembourgish|lb-LU|1
Macedonian|mk-MK|1
Malay (Brunei Darussalam)|ms-BN|1
Malay (Malaysia)|ms-MY|1
Malayalam - INSCRIPT|ml-IN|1
Malayalam - Phonetic|ml-IN|2
Maltese|mt-MT|1
Maori|mi-NZ|1
Marathi - INSCRIPT|mr-IN|1
Marathi - Phonetic|mr-IN|2
Mongolian - Cyrillic|mn-MN|1
Mongolian - Traditional Mongolian|mn-Mong-CN|1
Myanmar|my-MM|1
Nepali|ne-NP|1
Norwegian - Bokmal|nb-NO|1
Norwegian - Nynorsk|ny-NO|1
Odia - INSCRIPT|or-IN|1
Odia - Phonetic|or-IN|2
Pashto|ps-AF|1
Persian|fa-IR|1
Polish|pl-PL|1
Portuguese (Brazil)|pt-BR|1
Portuguese (Portugal)|pt-PT|1
Punjabi - INSCRIPT|pa-IN|1
Punjabi - Phonetic|pa-IN|2
Romanian|ro-RO|1
Romansh|rm-CH|1
Russian|ru-RU|1
Sakha|sah-RU|1
Sami, Northern (Norway)|se-NO|1
Sami, Northern (Sweden)|se-NO|1
Scottish Gaelic|gd-GB|1
Serbian - Cyrillic|sr-Cyrl-RS|1
Serbian - Latin|sr-Latn-RS|1
Sesotho sa Leboa|nso-ZA|1
Setswana|tn-ZA|1
Sinhala|si-LK|1
Slovak|sk-SK|1
Slovenian|sl-SI|1
Sorbian, Upper|hsb-DE|1
Spanish (Mexico)|es-MX|1
Spanish (Spain)|es-ES|1
Swedish|sv-SE|1
Syriac|syr-SY|1
Tajik|tg-Cyrl-TJ|1
Tamazight (Central Atlas) - Tifinagh|tzm-Tfng-MA|1
Tamazight (Central Atlas) - Latin|tzm-Latn-DZ|1
Tamil - INSCRIPT|ta-IN|1
Tamil - Phonetic|ta-IN|2
Tatar|tt-RU|1
Telugu - INSCRIPT|te-IN|1
Telugu - Phonetic|te-IN|2
Thai|th-TH|1
Tibetan|bo-CN|1
Turkish|tr-TR|1
Turkmen|tk-TM|1
Ukrainian|uk-UA|1
Urdu|ur-PK|1
Uyghur|ug-CN|1
Uzbek - Cyrillic|uz-Cyrl-UZ|1
Uzbek - Latin|uz-Latn-UZ|1
Valencian|ca-ES-valencia|1
Vietnamese - QWERTY|vi-VN|1
Vietnamese - TELEX|vi-VN|2
Vietnamese - VNI|vi-VN|3
Welsh|cy-GB|1
Wolof|N/A|1
Xhosa|xh-ZA|1
Yoruba|yo-NG|1
Zulu|zu-ZA|1

2
windows/configuration/wcd/wcd-time.md
View File

@ -19,7 +19,7 @@ Use **Time** to configure settings for time zone setup for Windows 10, version (
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [ProvisionSetTimeZone](#provisionsettimezone) | X | | | | |
| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | | |
## ProvisionSetTimeZone

24
windows/configuration/wcd/wcd-unifiedwritefilter.md
View File

@ -15,14 +15,22 @@ manager: dansimp
# UnifiedWriteFilter (reference)
Use UnifiedWriteFilter to configure settings for the Unified Write Filter (UWF) in your device to help protect your physical storage media, including most standard writable storage types that are supported by the OS, such as physical hard disks, solidate-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writeable volume.
Use UnifiedWriteFilter to configure settings for the Unified Write Filter (UWF). It helps protect your physical storage media, including most standard writable storage types that are supported by the OS, such as:
- Physical hard disks
- Solidate-state drives
- Internal USB devices
- External SATA devices
- And so on
You can also use UWF to make read-only media appear to the OS as a writeable volume.
>[!IMPORTANT]
>You cannot use UWF to protect external USB devices or flash drives.
>You can't use UWF to protect external USB devices or flash drives.
UWF intercepts all write attempts to a protected volume and redirects those write attempts to a virtual overlay. This improves the reliability and stability of your device and reduces the wear on write-sensitive media, such as flash memory media like solid-state drives.
UWF intercepts all write attempts to a protected volume and redirects these write attempts to a virtual overlay. This feature improves the reliability and stability of your device. It also reduces the wear on write-sensitive media, such as flash memory media like solid-state drives.
The overlay does not mirror the entire volume, but dynamically grows to keep track of redirected writes. Generally the overlay is stored in system memory, although you can cache a portion of the overlay on a physical volume.
The overlay doesn't mirror the entire volume. It dynamically grows to keep track of redirected writes. Generally, the overlay is stored in system memory. You can cache a portion of the overlay on a physical volume.
>[!NOTE]
>UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
@ -34,7 +42,7 @@ The overlay does not mirror the entire volume, but dynamically grows to keep tra
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | X | | | | X |
| All settings | ✔️ | | | | ✔️ |
## FilterEnabled
@ -42,9 +50,9 @@ Set to **True** to enable UWF.
## OverlayFlags
OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not be redirected to the overlay file. Enabling this setting helps conserve space on the overlay file.
OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
- Value `0` (default value when [OverlayType](#overlaytype) is not **Disk**): writes are redirected to the overlay file
- Value `0` (default value when [OverlayType](#overlaytype) isn't **Disk**): writes are redirected to the overlay file
- Value `1`(default value when [OverlayType](#overlaytype) is **Disk**): writes to unused space on the volume are allowed to pass through without being redirected to the overlay file.
## OverlaySize
@ -60,7 +68,7 @@ OverlayType specifies where the overlay is stored. Select between **RAM** (defau
## RegistryExclusions
You can add or remove registry entries that will be excluded from UWF filtering. When a registry key is in the exclusion list, all writes to that registry key bypass UWF filtering and are written directly to the registry and persist after the device restarts.
You can add or remove registry entries that will be excluded from UWF filtering. When a registry key is in the exclusion list, all writes to that registry key bypass UWF filtering. They're written directly to the registry and persist after the device restarts.
Use **Add** to add a registry entry to the exclusion list after you restart the device.

36
windows/configuration/wcd/wcd-universalappinstall.md
View File

@ -24,15 +24,15 @@ Use UniversalAppInstall settings to install Windows apps from the Microsoft Stor
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [DeviceContextApp](#devicecontextapp) | X | | X | | |
| [DeviceContextAppLicense](#devicecontextapplicense) | X | | X | | |
| [StoreInstall](#storeinstall) | X | X | X | | X |
| [UserContextApp](#usercontextapp) | X | X | X | | X |
| [UserContextAppLicense](#usercontextapplicense) | X | X | X | | X |
| [DeviceContextApp](#devicecontextapp) | ✔️ | | ✔️ | | |
| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | | ✔️ | | |
| [StoreInstall](#storeinstall) | ✔️ | ✔️ | ✔️ | | ✔️ |
| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | ✔️ | | ✔️ |
| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | ✔️ | | ✔️ |
## DeviceContextApp
Enter an app package family name to install an app for all users of the device. You can use the [Get-AppxPackage cmdlet](/powershell/module/appx/get-appxpackage) to get the package family name for an installed app.
Enter an app package family name to install an app for all device users. You can use the [Get-AppxPackage cmdlet](/powershell/module/appx/get-appxpackage) to get the package family name for an installed app.
>[!NOTE]
>For XAP files, enter the product ID.
@ -41,11 +41,11 @@ For each app that you add to the package, configure the settings in the followin
| Setting | Value | Description |
| --- | --- | --- |
| ApplicationFile | .appx or .appxbundle | Set the value to the app file that you want to install on the device. In addition, you must also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
| DependencyAppxFiles | any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
| DeploymentOptions | - None</br>-Force application shutdown: If this package, or any package that depends on this package, is currently in use, the processes associated with the package are shut down forcibly so that registration can continue</br>- Development mode: do not use</br>- Install all resources: When you set ths option, the app is instructed to skip resource applicability checks.</br>- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
| LaunchAppAtLogin | - Do not launch app</br>- Launch app | Set the value for app behavior when a user signs in. |
| OptionalPackageFiles | additional files required by the package | Browse to, select, and add the optional package files. |
| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
| DeploymentOptions | - None</br>-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. </br>- Development mode: Don't use. </br>- Install all resources: When you set this option, the app is instructed to skip resource applicability checks.</br>- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
| LaunchAppAtLogin | - Don't launch app</br>- Launch app | Set the value for app behavior when a user signs in. |
| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
For more information on deployment options, see [DeploymentOptions Enum](/uwp/api/windows.management.deployment.deploymentoptions).
@ -53,7 +53,7 @@ For more information on deployment options, see [DeploymentOptions Enum](/uwp/ap
Use to specify the license file for the provisioned app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. Here is an example, `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and click **Add**.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
@ -62,7 +62,7 @@ Use to specify the license file for the provisioned app.
Use to install an app from the Microsoft Store for Business.
1. Enter a package family name, and then click **Add**.
1. Enter a package family name, and then select **Add**.
2. Configure the following required settings for the app package.
Setting | Description
@ -75,21 +75,21 @@ SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/micro
Use to add a new user context app.
1. Specify a **PackageFamilyName** for the app, and then click **Add**.
1. Specify a **PackageFamilyName** for the app, and then select **Add**.
2. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
Setting | Value | Description
--- | --- | ---
ApplicationFile | app file | Browse to, select, and add the application file,
DependencyAppxFiles | additional files required by the app | Browse to, select, and add dependency files.
ApplicationFile | App file | Browse to, select, and add the application file,
DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files.
DeploymentOptions | - None</br></br>- Force application shutdown</br></br>- Development mode</br></br>- Install all resources</br></br>- Force target application shutdown | Select a deployment option.
LaunchAppAtLogin | - Do not launch app</br></br>- Launch app | Select whether the app should be started when a user signs in.
LaunchAppAtLogin | - Don't launch app</br></br>- Launch app | Select whether the app should be started when a user signs in.
## UserContextAppLicense
Use to specify the license file for the user context app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. Here is an example, `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and click **Add**.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.

12
windows/configuration/wcd/wcd-universalappuninstall.md
View File

@ -22,21 +22,21 @@ Use UniversalAppUninstall settings to uninstall or remove Windows apps.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [RemoveProvisionedApp](#removeprovisionedapp) | X | | | | |
| [Uninstall](#uninstall) | X | X | X | | X |
| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | | |
| [Uninstall](#uninstall) | ✔️ | ✔️ | ✔️ | | ✔️ |
## RemoveProvisionedApp
Universal apps can be *provisioned*, which means that they are available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
Use **RemoveProvisionedApp** to remove app packages that are available on the device. Any instances of the app that have already been installed by a user are not uninstalled. To uninstall provisioned apps that have been installed by a user, use the [Uninstall](#uninstall) setting.
Use **RemoveProvisionedApp** to remove app packages that are available on the device. Any instances of the app that have already been installed by a user aren't uninstalled. To uninstall provisioned apps that have been installed by a user, use the [Uninstall](#uninstall) setting.
1. Enter the PackageFamilyName for the app package, and then click **Add**.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
2. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
## Uninstall
Use **Uninstall** to remove provisioned apps that have been installed by a user.
1. Enter the PackageFamilyName for the app package, and then click **Add**.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.

2
windows/configuration/wcd/wcd-usberrorsoemoverride.md
View File

@ -22,7 +22,7 @@ Allows an OEM to hide the USB option UI in Settings and all USB device errors.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | X | X | X | X | |
| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | ✔️ | |
## HideUsbErrorNotifyOptionUI

11
windows/configuration/wcd/wcd-weakcharger.md
View File

@ -22,8 +22,8 @@ Use WeakCharger settings to configure the charger notification UI.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | X | X | X | | |
| [NotifyOnWeakCharger](#notifyonweakcharger) | X | X | X | | |
| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | ✔️ | | |
| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | ✔️ | | |
## HideWeakChargerNotifyOptionUI
@ -34,12 +34,15 @@ Select between **Show Weak Charger Notifications UI** and **Hide Weak Charger No
## NotifyOnWeakCharger
This setting displays a warning when the user connects the device to an incompatible charging source. This warning is intended to notify users that their device may take longer to charge or may not charge at all with the current charging source.
This setting shows a warning when the user connects the device to an incompatible charging source. This warning is intended to notify users that their device may take longer to charge. Or, it may not charge at all.
An incompatible charging source is one that doesn't behave like one of the following port types:
An incompatible charging source is one that does not behave like one of the following port types as defined by the USB Battery Charging Specification, Revision 1.2, available on the USB.org website:
- Charging downstream port
- Standard downstream port
- Dedicated charging port
The port types are defined by the USB Battery Charging Specification, Revision 1.2, available at `USB.org`.
Select between **Disable Weak Charger Notifications UI** and **Enable Weak Charger Notifications UI**.

10
windows/configuration/wcd/wcd-windowshelloforbusiness.md
View File

@ -15,17 +15,17 @@ manager: dansimp
# WindowsHelloForBusiness (Windows Configuration Designer reference)
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to Windows on a device configured for [Shared PC mode](wcd-sharedpc.md).
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to a Windows device configured for [Shared PC mode](wcd-sharedpc.md).
## Applies to
| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [SecurityKeys](#securitykeys) | X | | | | |
| [SecurityKeys](#securitykeys) | ✔️ | | | | |
## SecurityKeys
Select the desired value:
Select the value:
- `0`: security keys for Windows Hello are disabled.
- `1`: security keys for Windows Hello are enabled on [Shared PCs](wcd-sharedpc.md).
- `0`: Security keys for Windows Hello are disabled.
- `1`: Security keys for Windows Hello are enabled on [Shared PCs](wcd-sharedpc.md).

22
windows/configuration/wcd/wcd-windowsteamsettings.md
View File

@ -22,31 +22,31 @@ Use WindowsTeamSettings settings to configure Surface Hub.
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| All settings | | | X | | |
| All settings | | | ✔️ | | |
## Connect
| Setting | Value | Description |
| --- | --- | --- |
| AutoLaunch | True or false | Open the Connect app automatically when someone projects. |
| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)</br>- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)</br>- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly the driver will either not boot, or will broadcast on the wrong channel (which senders won't be looking for). |
| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)</br>- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)</br>- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
| Enabled | True or false | Enables wireless projection to the device. |
| PINRequired | True or false | Requires presenters to enter a PIN to connect wirelessly to the device. |
## DeviceAccount
A device account is a Microsoft Exchange account that is connected with Skype for Business, which allows people to join scheduled meetings, make Skype for Business calls, and share content from the device.
A device account is a Microsoft Exchange account that's connected with Skype for Business. It allows people to join scheduled meetings, make Skype for Business calls, and share content from the device.
| Setting | Value | Description |
| --- | --- | --- |
| CalendarSyncEnabled | True or false | Specifies whether calendar sync and other Exchange Server services are enabled. |
| DomainName | Domain of the device account when you are using Active Directory | To use a device account from Active Directory, you should specify both **DomainName** and **UserName** for the device account. |
| DomainName | Domain of the device account when using Active Directory | To use a device account from Active Directory, you should specify both **DomainName** and **UserName** for the device account. |
| Email | Email address | Email address of the device account. |
| ExchangeServer | Exchange Server | Normally, the device will try to automatically discover the Exchange server. This field is only required if automatic discovery fails. |
| Password | Password | Password for the device account. |
| PasswordRotationEnabled | 0 = enabled</br>1 = disabled | Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, use this setting to allow the device to manage its own password by changing it frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory or Azure AD. |
| PasswordRotationEnabled | 0 = enabled</br>1 = disabled | Specifies whether automatic password rotation is enabled. If you enforce a password expiration policy on the device account, then use this setting to allow the device to manage its own password. It can change the password frequently, without requiring you to manually update the account information when the password expires. You can reset the password at any time using Active Directory or Azure AD. |
| SipAddress | Session Initiation Protocol (SIP) address | Normally, the device will try to automatically discover the SIP. This field is only required if automatic discovery fails. |
| UserName | User name | Username of the device account when you are using Active Directory. |
| UserName | User name | Username of the device account when using Active Directory. |
| UserPrincipalName | User principal name (UPN) | To use a device account from Azure Active Directory or a hybrid deployment, you should specify the UPN of the device account. |
| ValidateAndCommit | Any text | Validates the data provided and then commits the changes. This process occurs automatically after the other DeviceAccount settings are applied. The text you enter for the ValidateAndCommit setting doesn't matter. |
@ -62,11 +62,11 @@ Enter the name that users will see when they want to project wirelessly to the d
## MaintenanceHours
Maintenance hours are the period of time during which automatic maintenance tasks are performed.
Maintenance hours are the period of time when automatic maintenance tasks are run.
| Setting | Value | Description |
| --- | --- | --- |
| Duration | Duration in minutes. For example, to set a 3-hour duration, set this value to 180. | The amount of time the device will be in maintenance, when the device will continue to download or install updates. |
| Duration | Duration in minutes. For example, to set a three hour duration, set this value to 180. | The amount of time the device will be in maintenance, when the device will continue to download or install updates. |
| StartTime | Start time in minutes from midnight. For example, to set a 2:00 am start time, set this value to 120 | Start time for when device is allowed to start downloading and installing updates. |
## OMSAgent
@ -75,7 +75,7 @@ Configures the Operations Management Suite workspace.
| Setting | Value | Description |
| --- | --- | --- |
| WorkspaceID | GUID | GUID identifying the Operations Management Suite workspace ID to collect the data. Set this to an empty string to disable the MOM agent. |
| WorkspaceID | GUID | GUID identifying the Operations Management Suite workspace ID to collect the data. Set this value to an empty string to disable the MOM agent. |
| WorkspaceKey | Key | Primary key for authenticating with the workspace. |
## Properties
@ -85,7 +85,7 @@ Configures the Operations Management Suite workspace.
| AllowAutoProxyAuth | True or false | Specifies if the Surface Hub can use the device account to authenticate into proxy servers requiring authentication. |
| AllowSessionResume | True or false | Specifies if users are allowed to resume their session after session timeout. |
| DefaultVolume | Numeric value between 0 and 100 | Default speaker volume. Speaker volume will be set to this value at every session startup. |
| DisableSigninSuggestions | True or false | Specifies if the Surface Hub will not show suggestions when users try to sign in to see their meetings and files. |
| DisableSigninSuggestions | True or false | Specifies if the Surface Hub won't show suggestions when users try to sign in to see their meetings and files. |
| DoNotShowMyMeetingsAndFiles | True or false | Specifies if users can sign in and have full access to personal meetings and most recently used documents. |
| ScreenTimeout | Select minutes from dropdown menu | The time (in minutes) of inactivity after which the Surface Hub will turn off its screen. |
| SessionTimeout | Select minutes from dropdown menu | The time (in minutes) of inactivity after which the Surface Hub will time out the current session and return to the welcome screen. |
@ -105,6 +105,6 @@ Configures the Operations Management Suite workspace.
| CurrentBackgroundPath | Https URL to a PNG file | Background image for the welcome screen. |
| MeetingInfoOption | 0 = organizer and time only</br>1 = organizer, time, and subject (subject is hidden for private meetings) | Specifies whether meeting information is displayed on the welcome screen. |
## Related topics
## Related articles
- [SurfaceHub configuration service provider (CSP)](/windows/client-management/mdm/surfacehub-csp)

8
windows/configuration/wcd/wcd-workplace.md
View File

@ -22,11 +22,11 @@ Use Workplace settings to configure bulk user enrollment to a mobile device mana
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
| [Enrollments](#enrollments) | X | X | X | | X |
| [Enrollments](#enrollments) | ✔️ | ✔️ | ✔️ | | ✔️ |
## Enrollments
Select **Enrollments**, enter a UPN, and then click **Add** to configure the settings for the enrollment. The UPN is a unique identifier for enrollment. For bulk enrollment, this must a service account that is allowed to enroll multiple users. Example, "generic-device@contoso.com"
Select **Enrollments**, enter a UPN, and then select **Add** to configure the settings for the enrollment. The UPN is a unique identifier for enrollment. For bulk enrollment, this value must be a service account that's allowed to enroll multiple users. For example, use `generic-device@contoso.com`.
| Settings | Value | Description |
| --- | --- | --- |
@ -34,8 +34,8 @@ Select **Enrollments**, enter a UPN, and then click **Add** to configure the set
| DiscoveryServiceFullUrl | URL | The full URL for the discovery service |
| EnrollmentServiceFullUrl | URL | The full URL for the enrollment service |
| PolicyServiceFullUrl | URL | The full URL for the policy service |
| Secret | - Password string for on-premises authentication enrollment</br>- Federated security token for federated enrollment</br>- Certificate thumb print for certificate-based enrollment | Enter the appropriate value for the selected AuthPolicy |
| Secret | - Password string for on-premises authentication enrollment</br>- Federated security token for federated enrollment</br>- Certificate thumb print for certificate-based enrollment | Enter the appropriate value for the selected AuthPolicy. |
## Related topics
## Related articles
- [Provisioning configuration service provider (CSP)](/windows/client-management/mdm/provisioning-csp)

14
windows/configuration/wcd/wcd.md
View File

@ -24,10 +24,7 @@ This section describes the settings that you can configure in [provisioning pack
| [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ |
| [ADMXIngestion](wcd-admxingestion.md) | ✔️ | | | |
| [AssignedAccess](wcd-assignedaccess.md) | ✔️ | | ✔️ | |
| [AutomaticTime](wcd-automatictime.md) | | | | |
| [Browser](wcd-browser.md) | ✔️ | ✔️ | | |
| [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | | | |
| [Calling](wcd-calling.md) | | | | |
| [CellCore](wcd-cellcore.md) | ✔️ | | | |
| [Cellular](wcd-cellular.md) | ✔️ | | | |
| [Certificates](wcd-certificates.md) | ✔️ | ✔️ | ✔️ | ✔️ |
@ -38,7 +35,6 @@ This section describes the settings that you can configure in [provisioning pack
| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✔️ | | | |
| [DeveloperSetup](wcd-developersetup.md) | | | ✔️ | |
| [DeviceFormFactor](wcd-deviceformfactor.md) | ✔️ | ✔️ | | |
| [DeviceInfo](wcd-deviceinfo.md) | | | | |
| [DeviceManagement](wcd-devicemanagement.md) | ✔️ | ✔️ | ✔️ | |
| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✔️ | | | |
| [DMClient](wcd-dmclient.md) | ✔️ | ✔️ | | ✔️ |
@ -47,27 +43,18 @@ This section describes the settings that you can configure in [provisioning pack
| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✔️ |
| [FirstExperience](wcd-firstexperience.md) | | | ✔️ | |
| [Folders](wcd-folders.md) |✔️ | ✔️ | | |
| [InitialSetup](wcd-initialsetup.md) | | | | |
| [InternetExplorer](wcd-internetexplorer.md) | | | | |
| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✔️ |
| [Licensing](wcd-licensing.md) | ✔️ | | | |
| [Location](wcd-location.md) | | | | ✔️ |
| [Maps](wcd-maps.md) |✔️ | ✔️ | | |
| [Messaging](wcd-messaging.md) | | | | |
| [ModemConfigurations](wcd-modemconfigurations.md) | | | | |
| [Multivariant](wcd-multivariant.md) | | | | |
| [NetworkProxy](wcd-networkproxy.md) | | ✔️ | | |
| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✔️ | | |
| [NFC](wcd-nfc.md) | | | | |
| [OOBE](wcd-oobe.md) | ✔️ | | | |
| [OtherAssets](wcd-otherassets.md) | | | | |
| [Personalization](wcd-personalization.md) | ✔️ | | | |
| [Policies](wcd-policies.md) | ✔️ | ✔️ | ✔️ | ✔️ |
| [Privacy](wcd-folders.md) |✔️ | ✔️ | | ✔️ |
| [ProvisioningCommands](wcd-provisioningcommands.md) | ✔️ | | | |
| [RcsPresence](wcd-rcspresence.md) | | | | |
| [SharedPC](wcd-sharedpc.md) | ✔️ | | | |
| [Shell](wcd-shell.md) | | | | |
| [SMISettings](wcd-smisettings.md) | ✔️ | | | |
| [Start](wcd-start.md) | ✔️ | | | |
| [StartupApp](wcd-startupapp.md) | | | | ✔️ |
@ -76,7 +63,6 @@ This section describes the settings that you can configure in [provisioning pack
| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✔️ | | |
| [TabletMode](wcd-tabletmode.md) |✔️ | ✔️ | | |
| [TakeATest](wcd-takeatest.md) | ✔️ | | | |
| [TextInput](wcd-textinput.md) | | | | |
| [Time](wcd-time.md) | ✔️ | | | |
| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✔️ | | | ✔️ |
| [UniversalAppInstall](wcd-universalappinstall.md) | ✔️ | ✔️ | | ✔️ |

2
windows/deployment/TOC.yml
View File

@ -208,6 +208,8 @@
href: update/update-compliance-security-update-status.md
- name: Feature update status report
href: update/update-compliance-feature-update-status.md
- name: Safeguard holds report
href: update/update-compliance-safeguard-holds.md
- name: Delivery Optimization in Update Compliance
href: update/update-compliance-delivery-optimization.md
- name: Data handling and privacy in Update Compliance

2
windows/deployment/planning/windows-10-deprecated-features.md
View File

@ -28,7 +28,7 @@ The features described below are no longer being actively developed, and might b
|Feature | Details and mitigation | Announced in version |
| ----------- | --------------------- | ---- |
| BitLocker To Go Reader | Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 |
| BitLocker To Go Reader | **Note: BitLocker to Go as a feature is still supported.**<br>Reading of BitLocker-protected removable drives ([BitLocker To Go](/windows/security/information-protection/bitlocker/bitlocker-to-go-faq)) from Windows XP or Windows Vista in later operating systems is deprecated and might be removed in a future release of Windows 10/11.<br>The following items might not be available in a future release of Windows client:<br>- ADMX policy: **Allow access to BitLocker-protected removable data drives from earlier versions of Windows**<br>- Command line parameter: [manage-bde -DiscoveryVolumeType](/windows-server/administration/windows-commands/manage-bde-on) (-dv)<br>- Catalog file: **c:\windows\BitLockerDiscoveryVolumeContents**<br>- BitLocker 2 Go Reader app: **bitlockertogo.exe** and associated files | 21H1 |
| Internet Explorer (IE) 11 | The IE11 desktop application will end support for certain operating systems starting June 15, 2022. For more information, see [Internet Explorer 11](/lifecycle/products/internet-explorer-11). | 21H1 |
| Personalization roaming | Roaming of Personalization settings (including wallpaper, slideshow, accent colors, and lock screen images) is no longer being developed and might be removed in a future release. | 21H1 |
| Windows Management Instrumentation Command line (WMIC) tool. | The WMIC tool is deprecated in Windows 10, version 21H1 and the 21H1 semi-annual channel release of Windows Server. This tool is superseded by [Windows PowerShell for WMI](/powershell/scripting/learn/ps101/07-working-with-wmi). Note: This deprecation only applies to the [command-line management tool](/windows/win32/wmisdk/wmic). WMI itself is not affected. | 21H1 |

13
windows/deployment/update/deployment-service-overview.md
View File

@ -29,6 +29,7 @@ The deployment service is designed for IT Pros who are looking for more control
- You can stage deployments over a period of days or weeks by using rich expressions (for example, deploy 20H2 to 500 devices per day, beginning on March 14, 2021).
- You can bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise.
- You can benefit from deployments with automatic piloting tailored to your unique device population to ensure coverage of hardware and software in your organization.
- You can use safeguards against likely update issues that have been identified by Microsoft machine-learning algorithms and automatically hold the deployment for any affected devices.
The service is privacy focused and backed by leading industry compliance certifications.
@ -52,7 +53,6 @@ Using the deployment service typically follows a common pattern:
2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.
3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager.
## Prerequisites
@ -74,7 +74,6 @@ Additionally, your organization must have one of the following subscriptions:
- Windows Virtual Desktop Access E3 or E5
- Microsoft 365 Business Premium
## Getting started
To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
@ -87,7 +86,6 @@ Microsoft Endpoint Manager integrates with the deployment service to provide Win
The Microsoft Graph SDK includes a PowerShell extension that you can use to script and automate common update actions. For more information, see [Get started with the Microsoft Graph PowerShell SDK](/graph/powershell/get-started).
### Building your own application
Microsoft Graph makes deployment service APIs available through. Get started with these learning paths:
@ -113,14 +111,19 @@ This built-in piloting capability complements your existing ring structure and p
You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring.
### Safeguard holds against likely and known issues
Microsoft uses [safeguard holds](/windows/deployment/update/safeguard-holds) to protect devices from encountering known quality or compatibility issues by preventing them from installing the update or upgrade. For Windows 11 deployments, the deployment service extends these safeguard holds to also protect devices that Microsoft identifies as being at a higher risk of experiencing problems after an update (such as operating system rollbacks, app crashes, or graphics issues). The service temporarily holds the deployment for these devices while Microsoft investigates the likely issue. Safeguard holds apply to deployments by default, but you can opt out.
To verify whether a device is affected by a safeguard hold, see [Am I affected by a safeguard hold?](/windows/deployment/update/safeguard-holds#am-i-affected-by-a-safeguard-hold)
### Monitoring deployments to detect rollback issues
During deployments of Windows 11 or Windows 10 feature updates, driver combinations can sometimes result in an unexpected update failure that makes the device revert to the previously installed operating system version. The deployment service can monitor devices for such issues and automatically pause deployments when this happens, giving you time to detect and mitigate issues.
### How to enable deployment protections
Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your organization, devices must share diagnostic data with Microsoft.
Deployment scheduling controls are always available, but to take advantage of the unique deployment protections tailored to your population, devices must share diagnostic data with Microsoft.
#### Device prerequisites

BIN
windows/deployment/update/images/uc-workspace-safeguard-holds-device-view.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 52 KiB

BIN
windows/deployment/update/images/uc-workspace-safeguard-holds-safeguard-hold-view.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

16
windows/deployment/update/safeguard-holds.md
View File

@ -17,27 +17,27 @@ ms.topic: article
- Windows 10
- Windows 11
Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
Microsoft uses quality and compatibility data to identify issues that might cause a Windows client feature update to fail or roll back. When we find such an issue, we might apply safeguard holds to the updating service to prevent affected devices from installing the update in order to safeguard them from these experiences. We also use safeguard holds when a customer, a partner, or Microsoft internal validation finds an issue that would cause severe impact (for example, rollback of the update, data loss, loss of connectivity, or loss of key functionality) and when a workaround is not immediately available.
Safeguard holds prevent a device with a known issue from being offered a new operating system version. We renew the offering once a fix is found and verified. We use holds to ensure customers have a successful experience as their device moves to a new version of Windows client.
The lifespan of holds varies depending on the time required to investigate and fix an issue. During this time Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the hold. Once we release the hold, Windows Update will resume offering new operating system versions to devices.
The lifespan of safeguard holds varies depending on the time required to investigate and fix an issue. During this time, Microsoft works diligently to procure, develop, and validate a fix and then offer it to affected devices. We monitor quality and compatibility data to confirm that a fix is complete before releasing the safeguard hold. Once we release the safeguard hold, Windows Update will resume offering new operating system versions to devices.
Safeguard holds only affect devices that use the Window Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments.
Safeguard holds only affect devices that use the Windows Update service for updates. We encourage IT admins who manage updates to devices through other channels (such as media installations or updates coming from Windows Server Update Services) to remain aware of known issues that might also be present in their environments.
IT admins managing updates using the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) also benefit from safeguard holds on devices that are likely to be affected by an issue. To learn more, see [Safeguard holds against likely and known issues](/windows/deployment/update/deployment-service-overview#safeguard-holds-against-likely-and-known-issues).
## Am I affected by a safeguard hold?
IT admins can use [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) to monitor various update health metrics for devices in their organization, including ones affected by a safeguard hold that prevents them from updating to a newer operating system version.
IT admins can use [Update Compliance](update-compliance-monitor.md) to monitor various update health metrics for devices in their organization. Update Compliance provides a [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds), as well as [queries in the Feature Update Status report](/windows/deployment/update/update-compliance-feature-update-status), to provide you insight into the safeguard holds that are preventing devices from updating or upgrading.
Queries identify Safeguard IDs for each affected device, giving IT admins a detailed view into the various protections extended to devices. Safeguard IDs for publicly discussed known issues are also included in the [Windows release health](/windows/release-health/) dashboard, where you can easily find information related to publicly available safeguards.
The Update Compliance reports identify safeguard holds by their 8-digit identifiers. For safeguard holds associated with publicly discussed known issues, you can find additional details about the issue on the [Windows release health](/windows/release-health/) dashboard by searching for the safeguard hold ID on the **Known issues** page for the relevant release.
On devices that use Windows Update (but not Windows Update for Business), the **Windows Update** page in the Settings app displays a message stating that an update is on its way, but not ready for the device. Instead of the option to download and install the update, users will see this message:
![Feature update message reading "The Windows 10 May 2020 Update is on its way. Once it's ready for your device, you'll see the update available on this page.](images/safeguard-hold-notification.png)
If you see this message, it means one or more holds affect your device. When the issue is fixed and the update is safe to install, well release the hold and the update can resume safely.
This message means that the device is protected by one or more safeguard holds. When the issue is resolved and the update is safe to install, we will release the safeguard hold and the update can resume safely.
## What can I do?
@ -46,4 +46,4 @@ We recommend that you do not attempt to manually update until issues have been r
> [!CAUTION]
> Opting out of a safeguard hold can put devices at risk from known performance issues. We strongly recommend that you complete robust testing to ensure the impact is acceptable before opting out.
With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically.
With that in mind, IT admins who stay informed with [Update Compliance](update-compliance-feature-update-status.md#safeguard-holds) and the [Windows release health](/windows/release-health/) dashboard can choose to temporarily [opt-out of the protection of all safeguard holds](safeguard-opt-out.md) and allow an update to proceed. We recommend opting out only in an IT environment and for validation purposes. If you do opt out of a hold, this condition is temporary. Once an update is complete, the protection of safeguard holds is reinstated automatically.

13
windows/deployment/update/update-compliance-feature-update-status.md
View File

@ -43,18 +43,21 @@ Refer to the following list for what each state means:
## Safeguard holds
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
### Queries for safeguard holds
Update Compliance reporting offers two queriesto help you retrieve data related to safeguard holds.These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
> [!TIP]
> For a new Update Compliance report with additional information on safeguard holds, try the [Safeguard Holds report](/windows/deployment/update/update-compliance-safeguard-holds).
The Feature Update Status report offers two queriesto help you retrieve data related to safeguard holds.These queries show data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
The first queryshows the device data for alldevices that are affected by safeguard holds. The second queryshows data specific to devices running the target build.
![Left pane showing Need Attention, Security update status, feature update status, and Windows Defender AV status, with Need Attention selected. Right pane shows the list of queries relevant to the Need Attention status, with "Devices with a safeguard hold" and "Target build distribution of devices with a safeguard hold" queries highlighted](images/UC_workspace_safeguard_queries.png)
Update Compliance reporting will display the Safeguard IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards.
Update Compliance reporting will display the safeguard hold IDs for known issues affecting a device in the **DeploymentErrorCode** column. Safeguard hold IDs for publicly discussed known issues are also included in the Windows Release Health dashboard, where you can easily find information related to publicly available safeguards.
### Opt out of safeguard hold
### Opt out of safeguard holds
You can [opt out of safeguard protections](safeguard-opt-out.md) by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.
You can [opt out of safeguard holds](safeguard-opt-out.md) protecting against known issues by using the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update.

61
windows/deployment/update/update-compliance-safeguard-holds.md Normal file
View File

@ -0,0 +1,61 @@
---
title: Update Compliance - Safeguard Holds report
ms.reviewer:
manager: laurawi
description: Learn how the Safeguard Holds report provides information about safeguard holds in your population.
ms.prod: w10
ms.mktglfcycl: deploy
ms.pagetype: deploy
audience: itpro
itproauthor: jaimeo
author: jaimeo
ms.author: jaimeo
ms.collection: M365-analytics
ms.topic: article
ms.custom: seo-marvel-apr2020
---
# Safeguard Holds
**Applies to**
- Windows 10
- Windows 11
The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds).
Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
Update Compliance provides two views into the safeguard holds that apply to devices in your population. The report shows data for devices that are configured to send diagnostic data at the *Optional* level (previously *Full*). For Windows 10 devices, devices configured to send diagnostic data at *Enhanced* level are also included.
The safeguard hold report can be found in a different location from the other Update Compliance reports. To access the safeguard hold report, follow the instructions below.
1. Navigate to your Log Analytics workspace to which Update Compliance is deployed.
2. In the left-hand menu, select **Solutions**.
3. Select the solution named **WaaSUpdateInsights(\<your workspace name\>)**. (This summary page is also where the Update Compliance tile is located.)
4. In the left-hand menu, select **Workbooks**.
5. Under the subsection **WaaSUpdateInsights**, select the workbook named **Safeguard Holds**.
## Safeguard hold view
![The safeguard hold view of the Safeguard Hold report.](images/uc-workspace-safeguard-holds-safeguard-hold-view.png)
The safeguard hold view shows which safeguard holds apply to devices in your population, and how many devices are affected by each safeguard hold. You can use the **Safeguard hold ID(s)** dropdown at the top of the report to filter the chart and corresponding table to show only the selected safeguard hold IDs. Note that a device can be affected by more than one safeguard hold.
## Device view
![The device view of the Safeguard Hold report.](images/uc-workspace-safeguard-holds-device-view.png)
The device view shows which devices are affected by safeguard holds. In the **Safeguard Hold IDs** column of the table, you can find a list of the safeguard holds that apply to each device. You can also use the **Safeguard hold ID(s)** dropdown at the top of the report to filter the table to show only devices affected by the selected safeguard hold IDs.
## Getting additional information about a safeguard hold
For safeguard holds protecting devices against publicly discussed known issues, you can find their 8-digit identifier on the [Windows release health](/windows/release-health/) page under **Known issues** corresponding to the relevant release.
Devices managed by the [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview) that are affected by a safeguard hold for a likely issue are listed in the report with the safeguard hold ID value **00000001**.
## Opt out of safeguard holds
To opt out of safeguard holds protecting against known issues, see [Opt out of safeguard holds](/windows/deployment/update/safeguard-opt-out).
To opt out of safeguard holds protecting against likely issues (applicable to devices managed by the deployment service), see [Manage safeguards for a feature update deployment using the Windows Update for Business deployment service](/graph/windowsupdates-manage-safeguards).

4
windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
View File

@ -12,7 +12,7 @@ manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/23/2021
ms.date: 11/02/2021
ms.reviewer:
---
@ -389,7 +389,7 @@ The registry keys for the smart card KSP are in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\
| **AllowPrivateSignatureKeyImport** | A non-zero value allows RSA signature private keys to be imported for use in key archival scenarios.<br>Default value: 00000000 |
| **DefaultPrivateKeyLenBits** | Defines the default length for private keys, if desired.<br>Default value: 00000400<br>Default key generation parameter: 1024-bit keys |
| **RequireOnCardPrivateKeyGen** | This key sets the flag that requires on-card private key generation (default). If this value is set, a key generated on a host can be imported into the smart card. This is used for smart cards that don't support on-card key generation or where key escrow is required.<br>Default value: 00000000 |
| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.<br>Default value: 000005dc1500<br>The default timeout for holding transactions to the smart card is 1.5 seconds. |
| **TransactionTimeoutMilliseconds** | Default timeout values allow you to specify whether transactions that take an excessive amount of time will fail.<br>Default value: 000005dc<br>The default timeout for holding transactions to the smart card is 1.5 seconds. |
**Additional registry keys for the smart card KSP**

6
windows/security/threat-protection/windows-defender-application-control/wdac-wizard-editing-policy.md
View File

@ -32,9 +32,9 @@ ms.technology: windows-sec
The WDAC Wizard makes editing and viewing WDAC policies easier than the PowerShell cmdlets or manually. The Wizard currently supports the following editing capabilities:
<ul>
<li>[Configuring policy rules](#configuring-policy-rules)</li>
<li>[Adding new allow or block file rules to existing policies](#adding-file-rules)</li>
<li>[Removing allow or block file rules on existing policies](#removing-file-rules)</li>
<li><a href="#configuring-policy-rules">Configuring policy rules</a></li>
<li><a href="#adding-file-rules">Adding new allow or block file rules to existing policies</a></li>
<li><a href="#removing-file-rules">Removing allow or block file rules on existing policies</a></li>
</ul>
## Configuring Policy Rules

2
windows/security/threat-protection/windows-sandbox/windows-sandbox-architecture.md
View File

@ -42,7 +42,7 @@ Because Windows Sandbox runs the same operating system image as the host, it has
## Integrated kernel scheduler
With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
With ordinary virtual machines, the Microsoft hypervisor controls the scheduling of the virtual processors running in the VMs. Windows Sandbox uses a new technology called "integrated scheduling," which allows the host scheduler to decide when the sandbox gets CPU cycles.
![A chart compares the scheduling in Windows Sandbox versus a traditional VM.](images/4-integrated-kernal.png)