Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr

2025-05-12 13:27:23 +00:00 · 2023-08-16 10:27:25 -07:00 · 2023-08-16 10:27:25 -07:00 · c6779654d4
commit c6779654d4
parent 2001688104 4080566952
2 changed files with 10 additions and 11 deletions
--- a/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md
@ -41,8 +41,6 @@ The blocklist is updated with each new major release of Windows, typically 1-2 t

 Customers who always want the most up-to-date driver blocklist can also use Windows Defender Application Control (WDAC) to apply the latest recommended driver blocklist contained in this article. For your convenience, we've provided a download of the most up-to-date vulnerable driver blocklist along with instructions to apply it on your computer at the end of this article. Otherwise, you can use the XML provided below to create your own custom WDAC policies.

-[!INCLUDE [microsoft-vulnerable-driver-blocklist](../../../../../../includes/licensing/microsoft-vulnerable-driver-blocklist.md)]
-
 ## Blocking vulnerable drivers using WDAC

 Microsoft recommends enabling [HVCI](../../../../hardware-security/enable-virtualization-based-protection-of-code-integrity.md) or S mode to protect your devices against security threats. If this setting isn't possible, Microsoft recommends blocking [this list of drivers](#vulnerable-driver-blocklist-xml) within your existing Windows Defender Application Control policy. Blocking kernel drivers without sufficient testing can cause devices or software to malfunction, and in rare cases, blue screen. It's recommended to first validate this policy in [audit mode](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) and review the audit block events.
--- a/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
+++ b/windows/security/threat-protection/security-policy-settings/allow-log-on-locally.md
@ -48,6 +48,7 @@ By default, the members of the following groups have this right on domain contro
 -   Account Operators
 -   Administrators
 -   Backup Operators
+-   Enterprise Domain Controllers
 -   Print Operators
 -   Server Operators

@ -62,14 +63,14 @@ Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Pol

 ### Default values

-The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy’s property page.
+The following table lists the actual and effective default policy values for the most recent supported versions of Windows. Default values are also listed on the policy's property page.

 | Server type or GPO | Default value |
 | - | - |
 | Default Domain Policy| Not Defined |
-| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Default Domain Controller Policy | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Stand-Alone Server Default Settings| Administrators<br>Backup Operators<br>Users |
-| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Print Operators<br>Server Operators |
+| Domain Controller Effective Default Settings | Account Operators<br>Administrators<br>Backup Operators<br>Enterprise Domain Controllers<br>Print Operators<br>Server Operators |
 | Member Server Effective Default Settings | Administrators<br>Backup Operators<br>Users |
 | Client Computer Effective Default Settings | Administrators<br>Backup Operators<br>Users |