deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adding more examples and Intune reporting bug

Browse Source 
Adding changes. Awaiting peer review from Lindakup and ddsilva
This commit is contained in:
rogersoMS 2020-11-17 15:23:04 +11:00 committed by GitHub
parent e30c197293
commit c68ad1afa3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
windows/client-management/mdm/policy-csp-userrights.md
View File

@ -75,6 +75,9 @@ Here are examples of data fields. The encoded 0xF000 is the standard delimiter/s
If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (`<![CDATA[...]]>`) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator. If you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag (`<![CDATA[...]]>`) to wrap the data fields. You can specify one or more user groups within the CDATA tag by using 0xF000 as the delimiter/separator.
> [!NOTE]
> There is currently a reporting issue in the Microsoft Endpoint Manager (MEM) console which results in the setting reporting back a 'Remediation failed' (0x87d1fde8) error, even when the setting is successfully applied. To verify whether the setting has applied successfully, check the local Windows 10 device: Event Viewer>Applications and Services Logs<Microsoft>Windows>DeviceManagement-Enterprise-Diagnostics-Provider>Admin>Event ID 814. This issue is the result of the use of the CDATA tags, which are neccesary when more than a single entry is required. If there is only a single entry, the CDATA tags can be omitted - which will resolve the reporting false positive.
> [!NOTE] > [!NOTE]
> `&#xF000;` is the entity encoding of 0xF000. > `&#xF000;` is the entity encoding of 0xF000.
@ -84,6 +87,18 @@ For example, the following syntax grants user rights to Authenticated Users and
<![CDATA[Authenticated Users&#xF000;Replicator]]> <![CDATA[Authenticated Users&#xF000;Replicator]]>
``` ```
For example, the following syntax grants user rights to two specific users from Contoso, user1 and user2:
```xml
<![CDATA[AzureAD\user1@contoso.com&#xF000;AzureAD\user2@contoso.com]]>
```
For example, the following syntax grants user rights to a specific user or group, by using the Security Identifier (SID) of the account or group:
```xml
<![CDATA[*S-1-12-1-430441778-1204322964-3914475434-3271576427&#xF000;*S-1-12-1-2699785510-1240757380-4153857927-656075536]]>
```
<hr/> <hr/>
<!--Policies--> <!--Policies-->