deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into Ashok-Lobo-5634470

Browse Source
This commit is contained in:
Ashok Lobo 2021-12-15 09:34:36 +05:30 committed by GitHub
commit bfdef58b4a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 26 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
browsers/internet-explorer/internet-explorer.yml
View File

@ -31,7 +31,7 @@ landingContent:
- text: Use Enterprise Mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Lifecycle FAQ - Internet Explorer
url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
url: /lifecycle/faq/internet-explorer-microsoft-edge
- linkListType: download
links:
- text: Download IE11 with Windows 10
@ -123,7 +123,7 @@ landingContent:
- text: Group Policy preferences for IE11
url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- text: Configure Group Policy preferences
url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- text: Blocked out-of-date ActiveX controls
url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- text: Out-of-date ActiveX control blocking

38
windows/configuration/ue-v/uev-release-notes-1607.md
View File

@ -28,12 +28,12 @@ With the release of Windows 10, version 1607, the Company Settings Center was re
Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.
**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable:
- Contact IT Link Text
- Contact IT URL
- Tray Icon
> [!NOTE]
> With the removal of the Company Settings Center, the following group policies are no longer applicable:
>
> - Contact IT Link Text
> - Contact IT URL
> - Tray Icon
### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
@ -99,31 +99,11 @@ Operating system settings for Narrator and currency characters specific to the l
WORKAROUND: None
## Hotfixes and Knowledge Base articles for UE-V
This section contains hotfixes and KB articles for UE-V.
| KB Article | Title | Link |
|------------|---------|--------|
| 3018608 | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing | [support.microsoft.com/kb/3018608](https://support.microsoft.com/kb/3018608) |
| 2903501 | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles | [support.microsoft.com/kb/2903501](https://support.microsoft.com/kb/2903501) |
| 2770042 | UE-V Registry Settings | [support.microsoft.com/kb/2770042](/troubleshoot/windows-client/ue-v/ue-v-registry-settings) |
| 2847017 | Internet Explorer settings replicated by UE-V | [support.microsoft.com/kb/2847017](https://support.microsoft.com/kb/2847017) |
| 2769631 | How to repair a corrupted UE-V install | [support.microsoft.com/kb/2769631](https://support.microsoft.com/kb/2769631) |
| 2850989 | Migrating MAPI profiles with Microsoft UE-V is not supported | [support.microsoft.com/kb/2850989](https://support.microsoft.com/kb/2850989) |
| 2769586 | UE-V roams empty folders and registry keys | [support.microsoft.com/kb/2769586](https://support.microsoft.com/kb/2769586) |
| 2782997 | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](/troubleshoot/windows-client/ue-v/enable-debug-logging) |
| 2769570 | UE-V does not update the theme on RDS or VDI sessions | [support.microsoft.com/kb/2769570](https://support.microsoft.com/kb/2769570) |
| 2850582 | How To Use Microsoft User Experience Virtualization With App-V Applications | [support.microsoft.com/kb/2850582](https://support.microsoft.com/kb/2850582) |
| 3041879 | Current file versions for Microsoft User Experience Virtualization | [support.microsoft.com/kb/3041879](https://support.microsoft.com/kb/3041879) |
| 2843592 | Information on User Experience Virtualization and High Availability | [support.microsoft.com/kb/2843592](https://support.microsoft.com/kb/2843592) |
**Additional resources for this feature**
- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings)
- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging)
- [User Experience Virtualization](uev-for-windows.md)

6
windows/deployment/update/olympia/olympia-enrollment-guidelines.md
View File

@ -53,7 +53,7 @@ Choose one of the following two enrollment options:
This is the Bring Your Own Device (BYOD) method--your device will receive Olympia policies and features, but a new account will not be created. See [Set up Azure Active Directory registered Windows 10 devices](/azure/active-directory/device-management-azuread-registered-devices-windows10-setup) for additional information.
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)).
![Settings -> Accounts.](images/1-1.png)
@ -92,7 +92,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
> [!NOTE]
> Make sure that you save your Pro license key before upgrading to the Enterprise edition. If the device gets disconnected from Olympia, you can use the Pro key to reactivate the license manually in the unlikely event that the license fails to downgrade back to Pro automatically. To reactivate manually, see [Upgrade by manually entering a product key](../../upgrade/windows-10-edition-upgrades.md#upgrade-by-manually-entering-a-product-key).
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/instantanswers/5de907f1-f8ba-4fd9-a89d-efd23fee918c/create-a-local-user-or-administrator-account-in-windows-10)).
1. Go to **Start > Settings > Accounts > Access work or school**. To see this setting, you need to have administrator rights to your device (see [local administrator](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d)).
![Settings -> Accounts.](images/1-1.png)
@ -100,7 +100,7 @@ This is the Bring Your Own Device (BYOD) method--your device will receive Olympi
3. Click **Connect**, then click **Join this device to Azure Active Directory**.
![Joining device to Azure AD.]](images/2-3.png)
![Joining device to Azure AD.](images/2-3.png)
4. Enter your **Olympia corporate account** (e.g., username@olympia.windows.com). Click **Next**.

22
windows/security/threat-protection/auditing/event-4908.md
View File

@ -16,10 +16,9 @@ ms.technology: windows-sec
# 4908(S): Special Groups Logon table modified.
:::image type="content" source="images/event-4908.png" alt-text="Event 4908 illustration":::
<img src="images/event-4908.png" alt="Event 4908 illustration" width="449" height="361" hspace="10" align="left" />
***Subcategory:***&nbsp;[Audit Policy Change](audit-audit-policy-change.md)
***Subcategory:*** [Audit Policy Change](audit-audit-policy-change.md)
***Event Description:***
@ -29,18 +28,16 @@ This event also generates during system startup.
This event is always logged regardless of the "Audit Policy Change" sub-category setting.
More information about Special Groups auditing can be found here:
For more information about Special Groups auditing, see [4908(S): Special Groups Logon table modified](/windows/security/threat-protection/auditing/event-4908).
<https://blogs.technet.com/b/askds/archive/2008/03/11/special-groups-auditing-via-group-policy-preferences.aspx>
<https://support.microsoft.com/kb/947223>
> **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
> [!NOTE]
> For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
<br clear="all">
***Event XML:***
```
```xml
- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
@ -75,11 +72,12 @@ More information about Special Groups auditing can be found here:
**Special Groups** \[Type = UnicodeString\]**:** contains current list of SIDs (groups or accounts) which are members of Special Groups. Event Viewer automatically tries to resolve SIDs and show the account name. If the SID cannot be resolved, you will see the source data in the event.
> **Note**&nbsp;&nbsp;A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
> [!NOTE]
> A **security identifier (SID)** is a unique value of variable length used to identify a trustee (security principal). Each account has a unique SID that is issued by an authority, such as an Active Directory domain controller, and stored in a security database. Each time a user logs on, the system retrieves the SID for that user from the database and places it in the access token for that user. The system uses the SID in the access token to identify the user in all subsequent interactions with Windows security. When a SID has been used as the unique identifier for a user or group, it cannot ever be used again to identify another user or group. For more information about SIDs, see [Security identifiers](/windows/access-protection/access-control/security-identifiers).
“HKEY\_LOCAL\_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\Audit\\SpecialGroups” registry value contains current list of SIDs which are included in Special Groups:
<img src="images/registry-editor-audit.png" alt="Registry Editor Audit key illustration" width="1440" height="335" />
:::image type="content" source="images/registry-editor-audit.png" alt-text="Registry Editor Audit key illustration":::
## Security Monitoring Recommendations

4
windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
View File

@ -168,7 +168,7 @@ One of the most common techniques used to gain access to a system is to find a v
Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts.
![ASLR at work.](images/security-fig4-aslr.png)
:::image type="content" alt-text="ASLR at work." source="images/security-fig4-aslr.png" lightbox="images/security-fig4-aslr.png":::
**Figure 3.&nbsp;&nbsp;ASLR at work**
@ -300,7 +300,7 @@ Some of the protections available in Windows 10 are provided through functions t
## Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit
You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/kb/2458544), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10.
You might already be familiar with the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/topic/emet-mitigations-guidelines-b529d543-2a81-7b5a-d529-84b30e1ecee0), which has since 2009 offered various exploit mitigations, and an interface for configuring those mitigations. You can use this section to understand how EMET mitigations relate to those mitigations in Windows 10. Many of EMET's mitigations have been built into Windows 10, some with extra improvements. However, some EMET mitigations carry high-performance cost, or appear to be relatively ineffective against modern threats, and therefore have not been brought into Windows 10.
Because many of EMET's mitigations and security mechanisms already exist in Windows 10 and have been improved, particularly the ones assessed to have high effectiveness at mitigating known bypasses, version 5.5*x* has been announced as the final major version release for EMET (see [Enhanced Mitigation Experience Toolkit](https://web.archive.org/web/20170928073955/https://technet.microsoft.com/en-US/security/jj653751)).