deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into updatesource

Browse Source
This commit is contained in:
jaimeo 2018-04-05 12:32:11 -07:00
commit cc2979b3ba
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
View File

@ -286,6 +286,10 @@ The following table lists the installation prerequisites for the MBAM Administra
</ul></td>
</tr>
<tr class="even">
<td align="left"><p>ASP.NET MVC 4.0</p></td>
<td align="left"><p>[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Service Principal Name (SPN)</p></td>
<td align="left"><p>The web applications require an SPN for the virtual host name under the domain account that you use for the web application pools.</p>
<p>If your administrative rights permit you to create SPNs in Active Directory Domain Services, MBAM creates the SPN for you. See [Setspn](http://technet.microsoft.com/library/cc731241.aspx) for information about the rights required to create SPNs.</p>

6
windows/security/threat-protection/device-guard/steps-to-deploy-windows-defender-application-control.md
View File

@ -799,7 +799,7 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to create a new WDAC policy by scanning the system for installed applications:
` New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy UserPEs 3> CIPolicyLog.txt `
` New-CIPolicy -Level FilePublisher -FilePath $InitialCIPolicy UserPEs -FallBack Hash 3> CIPolicyLog.txt `
> [!Note]
@ -841,7 +841,7 @@ When WDAC policies are run in audit mode, it allows administrators to discover a
> - An alternative method to test a policy is to rename the test file to SIPolicy.p7b and drop it into C:\\Windows\\System32\\CodeIntegrity, rather than deploy it by using the Local Group Policy Editor.
3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Windows Defender Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.
3. Navigate to **Computer Configuration\\Administrative Templates\\System\\Device Guard**, and then select **Deploy Windows Defender Application Control**. Enable this setting by using the appropriate file path, for example, C:\\Windows\\System32\\CodeIntegrity\\DeviceGuardPolicy.bin, as shown in Figure 1.
> [!Note]
@ -889,7 +889,7 @@ Use the following procedure after you have been running a computer with a WDAC p
3. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy?view=win10-ps) to generate a new WDAC policy from logged audit events. This example uses a file rule level of **Hash** and includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy UserPEs 3> CIPolicylog.txt`
` New-CIPolicy -Audit -Level Hash -FilePath $CIAuditPolicy UserPEs 3 -FallBack Hash > CIPolicylog.txt`
> [!Note]
> When you create policies from audit events, you should carefully consider the file rule level that you select to trust. The preceding example uses the **Hash** rule level, which is the most specific. Any change to the file (such as replacing the file with a newer version of the same file) will change the Hash value, and require an update to the policy.