From d2a3c13010c578450d228d9b74ba113faa0d3605 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:05:52 +0530 Subject: [PATCH 01/18] Create policy-csp-admx-framepanes.md --- .../mdm/policy-csp-admx-framepanes.md | 193 ++++++++++++++++++ 1 file changed, 193 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-framepanes.md diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md new file mode 100644 index 0000000000..b6c506ddd9 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md @@ -0,0 +1,193 @@ +--- +title: Policy CSP - ADMX_FramePanes +description: Policy CSP - ADMX_FramePanes +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/14/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FramePanes +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FramePanes policies + +
+
+ ADMX_FramePanes/NoReadingPane +
+
+ ADMX_FramePanes/NoPreviewPane +
+
+ + +
+ + +**ADMX_FramePanes/NoReadingPane** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +This policy setting shows or hides the Details Pane in File Explorer. + +- If you enable this policy setting and configure it to hide the pane, the Details Pane in File Explorer is hidden and cannot be turned on by the user. + +- If you enable this policy setting and configure it to show the pane, the Details Pane is always visible and cannot be hidden by the user. + +> [!NOTE] +> This has a side effect of not being able to toggle to the Preview Pane since the two cannot be displayed at the same time. + +- If you disable, or do not configure this policy setting, the Details Pane is hidden by default and can be displayed by the user. + +This is the default policy setting. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn on or off details pane* +- GP name: *NoReadingPane* +- GP path: *Windows Components\File Explorer\Explorer Frame Pane* +- GP ADMX file name: *FramePanes.admx* + + + +
+ + +**ADMX_FramePanes/NoPreviewPane** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
+ + + +Hides the Preview Pane in File Explorer. + +- If you enable this policy setting, the Preview Pane in File Explorer is hidden and cannot be turned on by the user. + +- If you disable, or do not configure this setting, the Preview Pane is hidden by default and can be displayed by the user. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Turn off Preview Pane* +- GP name: *NoPreviewPane* +- GP path: *Windows Components\File Explorer\Explorer Frame Pane* +- GP ADMX file name: *FramePanes.admx* + + + + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + From 560e60cc6449ec8a09d5b95e67d886d9ce848c00 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:05:57 +0530 Subject: [PATCH 02/18] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index a394943879..82b6038a3e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1177,6 +1177,16 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC +### ADMX_FramePanes policies +
+
+ ADMX_FramePanes/NoReadingPane +
+
+ ADMX_FramePanes/NoPreviewPane +
+
+ ### ADMX_Help policies
From 0f8d5166f662c84f4814ec1755847d82bcd26ab2 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 12:29:27 +0530 Subject: [PATCH 03/18] Updated --- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 ++ windows/client-management/mdm/toc.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index c4eba79f3d..86ae6b3e10 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -291,6 +291,8 @@ ms.date: 10/08/2020 - [ADMX_FolderRedirection/LocalizeXPRelativePaths_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-localizexprelativepaths-2) - [ADMX_FolderRedirection/PrimaryComputer_FR_1](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-1) - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) +- [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane) +- [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane) - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin) - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1) - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2) diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 4395fbc920..76433d4d19 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -483,6 +483,8 @@ items: href: policy-csp-admx-filesys.md - name: ADMX_FolderRedirection href: policy-csp-admx-folderredirection.md + - name: ADMX_FramePanes + href: policy-csp-admx-framepanes.md - name: ADMX_Globalization href: policy-csp-admx-globalization.md - name: ADMX_GroupPolicy From 4b6ad246f282c2035a4aab8f9cb53e8ca094a6f4 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Wed, 15 Sep 2021 16:08:21 +0530 Subject: [PATCH 04/18] Updated as per task 5388078 --- .../administrative-tools-in-windows-10.md | 13 +++++++------ ...advanced-troubleshooting-802-authentication.md | 2 +- .../connect-to-remote-aadj-pc.md | 7 ++++--- .../data-collection-for-802-authentication.md | 2 +- .../determine-appropriate-page-file-size.md | 2 +- ...icies-for-enterprise-and-education-editions.md | 5 +++-- .../client-management/manage-corporate-devices.md | 11 ++++++----- ...anage-device-installation-with-group-policy.md | 15 ++++++++------- .../manage-settings-app-with-group-policy.md | 7 ++++--- .../client-management/mandatory-user-profile.md | 6 ++++-- .../new-policies-for-windows-10.md | 5 +++-- windows/client-management/quick-assist.md | 2 +- .../troubleshoot-tcpip-port-exhaust.md | 2 +- windows/client-management/windows-libraries.md | 4 ++-- 14 files changed, 46 insertions(+), 37 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 6da0fdfdb9..8cf6c2a75d 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -1,5 +1,5 @@ --- -title: Administrative Tools in Windows 10 (Windows 10) +title: Administrative Tools in Windows 10 and Windows 11 description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8 ms.reviewer: @@ -10,16 +10,17 @@ ms.mktglfcycl: manage ms.sitesec: library author: greg-lindsay ms.localizationpriority: medium -ms.date: 07/27/2017 +ms.date: 09/14/2021 ms.topic: article --- -# Administrative Tools in Windows 10 +# Administrative Tools in Windows **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. @@ -29,7 +30,7 @@ The tools in the folder might vary depending on which edition of Windows you are ![Screenshot of folder of admin tools.](images/admin-tools-folder.png) -These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows 10. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders. +These tools were included in previous versions of Windows. The associated documentation for each tool should help you use these tools in Windows. The following list provides links to documentation for each tool. The tools are located within the folder C:\Windows\System32\ or its subfolders. @@ -54,7 +55,7 @@ These tools were included in previous versions of Windows. The associated docume - [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507) > [!TIP] -> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** page. Details about the information you want for a tool will help us plan future content.  +> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows** page. Details about the information you want for a tool will help us plan future content.  ## Related topics diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index c2a8ea0c57..80304a3e5f 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie ## Scenarios -This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS. +This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS. ## Known issues diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 4d8f35673e..63d3683704 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -1,5 +1,5 @@ --- -title: Connect to remote Azure Active Directory-joined PC (Windows 10) +title: Connect to remote Azure Active Directory-joined PC (Windows 10 and Windows 11) description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC. keywords: ["MDM", "device management", "RDP", "AADJ"] ms.prod: w10 @@ -9,7 +9,7 @@ ms.pagetype: devices author: dansimp ms.localizationpriority: medium ms.author: dansimp -ms.date: 08/02/2018 +ms.date: 09/14/2021 ms.reviewer: manager: dansimp ms.topic: article @@ -21,6 +21,7 @@ ms.topic: article **Applies to** - Windows 10 +- Windows 11 From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](/azure/active-directory/devices/concept-azure-ad-join). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics). @@ -28,7 +29,7 @@ From its release, Windows 10 has supported remote connections to PCs joined to A ## Set up -- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. +- Both PCs (local and remote) must be running Windows 10, version 1607 or later or Windows 11. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. - Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. - The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. diff --git a/windows/client-management/data-collection-for-802-authentication.md b/windows/client-management/data-collection-for-802-authentication.md index 58f94bd27e..0002838314 100644 --- a/windows/client-management/data-collection-for-802-authentication.md +++ b/windows/client-management/data-collection-for-802-authentication.md @@ -24,7 +24,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window 1. Create C:\MSLOG on the client machine to store captured logs. 2. Launch an elevated command prompt on the client machine, and run the following commands to start a RAS trace log and a Wireless/Wired scenario log. - **Wireless Windows 8.1 and Windows 10:** + **Wireless Windows 8.1, Windows 10, and Windows 11:** ``` netsh ras set tracing * enabled netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl diff --git a/windows/client-management/determine-appropriate-page-file-size.md b/windows/client-management/determine-appropriate-page-file-size.md index 8daf0f4ce4..da6bb869ab 100644 --- a/windows/client-management/determine-appropriate-page-file-size.md +++ b/windows/client-management/determine-appropriate-page-file-size.md @@ -74,7 +74,7 @@ By default, page files are system-managed. This means that the page files increa For example, when the system commit charge is more than 90 percent of the system commit limit, the page file is increased to back it. This continues to occur until the page file reaches three times the size of physical memory or 4 GB, whichever is larger. This all assumes that the logical disk that is hosting the page file is large enough to accommodate the growth. -The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10. +The following table lists the minimum and maximum page file sizes of system-managed page files in Windows 10 and Windows 11. |Minimum page file size |Maximum page file size| |---------------|------------------| diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md index 8b2eb55f2f..2fbd6d4691 100644 --- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md +++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md @@ -6,7 +6,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: dansimp ms.localizationpriority: medium -ms.date: 10/13/2017 +ms.date: 09/14/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,7 +17,8 @@ ms.topic: troubleshooting **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education. diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index f7fdbd3994..25dcf468c0 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -1,5 +1,5 @@ --- -title: Manage corporate devices (Windows 10) +title: Manage corporate devices (Windows 10 and Windows 11) description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones. ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D ms.reviewer: @@ -12,7 +12,7 @@ ms.sitesec: library ms.pagetype: devices author: dansimp ms.localizationpriority: medium -ms.date: 09/21/2017 +ms.date: 09/14/2021 ms.topic: article --- @@ -21,9 +21,10 @@ ms.topic: article **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 -You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10. +You can use the same management tools to manage all device types running Windows 10 and Windows 11: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11. ## In this section @@ -35,7 +36,7 @@ You can use the same management tools to manage all device types running Windows | [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 | | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education | | [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start | -| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 in their organizations | +| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 11 in their organizations | ## Learn more diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md index db00986ab0..4c263fc3c8 100644 --- a/windows/client-management/manage-device-installation-with-group-policy.md +++ b/windows/client-management/manage-device-installation-with-group-policy.md @@ -1,11 +1,11 @@ --- -title: Manage Device Installation with Group Policy (Windows 10) +title: Manage Device Installation with Group Policy (Windows 10 and Windows 11) description: Find out how to manage Device Installation Restrictions with Group Policy. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: barakm -ms.date: 07/05/2021 +ms.date: 09/14/2021 ms.reviewer: manager: barakm ms.author: barakm @@ -18,15 +18,16 @@ ms.topic: article **Applies to** - Windows 10, Windows Server 2022 +- Windows 11 ## Summary -By using Windows 10 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy. +By using Windows 10 and Windows 11 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy. ## Introduction ### General -This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 versions starting with RS5 (1809). The guide includes the following scenarios: +This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 (and Windows 11) versions starting with RS5 (1809). The guide includes the following scenarios: - Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it. - Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it. @@ -44,7 +45,7 @@ It is important to understand that the Group Policies that are presented in this This guide is targeted at the following audiences: -- Information technology planners and analysts who are evaluating Windows 10 and Windows Server 2022 +- Information technology planners and analysts who are evaluating Windows 10 (and Windows 11) and Windows Server 2022 - Enterprise information technology planners and designers - Security architects who are responsible for implementing trustworthy computing in their organization - Administrators who want to become familiar with the technology @@ -102,7 +103,7 @@ A device is a piece of hardware with which Windows interacts to perform some fun When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those included with the driver packages. -Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 to specify which of these identifiers to allow or block. +Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 (and Windows 11) to specify which of these identifiers to allow or block. The four types of identifiers are: @@ -223,7 +224,7 @@ Some of these policies take precedence over other policies. The flowchart shown To complete each of the scenarios, please ensure your have: -- A client computer running Windows 10. +- A client computer running Windows 10 (and Windows 11). - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build. diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md index f64ee0de0c..0188879565 100644 --- a/windows/client-management/manage-settings-app-with-group-policy.md +++ b/windows/client-management/manage-settings-app-with-group-policy.md @@ -1,11 +1,11 @@ --- -title: Manage the Settings app with Group Policy (Windows 10) +title: Manage the Settings app with Group Policy (Windows 10 and Windows 11) description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users. ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library author: dansimp -ms.date: 04/19/2017 +ms.date: 09/14/2021 ms.reviewer: manager: dansimp ms.author: dansimp @@ -17,7 +17,8 @@ ms.topic: article **Applies to** -- Windows 10, Windows Server 2016 +- Windows 10, Windows Server 2016 +- Windows 11 You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely. To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md index 7b77f47742..8b2e2bc3e9 100644 --- a/windows/client-management/mandatory-user-profile.md +++ b/windows/client-management/mandatory-user-profile.md @@ -1,5 +1,5 @@ --- -title: Create mandatory user profiles (Windows 10) +title: Create mandatory user profiles (Windows 10 and Windows 11) description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users. keywords: [".man","ntuser"] ms.prod: w10 @@ -7,7 +7,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: dansimp ms.author: dansimp -ms.date: 10/02/2018 +ms.date: 09/14/2021 ms.reviewer: manager: dansimp ms.topic: article @@ -16,7 +16,9 @@ ms.topic: article # Create mandatory user profiles **Applies to** + - Windows 10 +- Windows 11 A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md index 183335b55e..9d8d9e35c6 100644 --- a/windows/client-management/new-policies-for-windows-10.md +++ b/windows/client-management/new-policies-for-windows-10.md @@ -11,7 +11,7 @@ ms.mktglfcycl: manage ms.sitesec: library author: dansimp ms.localizationpriority: medium -ms.date: 10/24/2017 +ms.date: 09/15/2021 ms.topic: reference --- @@ -20,7 +20,8 @@ ms.topic: reference **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 As of September 2020 This page will no longer be updated. To find the Group Polices that ship in each version of Windows, refer to the Group Policy Settings Reference Spreadsheet. You can always locate the most recent version of the Spreadsheet by searching the Internet for "Windows Version + Group Policy Settings Reference". diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index acdcd2d268..0449d63dde 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -12,7 +12,7 @@ manager: laurawi # Use Quick Assist to help users -Quick Assist is a Windows 10 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. +Quick Assist is a Windows 10 and Windows 11 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. ## Before you begin diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md index 4c1e8b1b7f..26ba85c430 100644 --- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md +++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md @@ -196,4 +196,4 @@ goto loop - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status -- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10) +- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11) diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md index a287d48be1..5db8c1238b 100644 --- a/windows/client-management/windows-libraries.md +++ b/windows/client-management/windows-libraries.md @@ -10,11 +10,11 @@ ms.technology: storage ms.topic: article author: dansimp description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures. -ms.date: 04/19/2017 +ms.date: 09/15/2021 --- # Windows libraries -> Applies to: Windows 10, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 +> Applies to: Windows 10, Windows 11, Windows 8.1, Windows 7, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Libraries are virtual containers for users’ content. A library can contain files and folders stored on the local computer or in a remote storage location. In Windows Explorer, users interact with libraries in ways similar to how they would interact with other folders. Libraries are built upon the legacy known folders (such as My Documents, My Pictures, and My Music) that users are familiar with, and these known folders are automatically included in the default libraries and set as the default save location. From 58d4a0a3a9f6446ac95c4dbbcea047e75ff565eb Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 18:47:06 +0530 Subject: [PATCH 05/18] Updated --- .../mdm/policies-in-policy-csp-admx-backed.md | 1 + .../mdm/policy-csp-admx-fthsvc.md | 116 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 119 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-fthsvc.md diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 86ae6b3e10..0c20f673c6 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -293,6 +293,7 @@ ms.date: 10/08/2020 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) - [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane) - [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane) +- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc-wdiscenarioexecutionpolicy.md#admx-fthsvc-wdiscenarioexecutionpolicy) - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin) - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1) - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2) diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md new file mode 100644 index 0000000000..8790ac9ad7 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md @@ -0,0 +1,116 @@ +--- +title: Policy CSP - ADMX_FTHSVC +description: Policy CSP - ADMX_FTHSVC +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/15/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_FTHSVC +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_FTHSVC policies + +
+
+ ADMX_FTHSVC/WdiScenarioExecutionPolicy +
+
+ +
+ + +**ADMX_FTHSVC/WdiScenarioExecutionPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting permits or prohibits the Diagnostic Policy Service (DPS) from automatically resolving any heap corruption problems. + +- If you enable this policy setting, the DPS detects, troubleshoots, and attempts to resolve automatically any heap corruption problems. + +- If you disable this policy setting, Windows cannot detect, troubleshoot, and attempt to resolve automatically any heap corruption problems that are handled by the DPS. +If you do not configure this policy setting, the DPS enables Fault Tolerant Heap for resolution by default. +This policy setting takes effect only if the diagnostics-wide scenario execution policy is not configured. +This policy setting takes effect only when the Diagnostic Policy Service is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. +The DPS can be configured with the Services snap-in to the Microsoft Management Console. +No system restart or service restart is required for this policy setting to take effect: changes take effect immediately. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Configure Scenario Execution Level* +- GP name: *WdiScenarioExecutionPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Fault Tolerant Heap* +- GP ADMX file name: *FTHSVC.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index 76433d4d19..dc49d0d690 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -485,6 +485,8 @@ items: href: policy-csp-admx-folderredirection.md - name: ADMX_FramePanes href: policy-csp-admx-framepanes.md + - name: ADMX_FTHSVC + href: policy-csp-admx-fthsvc.md - name: ADMX_Globalization href: policy-csp-admx-globalization.md - name: ADMX_GroupPolicy From fd963bd7d8b4b73be47820e7aeb6e7135d0623e2 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 18:52:33 +0530 Subject: [PATCH 06/18] Update policy-configuration-service-provider.md --- .../mdm/policy-configuration-service-provider.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 82b6038a3e..584f15a4e5 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1187,6 +1187,7 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_FTHSVC policies ### ADMX_Help policies
From 61904effb4d5e4481def041491234225329684e8 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Wed, 15 Sep 2021 19:39:05 +0530 Subject: [PATCH 07/18] Updated --- .../policy-configuration-service-provider.md | 13 ++ .../mdm/policy-csp-admx-hotspotauth.md | 115 ++++++++++++++++++ 2 files changed, 128 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-hotspotauth.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 584f15a4e5..4496c8609f 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1188,6 +1188,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
### ADMX_FTHSVC policies +
+
+ ADMX_FTHSVC/WdiScenarioExecutionPolicy +
+
+ ### ADMX_Help policies
@@ -1204,6 +1210,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_HotSpotAuth policies +
+
+ ADMX_HotSpotAuth/HotspotAuth_Enable +
+
+ ### ADMX_Globalization policies
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md new file mode 100644 index 0000000000..17e85306fc --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md @@ -0,0 +1,115 @@ +--- +title: Policy CSP - ADMX_HotSpotAuth +description: Policy CSP - ADMX_HotSpotAuth +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/15/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_HotSpotAuth +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_HotSpotAuth policies + +
+
+ ADMX_HotSpotAuth/HotspotAuth_Enable +
+
+ +
+ + +**ADMX_HotSpotAuth/HotspotAuth_Enable** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting defines whether WLAN hotspots are probed for Wireless Internet Service Provider roaming (WISPr) protocol support. + +- If a WLAN hotspot supports the WISPr protocol, users can submit credentials when manually connecting to the network. + +- If authentication is successful, users will be connected automatically on subsequent attempts. Credentials can also be configured by network operators. + +- If you enable this policy setting, or if you do not configure this policy setting, WLAN hotspots are automatically probed for WISPR protocol support. + +- If you disable this policy setting, WLAN hotspots are not probed for WISPr protocol support, and users can only authenticate with WLAN hotspots using a web browser. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Enable Hotspot Authentication* +- GP name: *HotspotAuth_Enable* +- GP path: *Network\Hotspot Authentication* +- GP ADMX file name: *HotSpotAuth.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + From adca70b7787282d526ceec93d3e56d153a6a6b70 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Fri, 17 Sep 2021 15:58:16 +0530 Subject: [PATCH 08/18] Incorporated the review comments --- .../administrative-tools-in-windows-10.md | 4 ++-- .../advanced-troubleshooting-802-authentication.md | 2 +- .../client-management/connect-to-remote-aadj-pc.md | 4 ++-- .../client-management/manage-corporate-devices.md | 8 ++++---- .../manage-device-installation-with-group-policy.md | 13 +++++++------ windows/client-management/quick-assist.md | 2 +- .../troubleshoot-tcpip-port-exhaust.md | 2 +- 7 files changed, 18 insertions(+), 17 deletions(-) diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md index 8cf6c2a75d..b7d0186f19 100644 --- a/windows/client-management/administrative-tools-in-windows-10.md +++ b/windows/client-management/administrative-tools-in-windows-10.md @@ -1,5 +1,5 @@ --- -title: Administrative Tools in Windows 10 and Windows 11 +title: Administrative Tools in Windows description: Administrative Tools is a folder in Control Panel that contains tools for system administrators and advanced users. ms.assetid: FDC63933-C94C-43CB-8373-629795926DC8 ms.reviewer: @@ -55,7 +55,7 @@ These tools were included in previous versions of Windows. The associated docume - [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507) > [!TIP] -> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows** page. Details about the information you want for a tool will help us plan future content.  +> If the content that is linked to a tool in the following list doesn't provide the information you need to use that tool, send us a comment by using the **Was this page helpful?** feature on this **Administrative Tools in Windows 10** or **Administrative Tools in Windows 11** page. Details about the information you want for a tool will help us plan future content.  ## Related topics diff --git a/windows/client-management/advanced-troubleshooting-802-authentication.md b/windows/client-management/advanced-troubleshooting-802-authentication.md index 80304a3e5f..d3f7cdaa23 100644 --- a/windows/client-management/advanced-troubleshooting-802-authentication.md +++ b/windows/client-management/advanced-troubleshooting-802-authentication.md @@ -21,7 +21,7 @@ This article includes general troubleshooting for 802.1X wireless and wired clie ## Scenarios -This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 (and Windows 11) for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS. +This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 11 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS. ## Known issues diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index 63d3683704..d35a51b495 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -1,5 +1,5 @@ --- -title: Connect to remote Azure Active Directory-joined PC (Windows 10 and Windows 11) +title: Connect to remote Azure Active Directory-joined PC (Windows) description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC. keywords: ["MDM", "device management", "RDP", "AADJ"] ms.prod: w10 @@ -29,7 +29,7 @@ From its release, Windows 10 has supported remote connections to PCs joined to A ## Set up -- Both PCs (local and remote) must be running Windows 10, version 1607 or later or Windows 11. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. +- Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. - Your local PC (where you are connecting from) must be either Azure AD-joined or Hybrid Azure AD-joined if using Windows 10, version 1607 and above, or [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) if using Windows 10, version 2004 and above. Remote connections to an Azure AD-joined PC from an unjoined device or a non-Windows 10 device are not supported. - The local PC and remote PC must be in the same Azure AD tenant. Azure AD B2B guests are not supported for Remote desktop. diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md index 25dcf468c0..b1ab3c2cab 100644 --- a/windows/client-management/manage-corporate-devices.md +++ b/windows/client-management/manage-corporate-devices.md @@ -1,6 +1,6 @@ --- -title: Manage corporate devices (Windows 10 and Windows 11) -description: You can use the same management tools to manage all device types running Windows 10 desktops, laptops, tablets, and phones. +title: Manage corporate devices (Windows) +description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones. ms.assetid: 62D6710C-E59C-4077-9C7E-CE0A92DFC05D ms.reviewer: manager: dansimp @@ -24,7 +24,7 @@ ms.topic: article - Windows 10 - Windows 11 -You can use the same management tools to manage all device types running Windows 10 and Windows 11: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11. +You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, System Center tools, and so on, will continue to work for Windows 10 and Windows 11. ## In this section @@ -36,7 +36,7 @@ You can use the same management tools to manage all device types running Windows | [New policies for Windows 10](new-policies-for-windows-10.md) | New Group Policy settings added in Windows 10 | | [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md) | Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education | | [Changes to Group Policy settings for Start in Windows 10](/windows/configuration/changes-to-start-policies-in-windows-10) | Changes to the Group Policy settings that you use to manage Start | -| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 11 in their organizations | +| [Introduction to configuration service providers (CSPs) for IT pros](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) | How IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 or Windows 11 in their organizations | ## Learn more diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md index 4c263fc3c8..25ce17d38a 100644 --- a/windows/client-management/manage-device-installation-with-group-policy.md +++ b/windows/client-management/manage-device-installation-with-group-policy.md @@ -17,17 +17,18 @@ ms.topic: article **Applies to** -- Windows 10, Windows Server 2022 +- Windows 10 - Windows 11 +- Windows Server 2022 ## Summary -By using Windows 10 and Windows 11 operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy. +By using Windows operating systems, administrators can determine what devices can be installed on computers they manage. This guide summarizes the device installation process and demonstrates several techniques for controlling device installation by using Group Policy. ## Introduction ### General -This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows 10 (and Windows 11) versions starting with RS5 (1809). The guide includes the following scenarios: +This step-by-step guide describes how you can control device installation on the computers that you manage, including designating which devices users can and cannot install. This guide applies to all Windows versions starting with RS5 (1809). The guide includes the following scenarios: - Prevent users from installing devices that are on a "prohibited" list. If a device is not on the list, then the user can install it. - Allow users to install only devices that are on an "approved" list. If a device is not on the list, then the user cannot install it. @@ -45,7 +46,7 @@ It is important to understand that the Group Policies that are presented in this This guide is targeted at the following audiences: -- Information technology planners and analysts who are evaluating Windows 10 (and Windows 11) and Windows Server 2022 +- Information technology planners and analysts who are evaluating Windows 10, Windows 11 or Windows Server 2022 - Enterprise information technology planners and designers - Security architects who are responsible for implementing trustworthy computing in their organization - Administrators who want to become familiar with the technology @@ -103,7 +104,7 @@ A device is a piece of hardware with which Windows interacts to perform some fun When Windows detects a device that has never been installed on the computer, the operating system queries the device to retrieve its list of device identification strings. A device usually has multiple device identification strings, which the device manufacturer assigns. The same device identification strings are included in the .inf file (also known as an _INF_) that is part of the driver package. Windows chooses which driver package to install by matching the device identification strings retrieved from the device to those included with the driver packages. -Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows 10 (and Windows 11) to specify which of these identifiers to allow or block. +Windows uses four types of identifiers to control device installation and configuration. You can use the Group Policy settings in Windows to specify which of these identifiers to allow or block. The four types of identifiers are: @@ -224,7 +225,7 @@ Some of these policies take precedence over other policies. The flowchart shown To complete each of the scenarios, please ensure your have: -- A client computer running Windows 10 (and Windows 11). +- A client computer running Windows. - A USB thumb drive. The scenarios described in this guide use a USB thumb drive as the example device (also known as a “removable disk drive”, "memory drive," a "flash drive," or a "keyring drive"). Most USB thumb drives do not require any manufacturer-provided drivers, and these devices work with the inbox drivers provided with the Windows build. diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md index 0449d63dde..ced09ebede 100644 --- a/windows/client-management/quick-assist.md +++ b/windows/client-management/quick-assist.md @@ -12,7 +12,7 @@ manager: laurawi # Use Quick Assist to help users -Quick Assist is a Windows 10 and Windows 11 application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. +Quick Assist is a Windows application that enables a person to share their device with another person over a remote connection. Your support staff can use it to remotely connect to a user’s device and then view its display, make annotations, or take full control. In this way, they can troubleshoot, diagnose technological issues, and provide instructions to users directly on their devices. ## Before you begin diff --git a/windows/client-management/troubleshoot-tcpip-port-exhaust.md b/windows/client-management/troubleshoot-tcpip-port-exhaust.md index 26ba85c430..3e8eeea8a1 100644 --- a/windows/client-management/troubleshoot-tcpip-port-exhaust.md +++ b/windows/client-management/troubleshoot-tcpip-port-exhaust.md @@ -196,4 +196,4 @@ goto loop - [Port Exhaustion and You!](/archive/blogs/askds/port-exhaustion-and-you-or-why-the-netstat-tool-is-your-friend) - this article gives a detail on netstat states and how you can use netstat output to determine the port status -- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10 and Windows 11) +- [Detecting ephemeral port exhaustion](/archive/blogs/yongrhee/windows-server-2012-r2-ephemeral-ports-a-k-a-dynamic-ports-hotfixes): this article has a script which will run in a loop to report the port status. (Applicable for Windows 2012 R2, Windows 8, Windows 10, and Windows 11) From d70fd37e67aed91bc008ce627d19382c79460e95 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Fri, 17 Sep 2021 16:03:20 +0530 Subject: [PATCH 09/18] updated --- .../policy-configuration-service-provider.md | 9 ++ .../mdm/policy-csp-admx-iis.md | 113 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 124 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-iis.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 4496c8609f..2cfb72007a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1528,6 +1528,15 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_IIS policies +
+
+ ADMX_IIS/PreventIISInstall +
+
+ ### ADMX_kdc policies
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md new file mode 100644 index 0000000000..7516b56b97 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-iis.md @@ -0,0 +1,113 @@ +--- +title: Policy CSP - ADMX_IIS +description: Policy CSP - ADMX_IIS +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/17/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_IIS +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_IIS policies + +
+
+ ADMX_IIS/PreventIISInstall +
+
+ +
+ + +**ADMX_IIS/PreventIISInstall** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting prevents installation of Internet Information Services (IIS) on this computer. + +- If you enable this policy setting, Internet Information Services (IIS) cannot be installed, and you will not be able to install Windows components or applications that require IIS. Users installing Windows components or applications that require IIS might not receive a warning that IIS cannot be installed because of this Group Policy setting. + +Enabling this setting will not have any effect on IIS if IIS is already installed on the computer. + +- If you disable or do not configure this policy setting, IIS can be installed, as well as all the programs and applications that require IIS to run." + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP Friendly name: *Prevent IIS installation* +- GP name: *PreventIISInstall* +- GP path: *Windows Components\Internet Information Services* +- GP ADMX file name: *IIS.admx* + + + + +
+ +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index dc49d0d690..eb0e3b7e08 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -497,6 +497,8 @@ items: href: policy-csp-admx-helpandsupport.md - name: ADMX_ICM href: policy-csp-admx-icm.md + - name: ADMX_IIS + href: policy-csp-admx-iis.md - name: ADMX_kdc href: policy-csp-admx-kdc.md - name: ADMX_Kerberos From 97f0f2cbc2c4c6d4b83bf7e0568ac69b636c2a86 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Fri, 17 Sep 2021 16:13:34 +0530 Subject: [PATCH 10/18] Update policies-in-policy-csp-admx-backed.md --- .../mdm/policies-in-policy-csp-admx-backed.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 0c20f673c6..912040f409 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -293,7 +293,7 @@ ms.date: 10/08/2020 - [ADMX_FolderRedirection/PrimaryComputer_FR_2](./policy-csp-admx-folderredirection.md#admx-folderredirection-primarycomputer-fr-2) - [ADMX_FramePanes/NoReadingPane](./policy-csp-admx-framepanes.md#admx-framepanes-noreadingpane) - [ADMX_FramePanes/NoPreviewPane](./policy-csp-admx-framepanes.md#admx-framepanes-nopreviewpane) -- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc-wdiscenarioexecutionpolicy.md#admx-fthsvc-wdiscenarioexecutionpolicy) +- [ADMX_FTHSVC/WdiScenarioExecutionPolicy](./policy-csp-admx-fthsvc.md#admx-fthsvc-wdiscenarioexecutionpolicy) - [ADMX_Globalization/BlockUserInputMethodsForSignIn](./policy-csp-admx-globalization.md#admx-globalization-blockuserinputmethodsforsignin) - [ADMX_Globalization/CustomLocalesNoSelect_1](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-1) - [ADMX_Globalization/CustomLocalesNoSelect_2](./policy-csp-admx-globalization.md#admx-globalization-customlocalesnoselect-2) @@ -395,6 +395,7 @@ ms.date: 10/08/2020 - [ADMX_ICM/ShellRemovePublishToWeb_2](./policy-csp-admx-icm.md#admx-icm-shellremovepublishtoweb-2) - [ADMX_ICM/WinMSG_NoInstrumentation_1](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-1) - [ADMX_ICM/WinMSG_NoInstrumentation_2](./policy-csp-admx-icm.md#admx-icm-winmsg_noinstrumentation-2) +- [ADMX_IIS/PreventIISInstall](./policy-csp-admx-iis.md#admx-iis-preventiisinstall) - [ADMX_kdc/CbacAndArmor](./policy-csp-admx-kdc.md#admx-kdc-cbacandarmor) - [ADMX_kdc/ForestSearch](./policy-csp-admx-kdc.md#admx-kdc-forestsearch) - [ADMX_kdc/PKINITFreshness](./policy-csp-admx-kdc.md#admx-kdc-pkinitfreshness) From 032a63cb9b4c7da1e246b2cd00c29490b7443b3a Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 17 Sep 2021 09:09:20 -0700 Subject: [PATCH 11/18] more reference changes --- .../update/prepare-deploy-windows.md | 11 ++++-- windows/deployment/update/update-baseline.md | 3 ++ windows/deployment/update/update-policies.md | 10 ++++- ...aas-deployment-rings-windows-10-updates.md | 33 ++++++----------- .../update/waas-manage-updates-wsus.md | 36 +++++------------- .../waas-optimize-windows-10-updates.md | 37 +++++++------------ ...s-servicing-strategy-windows-10-updates.md | 31 +++++----------- 7 files changed, 65 insertions(+), 96 deletions(-) diff --git a/windows/deployment/update/prepare-deploy-windows.md b/windows/deployment/update/prepare-deploy-windows.md index 4da49340aa..3ea447d2c4 100644 --- a/windows/deployment/update/prepare-deploy-windows.md +++ b/windows/deployment/update/prepare-deploy-windows.md @@ -15,7 +15,12 @@ ms.collection: m365initiative-coredeploy # Prepare to deploy Windows -Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows 10. The planning phase will have left you with these useful items: +**Applies to** + +- Windows 10 +- Windows 11 + +Having worked through the activities in the planning phase, you should be in a good position to prepare your environment and process to deploy Windows client. The planning phase will have left you with these useful items: - A clear understanding of necessary personnel and their roles and criteria for [rating app readiness](plan-define-readiness.md) - A plan for [testing and validating](plan-determine-app-readiness.md) apps @@ -114,7 +119,7 @@ Ensure that devices can reach necessary Windows Update endpoints through the fir > [!NOTE] > Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail. -The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby. +The specific endpoints can vary between Windows versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows client versions are available in the table of contents nearby. ### Optimize download bandwidth @@ -124,7 +129,7 @@ Set up [Delivery Optimization](waas-delivery-optimization.md) for peer network s In the course of surveying your device population, either with Desktop Analytics or by some other means, you might find devices that have systemic problems that could interfere with update installation. Now is the time to fix those problems. -- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files: +- **Low disk space:** Quality updates require a minimum of 2 GB to successfully install. Feature updates require between 8 GB and 15 GB depending upon the configuration. On Windows 10, version 1903 and later (and Windows 11) you can proactively use the "reserved storage" feature (for wipe and loads, rebuilds, and new builds) to avoid running out of disk space. If you find a group of devices that don't have enough disk space, you can often resolve the problem by cleaning up log files and asking users to clean up data if necessary. A good place to start is to delete the following files: - C:\Windows\temp - C:\Windows\cbstemp (though this file might be necessary to investigate update failures) diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index 2e4ab4fd64..ed9feda6cd 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -15,6 +15,9 @@ ms.topic: article **Applies to:** Windows 10 +> [!NOTE] +> Update Baseline is not currently available for Windows 11. + With the large number of different policies offered for Windows 10, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. ## Why is Update Baseline needed? diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index a9b3b9cd95..0fd8905103 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -15,6 +15,12 @@ ms.collection: M365-modern-desktop --- # Policies for update compliance, activity, and end-user experience + +**Applies to** + +- Windows 10 +- Windows 11 +- Keeping devices up to date is the best way to keep them working smoothly and securely. ## Deadlines for update compliance @@ -25,7 +31,7 @@ deadline approaches, and then prioritize velocity as the deadline nears, while s ### Deadlines Beginning with Windows 10, version 1903 and with the August 2019 security update for Windows 10, version 1709 -and late, a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**. +and later (including Windows 11), a new policy was introduced to replace older deadline-like policies: **Specify deadlines for automatic updates and restarts**. The older policies started enforcing deadlines once the device reached a “restart pending” state for an update. The new policy starts the countdown for the update installation deadline from when the @@ -172,7 +178,7 @@ The default timeout on devices that support traditional sleep is set to three ho ## Old or conflicting policies -Each release of Windows 10 can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. +Each release of Windows client can introduce new policies to make the experience better for both administrators and their organizations. When we release a new client policy, we either release it purely for that release and later or we backport the policy to make it available on earlier versions. > [!IMPORTANT] > If you are using Group Policy, note that we don't update the old ADMX templates and you must use the newer (1903) ADMX template in order to use the newer policy. Also, if you are diff --git a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md index 52a1ec6f2c..177e2b07ca 100644 --- a/windows/deployment/update/waas-deployment-rings-windows-10-updates.md +++ b/windows/deployment/update/waas-deployment-rings-windows-10-updates.md @@ -1,6 +1,6 @@ --- -title: Build deployment rings for Windows 10 updates (Windows 10) -description: Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. +title: Build deployment rings for Windows client updates +description: Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. ms.prod: w10 ms.mktglfcycl: manage author: jaimeo @@ -14,10 +14,11 @@ ms.topic: article # Build deployment rings for Windows 10 updates - **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 + > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) @@ -26,7 +27,7 @@ ms.topic: article For Windows as a service, maintenance is ongoing and iterative. Deploying previous versions of Windows required organizations to build sets of users to roll out the changes in phases. Typically, these users ranged (in order) from the most adaptable and least risky to the least adaptable or riskiest. With Windows 10, a similar methodology exists, but construction of the groups is a little different. -Deployment rings in Windows 10 are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows 10, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. +Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method by which to separate machines into a deployment timeline. With Windows client, you construct deployment rings a bit differently in each servicing tool, but the concepts remain the same. Each deployment ring should reduce the risk of issues derived from the deployment of the feature updates by gradually deploying the update to entire departments. As previously mentioned, consider including a portion of each department’s employees in several deployment rings. Defining deployment rings is generally a one-time event (or at least infrequent), but IT should revisit these groups to ensure that the sequencing is still correct. Also, there are times in which client computers could move between different deployment rings when necessary. @@ -47,25 +48,15 @@ Table 1 provides an example of the deployment rings you might use. As Table 1 shows, each combination of servicing channel and deployment group is tied to a specific deployment ring. As you can see, the associated groups of devices are combined with a servicing channel to specify which deployment ring those devices and their users fall into. The naming convention used to identify the rings is completely customizable as long as the name clearly identifies the sequence. Deployment rings represent a sequential deployment timeline, regardless of the servicing channel they contain. Deployment rings will likely rarely change for an organization, but they should be periodically assessed to ensure that the deployment cadence still makes sense. -## Steps to manage updates for Windows 10 +## Steps to manage updates for Windows client |  |  | | --- | --- | | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | -| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | Build deployment rings for Windows 10 updates (this topic) | -| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | -| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | -| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | +| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | Build deployment rings for Windows client updates (this topic) | +| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) | +| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) | +| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | -## Related topics -- [Update Windows 10 in the enterprise](index.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Manage software updates in Intune](/intune/windows-update-for-business-configure) -- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) -- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md index d6f97a6fae..bc2accd828 100644 --- a/windows/deployment/update/waas-manage-updates-wsus.md +++ b/windows/deployment/update/waas-manage-updates-wsus.md @@ -1,5 +1,5 @@ --- -title: Deploy Windows 10 updates using Windows Server Update Services (Windows 10) +title: Deploy Windows client updates using Windows Server Update Services description: WSUS allows companies to defer, selectively approve, choose when delivered, and determine which devices receive updates. ms.prod: w10 ms.mktglfcycl: manage @@ -11,12 +11,13 @@ manager: laurawi ms.topic: article --- -# Deploy Windows 10 updates using Windows Server Update Services (WSUS) +# Deploy Windows client updates using Windows Server Update Services (WSUS) **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) @@ -329,33 +330,16 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
-## Steps to manage updates for Windows 10 +## Steps to manage updates for Windows client |  |  | | --- | --- | | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | -| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or Deploy Windows 10 updates using Windows Server Update Services (this topic)
or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | +| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or Deploy Windows client updates using Windows Server Update Services (this topic)
or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Overview of Windows as a service](waas-overview.md) -- [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) -- [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) -- [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) -- [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) -- [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) -- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/waas-optimize-windows-10-updates.md b/windows/deployment/update/waas-optimize-windows-10-updates.md index 672e2ff5a9..32f43cc742 100644 --- a/windows/deployment/update/waas-optimize-windows-10-updates.md +++ b/windows/deployment/update/waas-optimize-windows-10-updates.md @@ -1,5 +1,5 @@ --- -title: Optimize update delivery for Windows 10 updates (Windows 10) +title: Optimize update delivery for Windows client updates description: Two methods of peer-to-peer content distribution are available in Windows 10, Delivery Optimization and BranchCache. ms.prod: w10 ms.mktglfcycl: manage @@ -11,24 +11,25 @@ manager: laurawi ms.topic: article --- -# Optimize Windows 10 update delivery +# Optimize Windows client update delivery **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) -When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows 10 offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows 10. +When considering your content distribution strategy for Windows 10, think about enabling a form of peer-to-peer content sharing to reduce bandwidth issues during updates. Windows client offers two peer-to-peer options for update content distribution: Delivery Optimization and BranchCache. These technologies can be used with several of the servicing tools for Windows client. -Two methods of peer-to-peer content distribution are available in Windows 10. +Two methods of peer-to-peer content distribution are available. -- [Delivery Optimization](waas-delivery-optimization.md) is a new peer-to-peer distribution method in Windows 10. Windows 10 clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests. +- [Delivery Optimization](waas-delivery-optimization.md) is a peer-to-peer distribution method in Windows. Windows clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests. Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates. -- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows 10 operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7. +- [BranchCache](waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7. >[!NOTE] >Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations. @@ -49,7 +50,7 @@ Two methods of peer-to-peer content distribution are available in Windows 10. ## Express update delivery -Windows 10 quality update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express. +Windows client quality update downloads can be large because every package contains all previously released fixes to ensure consistency and simplicity. Windows has been able to reduce the size of Windows Update downloads with a feature called Express. > [!NOTE] > Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business. @@ -84,25 +85,15 @@ At this point, the download is complete and the update is ready to be installed. > [!TIP] > Express will **always** be leveraged if your machines are updated regularly with the latest cumulative updates. -## Steps to manage updates for Windows 10 +## Steps to manage updates for Windows client |  |  | | --- | --- | | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | -| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows 10 updates](waas-servicing-strategy-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | -| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](waas-servicing-strategy-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) | +| ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) | | ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this topic) | -| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | +| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) -- [Manage device restarts after updates](waas-restart.md) diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md index e22c1fd433..86a3d1f00d 100644 --- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md +++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md @@ -1,6 +1,6 @@ --- -title: Prepare servicing strategy for Windows 10 updates (Windows 10) -description: A strong Windows 10 deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. +title: Prepare servicing strategy for Windows client updates +description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update. ms.prod: w10 ms.mktglfcycl: manage author: jaimeo @@ -17,7 +17,8 @@ ms.collection: m365initiative-coredeploy **Applies to** -- Windows 10 +- Windows 10 +- Windows 11 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) @@ -48,25 +49,13 @@ Each time Microsoft releases a Windows 10 feature update, the IT department shou 3. **Deploy broadly.** Finally, focus on the large-scale deployment using deployment rings, like the ones discussed in Table 1. Build deployment rings that target groups of computers in your selected update-management product. To reduce risk as much as possible, construct your deployment rings in a way that splits individual departments into multiple rings. This way, if you were to encounter an issue, you don’t prevent any critical business from continuing. By using this method, each deployment ring reduces risk as more people have been updated in any particular department. -## Steps to manage updates for Windows 10 +## Steps to manage updates for Windows client |  |  | | --- | --- | | ![done.](images/checklistdone.png) | [Learn about updates and servicing channels](waas-overview.md) | -| ![done.](images/checklistdone.png) | Prepare servicing strategy for Windows 10 updates (this topic) | -| ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) | -| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows 10 updates](waas-servicing-channels-windows-10-updates.md) | -| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows 10 updates](waas-optimize-windows-10-updates.md) | -| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows 10 updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | - - -## Related topics - -- [Update Windows 10 in the enterprise](index.md) -- [Configure Delivery Optimization for Windows 10 updates](waas-delivery-optimization.md) -- [Configure BranchCache for Windows 10 updates](waas-branchcache.md) -- [Configure Windows Update for Business](waas-configure-wufb.md) -- [Integrate Windows Update for Business with management solutions](waas-integrate-wufb.md) -- [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md) -- [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure) -- [Manage device restarts after updates](waas-restart.md) \ No newline at end of file +| ![done.](images/checklistdone.png) | Prepare servicing strategy for Windows client updates (this topic) | +| ![to do.](images/checklistbox.gif) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) | +| ![to do.](images/checklistbox.gif) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) | +| ![to do.](images/checklistbox.gif) | [Optimize update delivery for Windows client updates](waas-optimize-windows-10-updates.md) | +| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)
or [Deploy Windows client updates using Windows Server Update Services](waas-manage-updates-wsus.md)
or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | From 57cf71fe3bb1334aaf49dadd7f1bc1d916abe0a8 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 17 Sep 2021 09:24:04 -0700 Subject: [PATCH 12/18] adding description --- windows/deployment/update/update-policies.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 0fd8905103..41ba2897fd 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -1,8 +1,8 @@ --- -title: Policies for update compliance, activity, and end-user experience +title: Policies for update compliance, activity, and user experience ms.reviewer: manager: laurawi -description: +description: Explanation and recommendations for settings keywords: updates, servicing, current, deployment, semi-annual channel, feature, quality, rings, insider, tools ms.prod: w10 ms.mktglfcycl: manage @@ -14,7 +14,7 @@ ms.topic: article ms.collection: M365-modern-desktop --- -# Policies for update compliance, activity, and end-user experience +# Policies for update compliance, activity, and user experience **Applies to** From b092353fccb7b5d5d34e7a223150b5a31e0f2dc8 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 17 Sep 2021 10:28:41 -0700 Subject: [PATCH 13/18] more small updates for Win11 --- .../update/deployment-service-troubleshoot.md | 5 ++++- .../update/how-windows-update-works.md | 7 +++++-- windows/deployment/update/safeguard-opt-out.md | 13 +++++++++---- .../update/windows-update-error-reference.md | 5 ++++- .../deployment/update/windows-update-errors.md | 5 ++++- .../update/windows-update-troubleshooting.md | 17 ++++++++++------- 6 files changed, 36 insertions(+), 16 deletions(-) diff --git a/windows/deployment/update/deployment-service-troubleshoot.md b/windows/deployment/update/deployment-service-troubleshoot.md index 1f9675d1d9..e1b83d057b 100644 --- a/windows/deployment/update/deployment-service-troubleshoot.md +++ b/windows/deployment/update/deployment-service-troubleshoot.md @@ -16,7 +16,10 @@ ms.topic: article # Troubleshoot the Windows Update for Business deployment service -> Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 This troubleshooting guide addresses the most common issues that IT administrators face when using the Windows Update for Business [deployment service](deployment-service-overview.md). For a general troubleshooting guide for Windows Update, see [Windows Update troubleshooting](windows-update-troubleshooting.md). diff --git a/windows/deployment/update/how-windows-update-works.md b/windows/deployment/update/how-windows-update-works.md index a926abfb28..1cb0a47bf7 100644 --- a/windows/deployment/update/how-windows-update-works.md +++ b/windows/deployment/update/how-windows-update-works.md @@ -15,9 +15,12 @@ ms.topic: article ms.custom: seo-marvel-apr2020 --- -# How does Windows Update work? +# How Windows Update works -> Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 The Windows Update workflow has four core areas of functionality: diff --git a/windows/deployment/update/safeguard-opt-out.md b/windows/deployment/update/safeguard-opt-out.md index a6ad9a0b05..928b215cef 100644 --- a/windows/deployment/update/safeguard-opt-out.md +++ b/windows/deployment/update/safeguard-opt-out.md @@ -12,21 +12,26 @@ ms.topic: article # Opt out of safeguard holds -Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows 10 feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md). +**Applies to** + +- Windows 10 +- Windows 11 + +Safeguard holds prevent a device with a known compatibility issue from being offered a new Windows client feature update by using Windows Update. We use safeguard holds to protect the device and user from a failed or poor update experience. We renew the offering once a fix is issued and is verified on an affected device. For more information about safeguard holds, see [Safeguard holds](safeguard-holds.md). ## How can I opt out of safeguard holds? -IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update. +IT admins can, if necessary, opt devices out of safeguard protections by using the disable safeguards policy. In a Mobile Device Management (MDM) tool, use the **Update/DisableWUfBSafeguards** CSP. In Group Policy, use the **Disable safeguards for Feature Updates** Group Policy. This policy is available to Windows Update for Business devices running Windows 10, version 1809 or later that have installed the October 2020 security update and in Windows 11. > [!CAUTION] > Opting out of a safeguard hold can put devices at risk from known performance issues. -We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows 10 feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business. +We recommend opting out only in an IT environment and for validation purposes. You can also validate an upcoming Windows client feature update version without the safeguards being applied by using the Release Preview channel of the Windows Insider Program for Business. Disabling safeguards does not guarantee your device will be able to successfully update. The update might still fail and will likely result in a bad experience since you are bypassing the protection against known issues. > [!NOTE] -> After a device installs a new Windows 10 version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. +> After a device installs a new Windows client version, the **Disable safeguards for Feature Updates** Group Policy will revert to “not configured” even if it was previously enabled. We do this to ensure the admin is consciously disabling Microsoft’s default protection from known issues for each new feature update. diff --git a/windows/deployment/update/windows-update-error-reference.md b/windows/deployment/update/windows-update-error-reference.md index def8d11796..508a27d244 100644 --- a/windows/deployment/update/windows-update-error-reference.md +++ b/windows/deployment/update/windows-update-error-reference.md @@ -17,7 +17,10 @@ ms.custom: seo-marvel-apr2020 # Windows Update error codes by component -> Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 This section lists the error codes for Microsoft Windows Update. diff --git a/windows/deployment/update/windows-update-errors.md b/windows/deployment/update/windows-update-errors.md index d66be080b0..eb178f7528 100644 --- a/windows/deployment/update/windows-update-errors.md +++ b/windows/deployment/update/windows-update-errors.md @@ -15,7 +15,10 @@ ms.custom: seo-marvel-apr2020 # Windows Update common errors and mitigation ->Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them. diff --git a/windows/deployment/update/windows-update-troubleshooting.md b/windows/deployment/update/windows-update-troubleshooting.md index 802e6f9aa3..affb4df80e 100644 --- a/windows/deployment/update/windows-update-troubleshooting.md +++ b/windows/deployment/update/windows-update-troubleshooting.md @@ -15,13 +15,16 @@ ms.custom: seo-marvel-apr2020 # Windows Update troubleshooting ->Applies to: Windows 10 +**Applies to** + +- Windows 10 +- Windows 11 If you run into problems when using Windows Update, start with the following steps: 1. Run the built-in Windows Update troubleshooter to fix common issues. Navigate to **Settings > Update & Security > Troubleshoot > Windows Update**. -2. Install the most recent Servicing Stack Update (SSU) that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates. +2. Install the most recent Servicing Stack Update that matches your version of Windows from the Microsoft Update Catalog. See [Servicing stack updates](servicing-stack-updates.md) for more details on servicing stack updates. 3. Make sure that you install the latest Windows updates, cumulative updates, and rollup updates. To verify the update status, refer to the appropriate update history for your system: @@ -171,11 +174,11 @@ Ensure that devices can reach necessary Windows Update endpoints through the fir > [!NOTE] > Be sure not to use HTTPS for those endpoints that specify HTTP, and vice versa. The connection will fail. -The specific endpoints can vary between Windows 10 versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows 10 versions are available in the table of contents nearby. +The specific endpoints can vary between Windows client versions. See, for example, [Windows 10 2004 Enterprise connection endpoints](/windows/privacy/manage-windows-2004-endpoints). Similar articles for other Windows client versions are available in the table of contents nearby. ## Updates aren't downloading from the intranet endpoint (WSUS or Configuration Manager) -Windows 10 devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: +Windows client devices can receive updates from a variety of sources, including Windows Update online, a Windows Server Update Services server, and others. To determine the source of Windows Updates currently being used on a device, follow these steps: 1. Start Windows PowerShell as an administrator. 2. Run \$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager". @@ -186,7 +189,7 @@ Check the output for the Name and OffersWindowsUPdates parameters, which you can |Output|Meaning| |-|-| |- Name: Microsoft Update
-OffersWindowsUpdates: True| - The update source is Microsoft Update, which means that updates for other Microsoft products besides the operating system could also be delivered.
- Indicates that the client is configured to receive updates for all Microsoft Products (Office, etc.) | -|- Name: DCat Flighting Prod
- OffersWindowsUpdates: True |- Starting with Windows 10 1709, feature updates are always delivered through the DCAT service.
- Indicates that the client is configured to receive feature updates from Windows Update. | +|- Name: DCat Flighting Prod
- OffersWindowsUpdates: True |- Starting with Windows 10, version 1709, feature updates are always delivered through the DCAT service.
- Indicates that the client is configured to receive feature updates from Windows Update. | |- Name: Windows Store (DCat Prod)
- OffersWindowsUpdates: False |-The update source is Insider Updates for Store Apps.
- Indicates that the client will not receive or is not configured to receive these updates.| |- Name: Windows Server Update Service
- OffersWindowsUpdates: True |- The source is a Windows Server Updates Services server.
- The client is configured to receive updates from WSUS. | |- Name: Windows Update
- OffersWindowsUpdates: True|- The source is Windows Update.
- The client is configured to receive updates from Windows Update Online.| @@ -230,8 +233,8 @@ As shown in the following logs, automatic update runs the scan and finds no upda 2018-08-06 10:58:47:383 480 5d8 Agent ** END ** Agent: Finding updates [CallerId = AutomaticUpdates Id = 57] ``` -## High bandwidth usage on Windows 10 by Windows Update -Users might see that Windows 10 is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components. +## High bandwidth usage on Windows client by Windows Update +Users might see that Windows is consuming all the bandwidth in the different offices under the system context. This behavior is by design. Components that might consume bandwidth expand beyond Windows Update components. The following group policies can help mitigate this situation: From a86009d94657d4a1d63e93a72b13a680dc982175 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 17 Sep 2021 10:46:49 -0700 Subject: [PATCH 14/18] fixing typos --- windows/deployment/update/update-baseline.md | 2 +- windows/deployment/update/update-policies.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/update/update-baseline.md b/windows/deployment/update/update-baseline.md index ed9feda6cd..a8e162f8c3 100644 --- a/windows/deployment/update/update-baseline.md +++ b/windows/deployment/update/update-baseline.md @@ -18,7 +18,7 @@ ms.topic: article > [!NOTE] > Update Baseline is not currently available for Windows 11. -With the large number of different policies offered for Windows 10, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. +With the large number of different policies offered for Windows client, Update Baseline provides a clear list of recommended Windows Update policy settings for IT administrators who want the best user experience while also meeting their monthly update compliance goals. See [Policies included in the Update Baseline](#policies-included-in-the-update-baseline) for the full list of policy configurations. ## Why is Update Baseline needed? diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 41ba2897fd..54d768fbfe 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -20,7 +20,7 @@ ms.collection: M365-modern-desktop - Windows 10 - Windows 11 -- + Keeping devices up to date is the best way to keep them working smoothly and securely. ## Deadlines for update compliance From 737487990f432251753651c2c31204141b24a840 Mon Sep 17 00:00:00 2001 From: jaimeo Date: Fri, 17 Sep 2021 11:04:34 -0700 Subject: [PATCH 15/18] typo --- windows/deployment/update/update-policies.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 54d768fbfe..f6bb3195f2 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -46,7 +46,7 @@ restarts for maximum update velocity). We recommend you set deadlines as follows: - Quality update deadline, in days: 3 - Feature update deadline, in days: 7 -- + Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you do **not** set any notification policies, because they are automatically configured with appropriate defaults. An exception is if you From 17e9e58a6da94d0f6fb7a861c1e4114600dc80fd Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Sat, 18 Sep 2021 15:08:27 +0530 Subject: [PATCH 16/18] updated --- .../policy-configuration-service-provider.md | 7 + .../mdm/policy-csp-admx-leakdiagnostic.md | 123 ++++++++++++++++++ windows/client-management/mdm/toc.yml | 2 + 3 files changed, 132 insertions(+) create mode 100644 windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 2cfb72007a..c7181e248d 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1618,6 +1618,13 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
+### ADMX_LeakDiagnostic policies +
+
+ ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy +
+
+ ### ADMX_LinkLayerTopologyDiscovery policies
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md new file mode 100644 index 0000000000..23ab94d3d1 --- /dev/null +++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md @@ -0,0 +1,123 @@ +--- +title: Policy CSP - ADMX_LeakDiagnostic +description: Policy CSP - ADMX_LeakDiagnostic +ms.author: dansimp +ms.localizationpriority: medium +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: nimishasatapathy +ms.date: 09/17/2021 +ms.reviewer: +manager: dansimp +--- + +# Policy CSP - ADMX_LeakDiagnostic +> [!WARNING] +> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. + +
+ + +## ADMX_LeakDiagnostic policies + +
+
+ ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy +
+
+ + +
+ + +**ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProNoNo
BusinessNoNo
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Machine + +
+ + + +This policy setting substitutes custom alert text in the disk diagnostic message shown to users when a disk reports a S.M.A.R.T. fault. + +- If you enable this policy setting, Windows displays custom alert text in the disk diagnostic message. The custom text may not exceed 512 characters. + +- If you disable or do not configure this policy setting, Windows displays the default alert text in the disk diagnostic message. + +No reboots or service restarts are required for this policy setting to take effect: changes take effect immediately. + +This policy setting only takes effect if the Disk Diagnostic scenario policy setting is enabled or not configured and the Diagnostic Policy Service (DPS) is in the running state. When the service is stopped or disabled, diagnostic scenarios are not executed. + +The DPS can be configured with the Services snap-in to the Microsoft Management Console. + +> [!NOTE] +> For Windows Server systems, this policy setting applies only if the Desktop Experience optional component is installed and the Remote Desktop Services role is not installed. + + +> [!TIP] +> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md). +> +> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy). +> +> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect). + + +ADMX Info: +- GP English name: *Configure custom alert text* +- GP name: *WdiScenarioExecutionPolicy* +- GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic* +- GP ADMX file name: *LeakDiagnostic.admx* + + + +
+ + + +> [!NOTE] +> These policies are currently only available as part of a Windows Insider release. + + + diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml index eb0e3b7e08..5a2779b257 100644 --- a/windows/client-management/mdm/toc.yml +++ b/windows/client-management/mdm/toc.yml @@ -507,6 +507,8 @@ items: href: policy-csp-admx-lanmanserver.md - name: ADMX_LanmanWorkstation href: policy-csp-admx-lanmanworkstation.md + - name: ADMX_LeakDiagnostic + href: policy-csp-admx-leakdiagnostic.md - name: ADMX_LinkLayerTopologyDiscovery href: policy-csp-admx-linklayertopologydiscovery.md - name: ADMX_Logon From 47268eeea5d00f6afe4a242f89b7fa5594b80423 Mon Sep 17 00:00:00 2001 From: nimishasatapathy <75668234+nimishasatapathy@users.noreply.github.com> Date: Sat, 18 Sep 2021 15:26:45 +0530 Subject: [PATCH 17/18] Update policies-in-policy-csp-admx-backed.md --- .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index 912040f409..b3c2dcc841 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -417,6 +417,7 @@ ms.date: 10/08/2020 - [ADMX_LanmanWorkstation/Pol_CipherSuiteOrder](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-ciphersuiteorder) - [ADMX_LanmanWorkstation/Pol_EnableHandleCachingForCAFiles](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enablehandlecachingforcafiles) - [ADMX_LanmanWorkstation/Pol_EnableOfflineFilesforCAShares](./policy-csp-admx-lanmanworkstation.md#admx-lanmanworkstation-pol-enableofflinefilesforcashares) +- [ADMX_LeakDiagnostic/WdiScenarioExecutionPolicy](./policy-csp-admx-leakdiagnostic.md#admx-leakdiagnostic-wdiscenarioexecutionpolicy) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableLLTDIO](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablelltdio) - [ADMX_LinkLayerTopologyDiscovery/LLTD_EnableRspndr](./policy-csp-admx-linklayertopologydiscovery.md#admx-linklayertopologydiscovery-lltd-enablerspndr) - [ADMX_Logon/BlockUserFromShowingAccountDetailsOnSignin](./policy-csp-admx-logon.md#admx-logon-blockuserfromshowingaccountdetailsonsignin) From 3e597cfb6b4fc6fcd8e76cc290bf152ec2b9661d Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Mon, 20 Sep 2021 09:30:01 -0600 Subject: [PATCH 18/18] Update policies-in-policy-csp-admx-backed.md fixed link syntax --- .../mdm/policies-in-policy-csp-admx-backed.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md index c31aaee266..2dbb97d08c 100644 --- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md +++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md @@ -284,7 +284,7 @@ ms.date: 10/08/2020 - [ADMX_FileServerVSSProvider/Pol_EncryptProtocol](./policy-csp-admx-fileservervssprovider.md#admx-fileservervssprovider-pol-encryptprotocol) - [ADMX_FileSys/DisableCompression](./policy-csp-admx-filesys.md#admx-filesys-disablecompression) - [ADMX_FileSys/DisableDeleteNotification](./policy-csp-admx-filesys.md#admx-filesys-disabledeletenotification) -- ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) +- [ADMX_FileSys/DisableEncryption](./policy-csp-admx-filesys.md#admx-filesys-disableencryption) - [ADMX_FileSys/EnablePagefileEncryption](./policy-csp-admx-filesys.md#admx-filesys-enablepagefileencryption) - [ADMX_FileSys/LongPathsEnabled](./policy-csp-admx-filesys.md#admx-filesys-longpathsenabled) - [ADMX_FileSys/ShortNameCreationSettings](./policy-csp-admx-filesys.md#admx-filesys-shortnamecreationsettings) @@ -1766,4 +1766,4 @@ ms.date: 10/08/2020 ## Related topics -[Policy CSP](policy-configuration-service-provider.md) \ No newline at end of file +[Policy CSP](policy-configuration-service-provider.md)