deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into sh-5509388

Browse Source
This commit is contained in:
Trudy Hakala 2016-05-11 14:34:11 -07:00
commit c72ec07f77
14 changed files with 101 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.localization-config Normal file
View File

@ -0,0 +1,8 @@
{
"locales": [ "zh-cn" ],
"files": ["!/*.md", "**/**/*.md", "**/*.md"],
"includeDependencies": true,
"autoPush": true,
"xliffVersion": "2.0",
"useJavascriptMarkdownTransformer": true
}

10
.openpublishing.publish.config.json
View File

@ -61,6 +61,16 @@
"type_mapping": {
"Conceptual": "Content"
}
},
{
"docset_name": "education",
"build_output_subfolder": "education",
"locale": "en-us",
"version": 0,
"open_to_public_contributors": "false",
"type_mapping": {
"Conceptual": "Content"
}
}
],
"notification_subscribers": ["brianlic@microsoft.com"],

8
browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
View File

@ -84,9 +84,11 @@ IE opens the apps website.
**Security Note:**<br>If you dont fully trust a site, you shouldnt allow it to launch an outdated app. However, although we dont recommend it, you can let the webpage launch the app by tapping or clicking **Allow**. This option opens the app without updating or fixing the problem. The next time you visit a webpage running the same outdated app, youll get the notification again.
## How does IE decide which ActiveX controls to block?
IE uses Microsofts versionlist.xml file to determine whether an ActiveX control should be stopped from loading. This file is updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
IE uses Microsofts versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
You can see your copy of the versionlist.xml file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml`, or you can view Microsofts version at [Internet Explorer version list](http://go.microsoft.com/fwlink/p/?LinkId=403864).
You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsofts version, based on your operating system and version of IE, here:
- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230)
- [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
**Security Note:**<br>Although we strongly recommend against it, if you dont want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
@ -171,7 +173,7 @@ Heres a detailed example and description of whats included in the VersionA
### Inventory your ActiveX controls by using a local WMI class
For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
### Before you begin
#### Before you begin
Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
- **ConfigureWMILogging.ps1**. A Windows PowerShell script.

24
education/docfx.json Normal file
View File

@ -0,0 +1,24 @@
{
"build": {
"content":
[
{
"files": ["**/**.md"],
"exclude": ["**/obj/**"]
}
],
"resource": [
{
"files": ["**/images/**", "**/*.json"],
"exclude": ["**/obj/**"]
}
],
"globalMetadata": {
"ROBOTS": "INDEX, FOLLOW"
},
"externalReference": [
],
"template": "op.html",
"dest": "edu"
}
}

1
windows/keep-secure/change-history-for-keep-windows-10-secure.md
View File

@ -15,6 +15,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md
|New or changed topic | Description |
|----------------------|-------------|
| [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
## April 2016

9
windows/keep-secure/configure-the-application-identity-service.md
View File

@ -46,11 +46,4 @@ Membership in the local **Administrators** group, or equivalent, is the minimum
3. Verify that the status for the Application Identity service is **Running**.
 
 
Starting with Windows 10, the Application Identity service is now a protected process. Because of this, you can no longer manually set the service **Startup type** to **Automatic**.

53
windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
View File

@ -33,7 +33,7 @@ When a user encounters an error when creating the work PIN, advise the user to t
1. Try to create the PIN again. Some errors are transient and resolve themselves.
2. Log out, log in, and try to create the PIN again.
2. Sign out, sign in, and try to create the PIN again.
3. Reboot the device and then try to create the PIN again.
@ -44,11 +44,7 @@ When a user encounters an error when creating the work PIN, advise the user to t
If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
<table>
<colgroup>
<col width="33%" />
<col width="33%" />
<col width="33%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Hex</th>
@ -57,20 +53,13 @@ If the error occurs again, check the error code against the following table to s
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left">0x801C03ED</td>
<td align="left"><p>Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed</p>
<p>-or-</p>
<p>Token was not found in the Authorization header</p>
<p>-or-</p>
<p>Failed to read one or more objects</p></td>
<td align="left">Unjoin the device from Azure Active Directory (Azure AD) and rejoin</td>
</tr>
<tr class="even">
<td align="left">0x801C044D</td>
<td align="left">Authorization token does not contain device ID</td>
<td align="left">Unjoin the device from Azure AD and rejoin</td>
</tr>
<tr class="odd">
<td align="left">0x80090036</td>
<td align="left">User cancelled an interactive dialog</td>
@ -95,6 +84,10 @@ If the error occurs again, check the error code against the following table to s
<td align="left">0x80090005</td>
<td align="left">NTE_BAD_DATA</td>
<td align="left">Unjoin the device from Azure AD and rejoin</td>
</tr><tr class="even">
<td align="left">0x80090029</td>
<td align="left">TPM is not set up.</td>
<td align="left">Sign on with an administrator account. Click **Start**, type "tpm.msc", and select **tpm.msc Microsoft Common Console Document**. In the **Actions** pane, select **Prepare the TPM**. </td>
</tr>
<tr class="even">
<td align="left">0x80090031</td>
@ -124,17 +117,17 @@ If the error occurs again, check the error code against the following table to s
<tr class="odd">
<td align="left">0x801C0010</td>
<td align="left">The AIK certificate is not valid or trusted</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="even">
<td align="left">0x801C0011</td>
<td align="left">The attestation statement of the transport key is invalid</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="odd">
<td align="left">0x801C0012</td>
<td align="left">Discovery request is not in a valid format</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="even">
<td align="left">0x801C0015</td>
@ -159,7 +152,7 @@ If the error occurs again, check the error code against the following table to s
<tr class="even">
<td align="left">0x801C03E9</td>
<td align="left">Server response message is invalid</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="odd">
<td align="left">0x801C03EA</td>
@ -169,37 +162,42 @@ If the error occurs again, check the error code against the following table to s
<tr class="even">
<td align="left">0x801C03EB</td>
<td align="left">Server response http status is not valid</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="odd">
<td align="left">0x801C03EC</td>
<td align="left">Unhandled exception from server.</td>
<td align="left">Log out and then log in again.</td>
<td align="left">sign out and then sign in again.</td>
</tr>
<tr class="even">
<td align="left">0x801C03ED</td>
<td align="left">The request sent to the server was invalid.</td>
<td align="left">Log out and then log in again.</td>
<td align="left"><p>Multi-factor authentication is required for a 'ProvisionKey' operation, but was not performed</p>
<p>-or-</p>
<p>Token was not found in the Authorization header</p>
<p>-or-</p>
<p>Failed to read one or more objects</p>
<p>-or-</p><p>The request sent to the server was invalid.</p></td>
<td align="left">Sign out and then sign in again. If that doesn't resolve the issue, unjoin the device from Azure Active Directory (Azure AD) and rejoin.</td>
</tr>
<tr class="odd">
<td align="left">0x801C03EE</td>
<td align="left">Attestation failed</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="even">
<td align="left">0x801C03EF</td>
<td align="left">The AIK certificate is no longer valid</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
<tr class="odd">
<td align="left">0x801C044D</td>
<td align="left">Unable to obtain user token</td>
<td align="left">Log out and then log in again. Check network and credentials.</td>
<td align="left">Sign out and then sign in again. Check network and credentials.</td>
</tr>
<tr class="even">
<td align="left">0x801C044E</td>
<td align="left">Failed to receive user creds input</td>
<td align="left">Log out and then log in again.</td>
<td align="left">Sign out and then sign in again.</td>
</tr>
</tbody>
</table>
@ -214,6 +212,7 @@ For errors listed in this table, contact Microsoft Support for assistance.
| Hex | Cause |
|-------------|-------------------------------------------------------------------------------------------------------|
| 0x80072f0c | Unknown |
| 0x80070057 | Invalid parameter or argument is passed |
| 0x80090027 | Caller provided wrong parameter. If third-party code receives this error they must change their code. |
| 0x8009002D | NTE\_INTERNAL\_ERROR |
| 0x80090020 | NTE\_FAIL |

21
windows/keep-secure/microsoft-passport-guide.md
View File

@ -4,6 +4,7 @@ description: This guide describes the new Windows Hello and Microsoft Passport t
ms.assetid: 11EA7826-DA6B-4E5C-99FB-142CC6BD9E84
keywords: ["security", "credential", "password", "authentication"]
ms.prod: W10
ms.pagetype: security
ms.mktglfcycl: plan
ms.sitesec: library
author: challum
@ -405,7 +406,7 @@ Table 1. Deployment requirements for Microsoft Passport
 
Note that the current release of Windows 10 supports the Azure ADonly scenarios. Microsoft provides the forward-looking guidance in Table 1 to help organizations prepare their environments for planned future releases of Microsoft Passport for Work capabilities.
Note that the current release of Windows 10 supports the Azure ADonly (RTM) and hybrid scenarios (RTM + November Update). Microsoft provides the forward-looking guidance in Table 1 to help organizations prepare their environments for planned future releases of Microsoft Passport for Work capabilities.
**Select policy settings**
@ -465,17 +466,19 @@ In the Windows 10 initial release, Microsoft supports the following Microsoft P
- Microsoft Passport for Work support for organizations that have cloud-only Azure AD deployments
- Group Policy settings to control Microsoft Passport PIN length and complexity
- Group Policy and MDM settings to control Microsoft Passport PIN length and complexity
In the November 2015 release, Microsoft supports the following Microsoft Passport and Windows Hello features:
- Key-based Microsoft Passport for Work credentials for on-premises Azure AD deployments and hybrid on-premises/Azure AD deployments
- Microsoft Passport for Work certificates issued by a trusted PKI, including smart card and virtual smart card certificates
In future releases of Windows 10, we plan to add support for additional features:
- Additional biometric identifier types, including iris recognition
- Key-based Microsoft Passport for Work credentials for on-premises Azure AD deployments and hybrid on-premises/Azure AD deployments
- Microsoft Passport for Work certificates issued by a trusted PKI, including smart card and virtual smart card certificates
- TPM attestation to protect keys so that a malicious user or program cant create keys in software (because those keys wont be TPM attested and can thus be identified as fake)
- Key-based and certificate-based Microsoft Passport for Work credentials for on-premises AD deployments
- TPM attestation to protect keys so that a malicious user or program cant create keys in software (because those keys wont be TPM attested and can thus be identified as fake)
In the longer term, Microsoft will continue to improve on and expand the features of both Microsoft Passport and Windows Hello to cover additional customer requirements for manageability and security. We also are working with the FIDO Alliance and a variety of third parties to encourage adoption of Microsoft Passport by both web and LOB application developers.

4
windows/manage/lock-down-windows-10.md
View File

@ -70,7 +70,9 @@ Enterprises often need to manage how people use corporate devices. Windows 10 p
</tbody>
</table>
 
 ## Learn more
[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
## Related topics

4
windows/manage/lockdown-xml.md
View File

@ -538,6 +538,10 @@ After you deploy your devices, you can still configure lockdown settings through
To push lockdown settings to enrolled devices, use the AssignedAccessXML setting and use the lockdown XML as the value. The lockdown XML will be in a HandheldLockdown section that becomes XML embedded in XML, so the XML that you enter must use escaped characters (such as &lt; in place of &lt;). After the MDM provider pushes your lockdown settings to the device, the CSP processes the file and updates the device.
## Learn more
[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
## Related topics

1
windows/manage/manage-corporate-devices.md
View File

@ -94,6 +94,7 @@ For more information about the MDM protocols, see [Mobile device management](htt
## Learn more
[How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627898.aspx)
[Windows 10, Azure AD and Microsoft Intune: Automatic MDM Enrollment](http://go.microsoft.com/fwlink/p/?LinkId=623321)

4
windows/manage/set-up-a-device-for-anyone-to-use.md
View File

@ -74,7 +74,9 @@ A Universal Windows app is built on the Universal Windows Platform (UWP), which
</tbody>
</table>
 
 ## Learn more
[Customizing Your Device Experience with Assigned Access](https://channel9.msdn.com/Events/Build/2016/P508)
 

3
windows/manage/windows-10-mobile-and-mdm.md
View File

@ -1107,9 +1107,6 @@ Table 19. Microsoft Edge settings for Windows 10 Mobile
| Allow Search Suggestions in Address Bar | Whether search suggestions are shown in the address bar |
| Allow SmartScreen | Whether SmartScreen Filter is enabled |
| First Run URL | The URL to open when a user launches Microsoft Edge for the first time |
| Include Sites Bypassing Proxy In Intranet Sites | Whether websites that bypass the proxy server are able to use the Intranet security zone |
| Include UNC Paths In Intranet Sites | Whether URL paths can represent Universal Naming Convention (UNC) paths in the Intranet security zone |
| Intranet Sites | A list of the websites that are in the Intranet security zone |
| Prevent Smart Screen Prompt Override For Files | Whether users can override the SmartScreen Filter warnings about downloading unverified files |
 

5
windows/manage/working-with-line-of-business-apps.md
View File

@ -41,7 +41,7 @@ What you'll have to set up:
- LOB publishers need to have an app in the Store, or have an app ready to submit to the Store.
### <a href="" id="add-lob-publisher"></a>Add an LOB publisher (admin)
### <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Store for Business Admin)
For developers within your own organization, or ISVs you're working with to create LOB apps, you'll need to invite them to become a LOB publisher.
@ -49,7 +49,8 @@ For developers within your own organization, or ISVs you're working with to crea
1. Sign in to the [Windows Store for Business]( http://go.microsoft.com/fwlink/p/?LinkId=623531).
2. Click **Settings**, and then choose **LOB publishers**.
3. On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.
3. On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.<br>
**Note** This needs to be the email address listed in contact info for the developer account.
### <a href="" id="submit-lob-app"></a>Submit apps (LOB publisher)