deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 22:07:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/it-client/_git/it-client

Browse Source
This commit is contained in:
Justin Hall 2018-12-07 17:09:08 -08:00
commit beb9eb10af
14 changed files with 135 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
devices/surface-hub/create-a-device-account-using-office-365.md
View File

@ -75,10 +75,16 @@ From here on, you'll need to finish the account creation process using PowerShel
In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console:
- [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](https://go.microsoft.com/fwlink/?LinkId=718149)
- [Microsoft Online Services Sign-In Assistant for IT Professionals RTW](https://www.microsoft.com/en-us/download/details.aspx?id=41950)
- [Windows Azure Active Directory Module for Windows PowerShell](https://www.microsoft.com/web/handlers/webpi.ashx/getinstaller/WindowsAzurePowershellGet.3f.3f.3fnew.appids)
- [Skype for Business Online, Windows PowerShell Module](https://www.microsoft.com/download/details.aspx?id=39366)
Install the following module in Powershell
``` syntax
install-module AzureAD
Install-module MsOnline
```
### Connecting to online services
1. Run Windows PowerShell as Administrator.
@ -200,8 +206,7 @@ In order to enable Skype for Business, your environment will need to meet the fo
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool "sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
@ -356,12 +361,7 @@ In order to enable Skype for Business, your environment will need to meet the fo
Import-PSSession $cssess -AllowClobber
```
2. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```
2. Retrieve your Surface Hub account Registrar Pool
If you aren't sure what value to use for the `RegistrarPool` parameter in your environment, you can get the value from an existing Skype for Business user using this cmdlet:
@ -369,6 +369,15 @@ In order to enable Skype for Business, your environment will need to meet the fo
Get-CsOnlineUser -Identity alice@contoso.microsoft.com| fl *registrarpool*
```
3. To enable your Surface Hub account for Skype for Business Server, run this cmdlet:
```PowerShell
Enable-CsMeetingRoom -Identity $strEmail -RegistrarPool
"sippoolbl20a04.infra.lync.com" -SipAddressType EmailAddress
```

16
devices/surface/microsoft-surface-data-eraser.md
View File

@ -150,6 +150,22 @@ After you create a Microsoft Surface Data Eraser USB stick, you can boot a suppo
Microsoft Surface Data Eraser is periodically updated by Microsoft. For information about the changes provided in each new version, see the following:
### Version 3.2.78.0
*Release Date: 4 Dec 2018*
This version of Surface Data Eraser:
- Includes bug fixes
### Version 3.2.75.0
*Release Date: 12 November 2018*
This version of Surface Data Eraser:
- Adds support to Surface Studio 2
- Fixes issues with SD card
### Version 3.2.69.0
*Release Date: 12 October 2018*

4
devices/surface/surface-enterprise-management-mode.md
View File

@ -191,8 +191,10 @@ For use with SEMM and Microsoft Surface UEFI Configurator, the certificate must
## Version History
### Version 2.26.136.0
* Add support to Surface Studio 2
### Version 2.21.136.9
### Version 2.21.136.0
* Add support to Surface Pro 6
* Add support to Surface Laptop 2

2
mdop/mbam-v2/understanding-mbam-reports-mbam-2.md
View File

@ -159,7 +159,7 @@ Removable Data Volume encryption status will not be shown in the report.
</tr>
<tr class="even">
<td align="left"><p>Policy-Fixed Data Drive</p></td>
<td align="left"><p>Indicates if encryption is required for the dixed data drive.</p></td>
<td align="left"><p>Indicates if encryption is required for the fixed data drive.</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Policy Removable Data Drive</p></td>

14
windows/client-management/TOC.md
View File

@ -12,16 +12,18 @@
## [Windows 10 Mobile deployment and management guide](windows-10-mobile-and-mdm.md)
## [Windows libraries](windows-libraries.md)
## [Troubleshoot Windows 10 clients](windows-10-support-solutions.md)
### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
### [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md)
### [Advanced troubleshooting for Windows networking issues](troubleshoot-networking.md)
#### [Advanced troubleshooting Wireless Network Connectivity](advanced-troubleshooting-wireless-network-connectivity.md)
#### [Data collection for troubleshooting 802.1x Authentication](data-collection-for-802-authentication.md)
#### [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
### [Advanced troubleshooting for TCP/IP](troubleshoot-tcpip.md)
#### [Collect data using Network Monitor](troubleshoot-tcpip-netmon.md)
#### [Troubleshoot TCP/IP connectivity](troubleshoot-tcpip-connectivity.md)
#### [Troubleshoot port exhaustion issues](troubleshoot-tcpip-port-exhaust.md)
#### [Troubleshoot Remote Procedure Call (RPC) errors](troubleshoot-tcpip-rpc-errors.md)
### [Advanced troubleshooting for Windows start-up issues](troubleshoot-windows-startup.md)
#### [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
#### [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)
#### [Advanced troubleshooting for Stop error or blue screen error issue](troubleshoot-stop-errors.md)
## [Mobile device management for solution providers](mdm/index.md)
## [Change history for Client management](change-history-for-client-management.md)

20
windows/client-management/troubleshoot-networking.md Normal file
View File

@ -0,0 +1,20 @@
---
title: Advanced troubleshooting for Windows networking issues
description: Learn how to troubleshoot networking issues.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: kaushika-msft
ms.localizationpriority: medium
ms.author: kaushika
ms.date:
---
# Advanced troubleshooting for Windows networking issues
In these topics, you will learn how to troubleshoot common problems related to Windows networking.
- [Advanced troubleshooting Wireless Network](advanced-troubleshooting-wireless-network-connectivity.md)
- [Data collection for troubleshooting 802.1x authentication](data-collection-for-802-authentication.md)
- [Advanced troubleshooting 802.1x authentication](advanced-troubleshooting-802-authentication.md)
- [Advanced troubleshooting for TCP/IP issues](troubleshoot-tcpip.md)

16
windows/client-management/troubleshoot-tcpip-connectivity.md
View File

@ -36,17 +36,17 @@ If the initial TCP handshake is failing because of packet drops then you would s
Source side connecting on port 445:
![](images/tcp-ts-6.png)
![Screenshot of frame summary in Network Monitor](images/tcp-ts-6.png)
Destination side: applying the same filter, you do not see any packets.
![](images/tcp-ts-7.png)
![Screenshot of frame summary with filter in Network Monitor](images/tcp-ts-7.png)
For the rest of the data, TCP will retransmit the packets 5 times.
**Source 192.168.1.62 side trace:**
![](images/tcp-ts-8.png)
![Screenshot showing packet side trace](images/tcp-ts-8.png)
**Destination 192.168.1.2 side trace:**
@ -71,15 +71,15 @@ In the below screenshots, you see that the packets seen on the source and the de
**Source Side**
![](images/tcp-ts-9.png)
![Screenshot of packets on source side in Network Monitor](images/tcp-ts-9.png)
**On the destination-side trace**
![](images/tcp-ts-10.png)
![Screenshot of packets on destination side in Network Monitor](images/tcp-ts-10.png)
You also see an ACK+RST flag packet in a case when the TCP establishment packet SYN is sent out. The TCP SYN packet is sent when the client wants to connect on a particular port, but if the destination/server for some reason does not want to accept the packet, it would send an ACK+RST packet.
![](images/tcp-ts-11.png)
![Screenshot of packet flag](images/tcp-ts-11.png)
The application which is causing the reset (identified by port numbers) should be investigated to understand what is causing it to reset the connection.
@ -102,8 +102,8 @@ auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:enable /fai
You can then review the Security event logs to see for a packet drop on a particular port-IP and a filter ID associated with it.
![](images/tcp-ts-12.png)
![Screenshot of Event Properties](images/tcp-ts-12.png)
Now, run the command `netsh wfp show state`, this will generate a wfpstate.xml file. Once you open this file and filter for the ID you find in the above event (2944008), you will be able to see a firewall rule name associated with this ID which is blocking the connection.
![](images/tcp-ts-13.png)
![Screenshot of wfpstate.xml file](images/tcp-ts-13.png)

20
windows/client-management/troubleshoot-tcpip-port-exhaust.md
View File

@ -54,21 +54,21 @@ Specifically, about outbound connections as incoming connections will not requir
Since outbound connections start to fail, you will see a lot of the below behaviors:
- Unable to login to the machine with domain credentials, however login with local account works. Domain login will require you to contact the DC for authentication which is again an outbound connection. If you have cache credentials set, then domain login might still work.
- Unable to sign in to the machine with domain credentials, however sign-in with local account works. Domain sign-in will require you to contact the DC for authentication which is again an outbound connection. If you have cache credentials set, then domain sign-in might still work.
![](images/tcp-ts-14.png)
![Screenshot of error for NETLOGON in Event Viewer](images/tcp-ts-14.png)
- Group Policy update failures:
![](images/tcp-ts-15.png)
![Screenshot of event properties for Group Policy failure](images/tcp-ts-15.png)
- File shares are inaccessible:
![](images/tcp-ts-16.png)
![Screenshot of error message "Windows cannot access"](images/tcp-ts-16.png)
- RDP from the affected server fails:
![](images/tcp-ts-17.png)
![Screenshot of error when Remote Desktop is unable to connect](images/tcp-ts-17.png)
- Any other application running on the machine will start to give out errors
@ -82,15 +82,15 @@ If you suspect that the machine is in a state of port exhaustion:
a. **Event ID 4227**
![](images/tcp-ts-18.png)
![Screenshot of event id 4227 in Event Viewer](images/tcp-ts-18.png)
b. **Event ID 4231**
![](images/tcp-ts-19.png)
![Screenshot of event id 4231 in Event Viewer](images/tcp-ts-19.png)
3. Collect a `netstat -anob output` from the server. The netstat output will show you a huge number of entries for TIME_WAIT state for a single PID.
![](images/tcp-ts-20.png)
![Screenshot of netstate command output](images/tcp-ts-20.png)
After a graceful closure or an abrupt closure of a session, after a period of 4 minutes (default), the port used the process or application would be released back to the available pool. During this 4 minutes, the TCP connection state will be TIME_WAIT state. In a situation where you suspect port exhaustion, an application or process will not be able to release all the ports that it has consumed and will remain in the TIME_WAIT state.
@ -132,7 +132,7 @@ If method 1 does not help you identify the process (prior to Windows 10 and Wind
1. Add a column called “handles” under details/processes.
2. Sort the column handles to identify the process with the highest number of handles. Usually the process with handles greater than 3000 could be the culprit except for processes like System, lsass.exe, store.exe, sqlsvr.exe.
![](images/tcp-ts-21.png)
![Screenshot of handles column in Windows Task Maner](images/tcp-ts-21.png)
3. If any other process than these has a higher number, stop that process and then try to login using domain credentials and see if it succeeds.
@ -153,7 +153,7 @@ Steps to use Process explorer:
File \Device\AFD
![](images/tcp-ts-22.png)
![Screenshot of Process Explorer](images/tcp-ts-22.png)
10. Some are normal, but large numbers of them are not (hundreds to thousands). Close the process in question. If that restores outbound connectivity, then you have further proven that the app is the cause. Contact the vendor of that app.

10
windows/client-management/troubleshoot-tcpip-rpc-errors.md
View File

@ -158,15 +158,15 @@ Open the traces in [Microsoft Network Monitor 3.4](troubleshoot-tcpip-netmon.md)
- Look for the “EPM” Protocol Under the “Protocol” column.
- Now check if you are getting a response from the server or not, if you get a response note the Dynamic Port number that you have been allocated to use.
- Now check if you are getting a response from the server. If you get a response, note the dynamic port number that you have been allocated to use.
![](images/tcp-ts-23.png)
![Screenshot of Network Monitor with dynamic port highlighted](images/tcp-ts-23.png)
- Check if we are connecting successfully to this Dynamic port successfully.
- The filter should be something like this: tcp.port==<dynamic-port-allocated> and ipv4.address==<server-ip>
![](images/tcp-ts-24.png)
![Screenshot of Network Monitor with filter applied](images/tcp-ts-24.png)
This should help you verify the connectivity and isolate if any network issues are seen.
@ -175,13 +175,13 @@ This should help you verify the connectivity and isolate if any network issues a
The most common reason why we would see the RPC server unavailable is when the dynamic port that the client tries to connect is not reachable. The client side trace would then show TCP SYN retransmits for the dynamic port.
![](images/tcp-ts-25.png)
![Screenshot of Network Monitor with TCP SYN retransmits](images/tcp-ts-25.png)
The port cannot be reachable due to one of the following reasons:
- The dynamic port range is blocked on the firewall in the environment.
- A middle device is dropping the packets.
- The destination server is dropping the packets (WFP drop / NIC drop/ Filter driver etc)
- The destination server is dropping the packets (WFP drop / NIC drop/ Filter driver etc).

19
windows/client-management/troubleshoot-windows-startup.md Normal file
View File

@ -0,0 +1,19 @@
---
title: Advanced troubleshooting for Windows start-up issues
description: Learn how to troubleshoot Windows start-up issues.
ms.prod: w10
ms.sitesec: library
ms.topic: troubleshooting
author: kaushika-msft
ms.localizationpriority: medium
ms.author: kaushika
ms.date:
---
# Advanced troubleshooting for Windows start-up issues
In these topics, you will learn how to troubleshoot common problems related to Windows start-up.
- [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)
- [Advanced troubleshooting for Stop error or blue screen error](troubleshoot-stop-errors.md)
- [Advanced troubleshooting for Windows-based computer freeze issues](troubleshoot-windows-freeze.md)

9
windows/deployment/deploy-whats-new.md
View File

@ -7,7 +7,7 @@ ms.localizationpriority: medium
ms.prod: w10
ms.sitesec: library
ms.pagetype: deploy
ms.date: 11/06/2018
ms.date: 12/07/2018
author: greg-lindsay
---
@ -16,7 +16,6 @@ author: greg-lindsay
**Applies to**
- Windows 10
## In this topic
This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization.
@ -34,6 +33,12 @@ Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/20
![Support lifecycle](images/support-cycle.png)
## Windows 10 servicing and support
Microsoft is [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below.
![Support lifecycle](images/support-cycle.png)
## Windows 10 Enterprise upgrade
Windows 10 version 1703 includes a Windows 10 Enterprise E3 and E5 benefit to Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA). These customers can now subscribe users to Windows 10 Enterprise E3 or E5 and activate their subscriptions on up to five devices. Virtual machines can also be activated. For more information, see [Windows 10 Enterprise Subscription Activation](windows-10-enterprise-subscription-activation.md).

23
windows/deployment/volume-activation/active-directory-based-activation-overview.md
View File

@ -7,18 +7,29 @@ ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: activation
author: greg-lindsay
ms.date: 04/19/2017
ms.date: 12/07/2018
---
# Active Directory-Based Activation Overview
# Active Directory-Based Activation overview
Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the companys domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it is distributed throughout the domain.
## Active Directory-Based Activation Scenarios
## ADBA scenarios
VAMT enables IT Professionals to manage and activate the Active Directory-Based Activation object. Activation can be performed by using a scenario such as the following:
- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the Active Directory-Based Activation Object a name.
- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the Active Directory-Based Activation Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function.
You might use ADBA if you only want to activate domain joined devices.
If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. This is not necessary When ADBA is used.
ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. This is simpler than using the DNS service to load balance by configuring priority and weight values.
Some VDI solutions also require that new clients activate during creation before they are added to the pool. In this scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage.
## ADBA methods
VAMT enables IT Professionals to manage and activate the ADBA object. Activation can be performed using the following methods:
- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name.
- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function.
## Related topics

2
windows/security/threat-protection/windows-defender-atp/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md
View File

@ -73,7 +73,7 @@ The response will include an access token and expiry information.
```json
{
"token_type": "Bearer",
"expires_in": "3599"
"expires_in": "3599",
"ext_expires_in": "0",
"expires_on": "1488720683",
"not_before": "1488720683",

4
windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
View File

@ -33,13 +33,13 @@ You can also get detailed reporting into events and blocks as part of Windows Se
You can create custom views in the Windows Event Viewer to only see events for specific capabilities and settings.
The easiest way to do this is to import a custom view as an XML file. You can obtain XML files for each of the features in the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w), or you can copy the XML directly from this page.
The easiest way to do this is to import a custom view as an XML file. You can copy the XML directly from this page.
You can also manually navigate to the event area that corresponds to the feature, see the [list of attack surface reduction events](#list-of-attack-surface-reduction-events) section at the end of this topic for more details.
### Import an existing XML custom view
1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropriate file to an easily accessible location. The following filenames are each of the custom views:
1. Create an empty .txt file and copy the XML for the custom view you want to use into the .txt file. Do this for each of the custom views you want to use. Rename the files as follows (ensure you change the type from .txt to .xml):
- Controlled folder access events custom view: *cfa-events.xml*
- Exploit protection events custom view: *ep-events.xml*
- Attack surface reduction events custom view: *asr-events.xml*