diff --git a/windows/deployment/update/wufb-autoupdate.md b/windows/deployment/update/wufb-autoupdate.md
index 828c0bf6b7..ac584017e2 100644
--- a/windows/deployment/update/wufb-autoupdate.md
+++ b/windows/deployment/update/wufb-autoupdate.md
@@ -25,9 +25,9 @@ Automatic Update governs the "behind the scenes" download and installation proce
|Policy|Description |
|-|-|
-|Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
+|Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](https://docs.microsoft.com/configmgr/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
|Automatic Update Detection Frequency|Lets you set the scan frequency the device will use to connect to Windows Update to see if there is any available content. Default is 22 hours, but you can increase or decrease the frequency. Keep in mind a desktop computer may need to scan less frequently than laptops, which can have intermittent internet connection.|
-|Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or System Center Configuration Manager users who want to install custom packages that are not offered through Windows Update.|
+|Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or Microsoft Endpoint Configuration Manager users who want to install custom packages that are not offered through Windows Update.|
|Do not connect to any Windows Update Internet locations
Required for Dual Scan|Prevents access to Windows Update.|
## Suggested configuration
diff --git a/windows/deployment/update/wufb-managedrivers.md b/windows/deployment/update/wufb-managedrivers.md
index 0fe22b0935..e451d7751a 100644
--- a/windows/deployment/update/wufb-managedrivers.md
+++ b/windows/deployment/update/wufb-managedrivers.md
@@ -41,7 +41,7 @@ You can use an on-premises catalog, like WSUS, to deploy 3rd Party patches and u
|Policy| Description |
|-|-|
-|Specify Intranet Microsoft Update Service Location| Used for WSUS/System Center Configuration Manager customers who want to install custom packages that are not offered through Windows Update.|
+|Specify Intranet Microsoft Update Service Location| Used for WSUS/Microsoft Endpoint Configuration Manager customers who want to install custom packages that are not offered through Windows Update.|
### Suggested configuration
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 7168d9029e..41c49f7eb9 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -601,7 +601,7 @@ Download and run the media creation tool. See
0x80240FFF |
-Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. |
+Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install hotfix 3095113, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update. |
You can prevent this by installing hotfix 3095113 before you enable update synchronization. However, if you have already run into this problem, do the following:
- Disable the Upgrades classification.
@@ -625,7 +625,7 @@ For detailed information on how to run these steps check out hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager. |
+Occurs when update synchronization fails because you do not have hotfix 3095113 installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager. |
Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
- Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
diff --git a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 76b181f82a..f559f6feee 100644
--- a/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deployment/upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -1,6 +1,6 @@
---
title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence.
+description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
ms.reviewer:
manager: laurawi
@@ -21,7 +21,7 @@ ms.topic: article
- Windows 10
-The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Configuration Manager task sequence to completely automate the process.
+The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Endpoint Configuration Manager task sequence to completely automate the process.
>[!IMPORTANT]
>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must removed from a device before performing an in-place upgrade to Windows 10.
@@ -114,10 +114,10 @@ Figure 2. Upgrade from Windows 7 to Windows 10 Enterprise x64 with a task sequ
After the task sequence finishes, the computer will be fully upgraded to Windows 10.
-## Upgrade to Windows 10 with System Center Configuration Manager Current Branch
+## Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager Current Branch
-With System Center Configuration Manager Current Branch, new built-in functionality makes it easier to upgrade to Windows 10.
+With Microsoft Endpoint Configuration Manager Current Branch, new built-in functionality makes it easier to upgrade to Windows 10.
**Note**
For more details about Configuration Manager Current Branch, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
@@ -150,7 +150,7 @@ Figure 3. The Configuration Manager upgrade task sequence.
### Create a device collection
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of System Center Configuration Manager client installed.
+After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of Microsoft Endpoint Configuration Manager client installed.
1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
- General
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index d683bd63b3..e2806e3c0c 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -1,250 +1,251 @@
----
-title: Windows 10 edition upgrade (Windows 10)
-description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
-ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mobile
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Windows 10 edition upgrade
-
-**Applies to**
-
-- Windows 10
-- Windows 10 Mobile
-
-With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
-
-For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
-
-The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
-
-Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuration Manager.
-
- (X) = not supported
- (green checkmark) = supported, reboot required
- (blue checkmark) = supported, no reboot required
-
-
-
-| Edition upgrade | Using mobile device management (MDM) | Using a provisioning package | Using a command-line tool | Using Microsoft Store for Business or PC | Entering a product key manually | Purchasing a license from the Microsoft Store |
-|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |
-| **Home > Pro** |  |  |  |  |  |  |
-| **Home > Pro for Workstations** |  |  |  |  |  |  |
-| **Home > Pro Education** |  |  |  |  |  |  |
-| **Home > Education** |  |  |  |  |  |  |
-| **Pro > Pro for Workstations** |  |  |  | 
(MSfB) |  |  |
-| **Pro > Pro Education** |  |  |  | 
(MSfB) |  |  |
-| **Pro > Education** |  |  |  | 
(MSfB) |  |  |
-| **Pro > Enterprise** |  |  |  | 
(1703 - PC)
(1709 - MSfB) |  |  |
-| **Pro for Workstations > Pro Education** |  |  |  | 
(MSfB) |  |  |
-| **Pro for Workstations > Education** |  |  |  | 
(MSfB) |  |  |
-| **Pro for Workstations > Enterprise** |  |  |  | 
(1703 - PC)
(1709 - MSfB) |  |  |
-| **Pro Education > Education** |  |  |  | 
(MSfB) |  |  |
-| **Enterprise > Education** |  |  |  | 
(MSfB) |  |  |
-| **Mobile > Mobile Enterprise** |  | |  |  |  |  |
-
-> [!NOTE]
-> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
-> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
->
-> - Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
-
-## Upgrade using mobile device management (MDM)
-- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
-
-- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
-
-## Upgrade using a provisioning package
-Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
-
-- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
-
-- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
-
-For more info about Windows Configuration Designer, see these topics:
-- [Create a provisioining package for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package)
-- [Apply a provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package)
-
-
-## Upgrade using a command-line tool
-You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
-
-`changepk.exe /ProductKey `
-
-You can also upgrade using slmgr.vbs and a [KMS client setup key](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v%3dws.11)). For example, the following command will upgrade to Windows 10 Enterprise.
-
-`Cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43`
-
-
-## Upgrade by manually entering a product key
-If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
-
-**To manually enter a product key**
-
-1. From either the Start menu or the Start screen, type 'Activation' and click on the Activation shortcut.
-
-2. Click **Change product key**.
-
-3. Enter your product key.
-
-4. Follow the on-screen instructions.
-
-## Upgrade by purchasing a license from the Microsoft Store
-If you do not have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
-
-**To upgrade through the Microsoft Store**
-
-1. From either the **Start** menu or the **Start** screen, type 'Activation' and click on the Activation shortcut.
-
-2. Click **Go to Store**.
-
-3. Follow the on-screen instructions.
-
- **Note**
If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
-
-## License expiration
-
-Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
-
-Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
-
-Note: If you are using [Windows 10 Enterprise Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
-
-### Scenario example
-
-Downgrading from Enterprise
-- Original edition: **Professional OEM**
-- Upgrade edition: **Enterprise**
-- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
-
-You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
-
-### Supported Windows 10 downgrade paths
-
-✔ = Supported downgrade path
- S = Supported; Not considered a downgrade or an upgrade
-[blank] = Not supported or not a downgrade
-
-
-
-
- | Destination edition |
-
-
- | |
- |
- Home |
- Pro |
- Pro for Workstations |
- Pro Education |
- Education |
- Enterprise LTSC |
- Enterprise |
-
-
- | Starting edition |
-
-
- | Home |
- |
- |
- |
- |
- |
- |
- |
-
-
- | Pro |
- |
- |
- |
- |
- |
- |
- |
-
-
- | Pro for Workstations |
- |
- |
- |
- |
- |
- |
- |
-
-
- | Pro Education |
- |
- |
- |
- |
- |
- |
- |
-
-
- | Education |
- |
- ✔ |
- ✔ |
- ✔ |
- |
- |
- S |
-
-
- | Enterprise LTSC |
- |
- |
- |
- |
- |
- |
- |
-
-
- | Enterprise |
- |
- ✔ |
- ✔ |
- ✔ |
- S |
- |
- |
-
-
-
-> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
->
-> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
-
-Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
-
-## Related topics
-
-[Windows 10 upgrade paths](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths)
-[Windows 10 volume license media](https://docs.microsoft.com/windows/deployment/windows-10-media)
-[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation)
+---
+title: Windows 10 edition upgrade (Windows 10)
+description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
+ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mobile
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Windows 10 edition upgrade
+
+**Applies to**
+
+- Windows 10
+- Windows 10 Mobile
+
+With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
+
+For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
+
+The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
+
+Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Endpoint Configuration Manager.
+
+ (X) = not supported
+ (green checkmark) = supported, reboot required
+ (blue checkmark) = supported, no reboot required
+
+
+
+| Edition upgrade | Using mobile device management (MDM) | Using a provisioning package | Using a command-line tool | Using Microsoft Store for Business or PC | Entering a product key manually | Purchasing a license from the Microsoft Store |
+|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |
+| **Home > Pro** |  |  |  |  |  |  |
+| **Home > Pro for Workstations** |  |  |  |  |  |  |
+| **Home > Pro Education** |  |  |  |  |  |  |
+| **Home > Education** |  |  |  |  |  |  |
+| **Pro > Pro for Workstations** |  |  |  | 
(MSfB) |  |  |
+| **Pro > Pro Education** |  |  |  | 
(MSfB) |  |  |
+| **Pro > Education** |  |  |  | 
(MSfB) |  |  |
+| **Pro > Enterprise** |  |  |  | 
(1703 - PC)
(1709 - MSfB) |  |  |
+| **Pro for Workstations > Pro Education** |  |  |  | 
(MSfB) |  |  |
+| **Pro for Workstations > Education** |  |  |  | 
(MSfB) |  |  |
+| **Pro for Workstations > Enterprise** |  |  |  | 
(1703 - PC)
(1709 - MSfB) |  |  |
+| **Pro Education > Education** |  |  |  | 
(MSfB) |  |  |
+| **Enterprise > Education** |  |  |  | 
(MSfB) |  |  |
+| **Mobile > Mobile Enterprise** |  | |  |  |  |  |
+
+> [!NOTE]
+> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
+> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
+>
+> - Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
+
+## Upgrade using mobile device management (MDM)
+- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
+
+- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
+
+## Upgrade using a provisioning package
+Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
+
+- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
+
+- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
+
+For more info about Windows Configuration Designer, see these topics:
+- [Create a provisioining package for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package)
+- [Apply a provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package)
+
+
+## Upgrade using a command-line tool
+You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
+
+`changepk.exe /ProductKey `
+
+You can also upgrade using slmgr.vbs and a [KMS client setup key](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v%3dws.11)). For example, the following command will upgrade to Windows 10 Enterprise.
+
+`Cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43`
+
+
+## Upgrade by manually entering a product key
+If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
+
+**To manually enter a product key**
+
+1. From either the Start menu or the Start screen, type 'Activation' and click on the Activation shortcut.
+
+2. Click **Change product key**.
+
+3. Enter your product key.
+
+4. Follow the on-screen instructions.
+
+## Upgrade by purchasing a license from the Microsoft Store
+If you do not have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
+
+**To upgrade through the Microsoft Store**
+
+1. From either the **Start** menu or the **Start** screen, type 'Activation' and click on the Activation shortcut.
+
+2. Click **Go to Store**.
+
+3. Follow the on-screen instructions.
+
+ **Note**
If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
+
+## License expiration
+
+Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
+
+Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
+
+Note: If you are using [Windows 10 Enterprise Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
+
+### Scenario example
+
+Downgrading from Enterprise
+- Original edition: **Professional OEM**
+- Upgrade edition: **Enterprise**
+- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
+
+You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
+
+### Supported Windows 10 downgrade paths
+
+✔ = Supported downgrade path
+ S = Supported; Not considered a downgrade or an upgrade
+[blank] = Not supported or not a downgrade
+
+
+
+
+ | Destination edition |
+
+
+ | |
+ |
+ Home |
+ Pro |
+ Pro for Workstations |
+ Pro Education |
+ Education |
+ Enterprise LTSC |
+ Enterprise |
+
+
+ | Starting edition |
+
+
+ | Home |
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+ | Pro |
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+ | Pro for Workstations |
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+ | Pro Education |
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+ | Education |
+ |
+ ✔ |
+ ✔ |
+ ✔ |
+ |
+ |
+ S |
+
+
+ | Enterprise LTSC |
+ |
+ |
+ |
+ |
+ |
+ |
+ |
+
+
+ | Enterprise |
+ |
+ ✔ |
+ ✔ |
+ ✔ |
+ S |
+ |
+ |
+
+
+
+> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
+>
+> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
+
+Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
+
+## Related topics
+
+[Windows 10 upgrade paths](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths)
+[Windows 10 volume license media](https://docs.microsoft.com/windows/deployment/windows-10-media)
+[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation)
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index bfc3a1013c..b23758ae60 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -1,154 +1,155 @@
----
-title: Common Migration Scenarios (Windows 10)
-description: Common Migration Scenarios
-ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Common Migration Scenarios
-
-
-You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
-
-One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
-
-## In This Topic
-
-
-[PC Refresh](#bkmk-pcrefresh)
-
-[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh)
-
-[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh)
-
-[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh)
-
-[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh)
-
-[PC Replacement](#bkmk-pcreplace)
-
-[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace)
-
-[Scenario Two: Manual network migration](#bkmk-twopcreplace)
-
-[Scenario Three: Managed network migration](#bkmk-threepcreplace)
-
-## PC-Refresh
-
-
-The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer.
-
-
-
-
-
-
-
-### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
-
-A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
-
-1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
-
-2. On each computer, the administrator installs the company’s standard operating environment (SOE) which includes Windows 10 and other company applications.
-
-3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer.
-
-### Scenario Two: PC-refresh using a compressed migration store
-
-A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
-
-1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server.
-
-2. On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications.
-
-3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer.
-
-### Scenario Three: PC-refresh using a hard-link migration store
-
-A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
-
-1. The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
-
-2. On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
-
-3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
-
-### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
-
-A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
-
-1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
-
-2. On each computer, the administrator installs the company’s SOE which includes company applications.
-
-3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options.
-
-## PC-Replacement
-
-
-The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer.
-
-
-
-
-
-
-
-### Scenario One: Offline migration using WinPE and an external migration store
-
-A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection.
-
-1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk.
-
-2. On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
-
-3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers.
-
-### Scenario Two: Manual network migration
-
-A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
-
-1. The administrator runs the ScanState tool on each of the manager’s old laptops, and saves each user state to a server.
-
-2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
-
-3. The administrator runs the LoadState tool on the new laptops to migrate the managers’ user states to the appropriate computer. The new laptops are now ready for the managers to use.
-
-4. On the old computers, the administrator installs the company’s SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
-
-### Scenario Three: Managed network migration
-
-A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store.
-
-1. On each source computer, the administrator runs the ScanState tool using Microsoft System Center Configuration Manager (SCCM), Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server.
-
-2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
-
-3. On each of the new computers, the administrator runs the LoadState tool using System Center Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers.
-
-## Related topics
-
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Choose a Migration Store Type](usmt-choose-migration-store-type.md)
-
-[Offline Migration Reference](offline-migration-reference.md)
-
-
-
-
-
-
-
-
-
+---
+title: Common Migration Scenarios (Windows 10)
+description: Common Migration Scenarios
+ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Common Migration Scenarios
+
+
+You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
+
+One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
+
+## In This Topic
+
+
+[PC Refresh](#bkmk-pcrefresh)
+
+[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh)
+
+[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh)
+
+[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh)
+
+[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh)
+
+[PC Replacement](#bkmk-pcreplace)
+
+[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace)
+
+[Scenario Two: Manual network migration](#bkmk-twopcreplace)
+
+[Scenario Three: Managed network migration](#bkmk-threepcreplace)
+
+## PC-Refresh
+
+
+The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer.
+
+
+
+
+
+
+
+### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
+
+A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
+
+1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
+
+2. On each computer, the administrator installs the company’s standard operating environment (SOE) which includes Windows 10 and other company applications.
+
+3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer.
+
+### Scenario Two: PC-refresh using a compressed migration store
+
+A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
+
+1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server.
+
+2. On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications.
+
+3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer.
+
+### Scenario Three: PC-refresh using a hard-link migration store
+
+A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
+
+1. The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
+
+2. On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
+
+3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
+
+### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
+
+A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
+
+1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
+
+2. On each computer, the administrator installs the company’s SOE which includes company applications.
+
+3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options.
+
+## PC-Replacement
+
+
+The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer.
+
+
+
+
+
+
+
+### Scenario One: Offline migration using WinPE and an external migration store
+
+A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection.
+
+1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk.
+
+2. On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
+
+3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers.
+
+### Scenario Two: Manual network migration
+
+A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
+
+1. The administrator runs the ScanState tool on each of the manager’s old laptops, and saves each user state to a server.
+
+2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
+
+3. The administrator runs the LoadState tool on the new laptops to migrate the managers’ user states to the appropriate computer. The new laptops are now ready for the managers to use.
+
+4. On the old computers, the administrator installs the company’s SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
+
+### Scenario Three: Managed network migration
+
+A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store.
+
+1. On each source computer, the administrator runs the ScanState tool using Microsoft Endpoint Configuration Manager, Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server.
+
+2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
+
+3. On each of the new computers, the administrator runs the LoadState tool using Microsoft Endpoint Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers.
+
+## Related topics
+
+
+[Plan Your Migration](usmt-plan-your-migration.md)
+
+[Choose a Migration Store Type](usmt-choose-migration-store-type.md)
+
+[Offline Migration Reference](offline-migration-reference.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index 7c4185278b..183f7bc16e 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -1,53 +1,54 @@
----
-title: Test Your Migration (Windows 10)
-description: Test Your Migration
-ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-audience: itpro
author: greg-lindsay
-ms.date: 04/19/2017
-ms.topic: article
----
-
-# Test Your Migration
-
-
-Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data.
-
-After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
-
-If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line.
-
-In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
-
-**Note**
-Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
-
-
-
-After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246).
-
-**Note**
-For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
-
-
-
-## Related topics
-
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Log Files](usmt-log-files.md)
-
-
-
-
-
-
-
-
-
+---
+title: Test Your Migration (Windows 10)
+description: Test Your Migration
+ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+audience: itpro
+author: greg-lindsay
+ms.date: 04/19/2017
+ms.topic: article
+---
+
+# Test Your Migration
+
+
+Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data.
+
+After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
+
+If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line.
+
+In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**:5 option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
+
+**Note**
+Running the ScanState and LoadState tools with the **/v**:5 option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
+
+
+
+After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft Endpoint Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](https://docs.microsoft.com/configmgr/osd/get-started/manage-user-state).
+
+**Note**
+For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
+
+
+
+## Related topics
+
+
+[Plan Your Migration](usmt-plan-your-migration.md)
+
+[Log Files](usmt-log-files.md)
+
+
+
+
+
+
+
+
+
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index 9cd6a07136..6b80a72d89 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -1,94 +1,95 @@
----
-title: Configure Client Computers (Windows 10)
-description: Configure Client Computers
-ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
-ms.reviewer:
-manager: laurawi
-ms.author: greglin
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
author: greg-lindsay
-ms.date: 04/25/2017
-ms.topic: article
----
-
-# Configure Client Computers
-
-To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:
-
-- An exception must be set in the client computer's firewall.
-- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.
-
-Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
-
-**Important**
-This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
-
-## Configuring the Windows Firewall to allow VAMT access
-
-Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
-1. Open Control Panel and double-click **System and Security**.
-2. Click **Windows Firewall**.
-3. Click **Allow a program or feature through Windows Firewall**.
-4. Click the **Change settings** option.
-5. Select the **Windows Management Instrumentation (WMI)** checkbox.
-6. Click **OK**.
-
- **Warning**
- By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
-
-## Configure Windows Firewall to allow VAMT access across multiple subnets
-
-Enable the VAMT to access client computers across multiple subnets using the **Windows Firewall with Advanced Security** Control Panel:
-
-
-
-1. Open the Control Panel and double-click **Administrative Tools**.
-2. Click **Windows Firewall with Advanced Security**.
-3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
- - Windows Management Instrumentation (ASync-In)
- - Windows Management Instrumentation (DCOM-In)
- - Windows Management Instrumentation (WMI-In)
-
-4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
-
-5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
-
- - On the **General** tab, select the **Allow the connection** checkbox.
- - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
- - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
-
-In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
-For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
-
-## Create a registry value for the VAMT to access workgroup-joined computer
-
-**Caution**
-This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
-
-On the client computer, create the following registry key using regedit.exe.
-
-1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
-2. Enter the following details:
- **Value Name: LocalAccountTokenFilterPolicy**
- **Type: DWORD**
- **Value Data: 1**
- **Note**
- To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.
-
-## Deployment options
-
-There are several options for organizations to configure the WMI firewall exception for computers:
-- **Image.** Add the configurations to the master Windows image deployed to all clients.
-- **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
-- **Script.** Execute a script using Microsoft System Center Configuration Manager or a third-party remote script execution facility.
-- **Manual.** Configure the WMI firewall exception individually on each client.
-The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.
-
-## Related topics
-
-- [Install and Configure VAMT](install-configure-vamt.md)
-
-
+---
+title: Configure Client Computers (Windows 10)
+description: Configure Client Computers
+ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
+ms.reviewer:
+manager: laurawi
+ms.author: greglin
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.date: 04/25/2017
+ms.topic: article
+---
+
+# Configure Client Computers
+
+To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:
+
+- An exception must be set in the client computer's firewall.
+- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.
+
+Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
+
+**Important**
+This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
+
+## Configuring the Windows Firewall to allow VAMT access
+
+Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
+1. Open Control Panel and double-click **System and Security**.
+2. Click **Windows Firewall**.
+3. Click **Allow a program or feature through Windows Firewall**.
+4. Click the **Change settings** option.
+5. Select the **Windows Management Instrumentation (WMI)** checkbox.
+6. Click **OK**.
+
+ **Warning**
+ By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
+
+## Configure Windows Firewall to allow VAMT access across multiple subnets
+
+Enable the VAMT to access client computers across multiple subnets using the **Windows Firewall with Advanced Security** Control Panel:
+
+
+
+1. Open the Control Panel and double-click **Administrative Tools**.
+2. Click **Windows Firewall with Advanced Security**.
+3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
+ - Windows Management Instrumentation (ASync-In)
+ - Windows Management Instrumentation (DCOM-In)
+ - Windows Management Instrumentation (WMI-In)
+
+4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
+
+5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
+
+ - On the **General** tab, select the **Allow the connection** checkbox.
+ - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
+ - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
+
+In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
+For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
+
+## Create a registry value for the VAMT to access workgroup-joined computer
+
+**Caution**
+This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
+
+On the client computer, create the following registry key using regedit.exe.
+
+1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
+2. Enter the following details:
+ **Value Name: LocalAccountTokenFilterPolicy**
+ **Type: DWORD**
+ **Value Data: 1**
+ **Note**
+ To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.
+
+## Deployment options
+
+There are several options for organizations to configure the WMI firewall exception for computers:
+- **Image.** Add the configurations to the master Windows image deployed to all clients.
+- **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
+- **Script.** Execute a script using Microsoft Endpoint Configuration Manager or a third-party remote script execution facility.
+- **Manual.** Configure the WMI firewall exception individually on each client.
+The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.
+
+## Related topics
+
+- [Install and Configure VAMT](install-configure-vamt.md)
+
+
diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md
index f36dea21ef..3ae808a4af 100644
--- a/windows/deployment/windows-10-deployment-posters.md
+++ b/windows/deployment/windows-10-deployment-posters.md
@@ -1,6 +1,6 @@
---
title: Windows 10 deployment process posters
-description: View and download Windows 10 deployment process flows for System Center Configuration Manager and Windows Autopilot.
+description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
ms.reviewer:
manager: laurawi
ms.audience: itpro
@@ -21,7 +21,7 @@ ms.topic: article
**Applies to**
- Windows 10
-The following posters step through various options for deploying Windows 10 with Windows Autopilot or System Center Configuration Manager.
+The following posters step through various options for deploying Windows 10 with Windows Autopilot or Microsoft Endpoint Configuration Manager.
## Deploy Windows 10 with Autopilot
@@ -29,7 +29,7 @@ The Windows Autopilot poster is two pages in portrait mode (11x17). Click the im
[](./media/Windows10AutopilotFlowchart.pdf)
-## Deploy Windows 10 with System Center Configuration Manager
+## Deploy Windows 10 with Microsoft Endpoint Configuration Manager
The Configuration Manager poster is one page in landscape mode (17x11). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.vsdx) format.
@@ -38,4 +38,4 @@ The Configuration Manager poster is one page in landscape mode (17x11). Click th
## See also
[Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)
-[Scenarios to deploy enterprise operating systems with Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems)
\ No newline at end of file
+[Scenarios to deploy enterprise operating systems with Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index ce54ecb1ff..cd3a28b0ca 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -25,7 +25,7 @@ ms.topic: article
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
-- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
+- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
- Traditional deployment methods use existing tools to deploy operating system images.
@@ -109,7 +109,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
Deploy a new device, or wipe an existing device and deploy with a fresh image.
|
- Deploy a Windows 10 image using MDT
Install a new version of Windows on a new computer with System Center Configuration Manager
+ Deploy a Windows 10 image using MDT
Install a new version of Windows on a new computer with Microsoft Endpoint Configuration Manager
|
@@ -121,7 +121,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
- Refresh a Windows 7 computer with Windows 10
Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
+ Refresh a Windows 7 computer with Windows 10
Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
|
@@ -133,7 +133,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
- Replace a Windows 7 computer with a Windows 10 computer
Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
+ Replace a Windows 7 computer with a Windows 10 computer
Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
|
@@ -159,7 +159,7 @@ For more information about Windows Autopilot, see [Overview of Windows Autopilot
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
-Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like System Center Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
+Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like Microsoft Endpoint Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
@@ -206,7 +206,7 @@ While the initial Windows 10 release includes a variety of provisioning setting
## Traditional deployment:
-New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [System Center Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
+New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [Microsoft Endpoint Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
@@ -269,7 +269,7 @@ The deployment process for the replace scenario is as follows:
## Related topics
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
+- [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index e241930c1e..e4cadbe165 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,258 +1,260 @@
----
-title: Windows 10 Enterprise E3 in CSP
-description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
-keywords: upgrade, update, task sequence, deploy
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.localizationpriority: medium
-ms.sitesec: library
-ms.pagetype: mdt
-ms.date: 08/24/2017
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-audience: itpro
author: greg-lindsay
-ms.collection: M365-modern-desktop
-ms.topic: article
----
-
-# Windows 10 Enterprise E3 in CSP
-
-Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
-
-- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
-- Azure Active Directory (Azure AD) available for identity management
-
-Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
-
-Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
-
-When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
-
-- **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
-
-- **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
-
-- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
-
-- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
-
-- **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
-
-- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
-
-How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
-
-- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
-
-- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
-
- - **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
-
- - **Training**. These benefits include training vouchers, online e-learning, and a home use program.
-
- - **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
-
- - **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
-
- In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
-
-In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
-
-## Compare Windows 10 Pro and Enterprise editions
-
-Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
-
-*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
-
-
-
-
-
-
-
-
-
-
-
-Credential Guard |
-This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.
-Credential Guard has the following features:
-
-Hardware-level security. Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets. Virtualization-based security. Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated. Improved protection against persistent threats. Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent. Improved manageability. Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.
-For more information, see Protect derived domain credentials with Credential Guard.
- Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present) |
-
-
-Device Guard |
-This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.
-Device Guard does the following:
-
-Helps protect against malware Helps protect the Windows system core from vulnerability and zero-day exploits Allows only trusted apps to run
-For more information, see Introduction to Device Guard. |
-
-
-AppLocker management |
-This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
-For more information, see AppLocker. |
-
-
-Application Virtualization (App-V) |
-This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.
-For more information, see Getting Started with App-V for Windows 10. |
-
-
-User Experience Virtualization (UE-V) |
-With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
-UE-V provides the ability to do the following:
-
-Specify which application and Windows settings synchronize across user devices Deliver the settings anytime and anywhere users work throughout the enterprise Create custom templates for your third-party or line-of-business applications Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state
-For more information, see User Experience Virtualization (UE-V) for Windows 10 overview. |
-
-
-Managed User Experience |
-This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:
-
-Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands Removing Log Off (the User tile) from the Start menu Removing frequent programs from the Start menu Removing the All Programs list from the Start menu Preventing users from customizing their Start screen Forcing Start menu to be either full-screen size or menu size Preventing changes to Taskbar and Start menu settings
- |
-
-
-
-## Deployment of Windows 10 Enterprise E3 licenses
-
-See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
-
-## Deploy Windows 10 Enterprise features
-
-Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
-
-The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
-
-### Credential Guard\*
-
-You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
-
-- **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
-
-- **Manual**. You can manually turn on Credential Guard by doing the following:
-
- - Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
-
- - Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
-
- You can automate these manual steps by using a management tool such as System Center Configuration Manager.
-
-For more information about implementing Credential Guard, see the following resources:
-
-- [Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
-- [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
-- [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
-
-\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
-
-### Device Guard
-
-Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
-
-1. **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
-
-2. **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
-
-3. **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
-
-4. **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
-
-5. **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
-
-6. **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
-
-7. **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
-
-For more information about implementing Device Guard, see:
-
-- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
-- [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
-
-### AppLocker management
-
-You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
-
-For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
-
-### App-V
-
-App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
-
-- **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
-
-- **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
-
-- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
-
-For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
-
-- [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
-- [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
-- [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
-
-### UE-V
-UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
-
-- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
-
-- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
-
-- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
-
-- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
-
-- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
-
-For more information about deploying UE-V, see the following resources:
-
-- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
-- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
-- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment)
-
-### Managed User Experience
-
-The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
-
-*Table 2. Managed User Experience features*
-
-| Feature | Description |
-|------------------|-----------------|
-| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](https://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
-| Unbranded boot | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.
For more information on these settings, see [Unbranded Boot](https://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx). |
-| Custom logon | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.
For more information on these settings, see [Custom Logon](https://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx). |
-| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.
For more information on these settings, see [Shell Launcher](https://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx). |
-| Keyboard filter | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.
For more information on these settings, see [Keyboard Filter](https://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx). |
-| Unified write filter | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.
For more information on these settings, see [Unified Write Filter](https://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx). |
-
-## Related topics
-
-[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
-
[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
-
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
-
[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
+---
+title: Windows 10 Enterprise E3 in CSP
+description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.localizationpriority: medium
+ms.sitesec: library
+ms.pagetype: mdt
+ms.date: 08/24/2017
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+author: greg-lindsay
+audience: itpro
+author: greg-lindsay
+ms.collection: M365-modern-desktop
+ms.topic: article
+---
+
+# Windows 10 Enterprise E3 in CSP
+
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+
+- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
+- Azure Active Directory (Azure AD) available for identity management
+
+Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
+
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
+
+When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
+
+- **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
+
+- **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+
+- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
+
+- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
+
+- **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
+
+- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
+
+How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+
+- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
+
+- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
+
+ - **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
+
+ - **Training**. These benefits include training vouchers, online e-learning, and a home use program.
+
+ - **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
+
+ - **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
+
+ In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+
+In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
+
+## Compare Windows 10 Pro and Enterprise editions
+
+Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
+
+*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
+
+
+
+
+
+
+
+
+
+
+
+Credential Guard |
+This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.
+Credential Guard has the following features:
+
+Hardware-level security. Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets. Virtualization-based security. Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated. Improved protection against persistent threats. Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent. Improved manageability. Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.
+For more information, see Protect derived domain credentials with Credential Guard.
+ Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present) |
+
+
+Device Guard |
+This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.
+Device Guard does the following:
+
+Helps protect against malware Helps protect the Windows system core from vulnerability and zero-day exploits Allows only trusted apps to run
+For more information, see Introduction to Device Guard. |
+
+
+AppLocker management |
+This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.
+For more information, see AppLocker. |
+
+
+Application Virtualization (App-V) |
+This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.
+For more information, see Getting Started with App-V for Windows 10. |
+
+
+User Experience Virtualization (UE-V) |
+With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
+UE-V provides the ability to do the following:
+
+Specify which application and Windows settings synchronize across user devices Deliver the settings anytime and anywhere users work throughout the enterprise Create custom templates for your third-party or line-of-business applications Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state
+For more information, see User Experience Virtualization (UE-V) for Windows 10 overview. |
+
+
+Managed User Experience |
+This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:
+
+Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands Removing Log Off (the User tile) from the Start menu Removing frequent programs from the Start menu Removing the All Programs list from the Start menu Preventing users from customizing their Start screen Forcing Start menu to be either full-screen size or menu size Preventing changes to Taskbar and Start menu settings
+ |
+
+
+
+## Deployment of Windows 10 Enterprise E3 licenses
+
+See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
+
+## Deploy Windows 10 Enterprise features
+
+Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
+
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
+
+### Credential Guard\*
+
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+
+- **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
+
+- **Manual**. You can manually turn on Credential Guard by doing the following:
+
+ - Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
+
+ - Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
+
+ You can automate these manual steps by using a management tool such as Microsoft Endpoint Configuration Manager.
+
+For more information about implementing Credential Guard, see the following resources:
+
+- [Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
+- [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
+- [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
+
+\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
+
+### Device Guard
+
+Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+
+1. **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
+
+2. **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
+
+3. **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
+
+4. **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
+
+5. **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
+
+6. **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
+
+7. **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
+
+For more information about implementing Device Guard, see:
+
+- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
+- [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
+
+### AppLocker management
+
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+
+For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
+
+### App-V
+
+App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
+
+- **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
+
+- **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
+
+- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
+
+For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
+
+- [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
+- [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
+- [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
+
+### UE-V
+UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
+
+- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
+
+- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
+
+- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
+
+- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
+
+- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
+
+For more information about deploying UE-V, see the following resources:
+
+- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
+- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
+- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment)
+
+### Managed User Experience
+
+The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
+
+*Table 2. Managed User Experience features*
+
+| Feature | Description |
+|------------------|-----------------|
+| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](https://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
+| Unbranded boot | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.
For more information on these settings, see [Unbranded Boot](https://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx). |
+| Custom logon | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.
For more information on these settings, see [Custom Logon](https://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx). |
+| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.
For more information on these settings, see [Shell Launcher](https://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx). |
+| Keyboard filter | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.
For more information on these settings, see [Keyboard Filter](https://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx). |
+| Unified write filter | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.
For more information on these settings, see [Unified Write Filter](https://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx). |
+
+## Related topics
+
+[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
+
[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
+
[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
+
[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md
index 2b435c0edc..24743735e8 100644
--- a/windows/deployment/windows-10-media.md
+++ b/windows/deployment/windows-10-media.md
@@ -44,7 +44,7 @@ For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can
-When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update.
+When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or Microsoft Endpoint Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update.
For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package:
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index 87eea0e845..a9ffbb1c73 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -1,655 +1,657 @@
----
-title: Step by step - Deploy Windows 10 in a test lab using MDT
-description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT)
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-keywords: deployment, automate, tools, configure, mdt
-ms.localizationpriority: medium
-ms.date: 10/11/2017
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-
-# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
-
-**Applies to**
-
-- Windows 10
-
-**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide:
-- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
-
-Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
-- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
-
-The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
-- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
-- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
-- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
-
->This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
-
-## In this guide
-
-This guide provides instructions to install and configure the Microsoft Deployment Toolkit (MDT) to deploy a Windows 10 image.
-
-Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-
-
-
-
-
-## About MDT
-
-MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods.
-- LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
-- ZTI is fully automated, requiring no user interaction and is performed using MDT and System Center Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
-- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and System Center Configuration Manager.
-
-## Install MDT
-
-1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
-
- ```
- $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
- Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
- Stop-Process -Name Explorer
- ```
-2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443.
-
-3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components.
-
-3. If desired, re-enable IE Enhanced Security Configuration:
-
- ```
- Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
- Stop-Process -Name Explorer
- ```
-
-## Create a deployment share and reference image
-
-A reference image serves as the foundation for Windows 10 devices in your organization.
-
-1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
-
- ```
- Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
- ```
-2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
-
-3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
-
-4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then click **Pin this program to the taskbar**.
-
-5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-
-6. Use the following settings for the New Deployment Share Wizard:
- - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
- - Confirmation: click **Finish**
-
-
-7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
-
-8. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
-
-9. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
-
-10. Use the following settings for the Import Operating System Wizard:
- - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
- - Summary: click **Next**
- - Progress: wait for files to be copied
- - Confirmation: click **Finish**
-
- >For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
-
-11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
- - Template: **Standard Client Task Sequence**
- - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
- - Specify Product Key: **Do not specify a product key at this time**
- - Full Name: **Contoso**
- - Organization: **Contoso**
- - Internet Explorer home page: **http://www.contoso.com**
- - Admin Password: **Do not specify an Administrator password at this time**
- - Summary: click **Next**
- - Confirmation: click **Finish**
-
-
-12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
-
-13. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**.
-
-14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. Click another location in the window to see the name change.
-
-15. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
-
-16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
-
-17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
-
- >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
-
-18. Click **OK** to complete editing the task sequence.
-
-19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and click **Properties**, and then click the **Rules** tab.
-
-20. Replace the default rules with the following text:
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- _SMSTSORGNAME=Contoso
- UserDataLocation=NONE
- DoCapture=YES
- OSInstall=Y
- AdminPassword=pass@word1
- TimeZoneName=Pacific Standard Time
- OSDComputername=#Left("PC-%SerialNumber%",7)#
- JoinWorkgroup=WORKGROUP
- HideShell=YES
- FinishAction=SHUTDOWN
- DoNotCreateExtraPartition=YES
- ApplyGPOPack=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=YES
- SkipDomainMembership=YES
- SkipUserData=YES
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=YES
- SkipBitLocker=YES
- SkipSummary=YES
- SkipRoles=YES
- SkipCapture=NO
- SkipFinalSummary=NO
- ```
-
-21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- DeployRoot=\\SRV1\MDTBuildLab$
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
-22. Click **OK** to complete the configuration of the deployment share.
-
-23. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
-
-24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice. The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
-
-25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
-
- >Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
-
-26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
-
-
-
-
- New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
- Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
- Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
- Start-VM REFW10X64-001
- vmconnect localhost REFW10X64-001
-
-
-
- This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
-
-## Deploy a Windows 10 image using MDT
-
-This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
-
-1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
- - **Deployment share path**: C:\MDTProd
- - **Share name**: MDTProd$
- - **Deployment share description**: MDT Production
- - **Options**: accept the default
-
-
-2. Click **Next**, verify the new deployment share was added successfully, then click **Finish**.
-
-3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
-
-4. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
-
-5. On the **OS Type** page, choose **Custom image file** and then click **Next**.
-
-6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, click **Open**, and then click **Next**.
-
-7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**.
-
-8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**.
-
-9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, wait for the import process to complete, and then click **Finish**.
-
-10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. See the following example:
-
- 
-
-
-### Create the deployment task sequence
-
-1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, click **New Folder** and create a folder with the name: **Windows 10**.
-
-2. Right-click the **Windows 10** folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- - Task sequence ID: W10-X64-001
- - Task sequence name: Windows 10 Enterprise x64 Custom Image
- - Task sequence comments: Production Image
- - Select Template: Standard Client Task Sequence
- - Select OS: Windows 10 Enterprise x64 Custom Image
- - Specify Product Key: Do not specify a product key at this time
- - Full Name: Contoso
- - Organization: Contoso
- - Internet Explorer home page: http://www.contoso.com
- - Admin Password: pass@word1
-
-### Configure the MDT production deployment share
-
-1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
-
- ```
- copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
- copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
- ```
-2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click **Properties**.
-
-3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- _SMSTSORGNAME=Contoso
- OSInstall=YES
- UserDataLocation=AUTO
- TimeZoneName=Pacific Standard Time
- OSDComputername=#Left("PC-%SerialNumber%",7)#
- AdminPassword=pass@word1
- JoinDomain=contoso.com
- DomainAdmin=administrator
- DomainAdminDomain=CONTOSO
- DomainAdminPassword=pass@word1
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- USMTMigFiles001=MigApp.xml
- USMTMigFiles002=MigUser.xml
- HideShell=YES
- ApplyGPOPack=NO
- SkipAppsOnUpgrade=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=YES
- SkipDomainMembership=YES
- SkipUserData=YES
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=NO
- SkipBitLocker=YES
- SkipSummary=YES
- SkipCapture=YES
- SkipFinalSummary=NO
- EventService=http://SRV1:9800
- ```
- **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
-
- >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
-
- If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
-
- ```
- ScanStateArgs=/ue:*\* /ui:CONTOSO\*
- ```
-
- For example, to migrate **all** users on the computer, replace this line with the following:
-
- ```
- ScanStateArgs=/all
- ```
-
- For more information, see [ScanState Syntax](https://technet.microsoft.com/library/cc749015.aspx).
-
-4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- DeployRoot=\\SRV1\MDTProd$
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-5. Click **OK** when finished.
-
-### Update the deployment share
-
-1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**.
-
-2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
-
-3. Click **Finish** when the update is complete.
-
-### Enable deployment monitoring
-
-1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**.
-
-2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
-
-3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/).
-
-4. Close Internet Explorer.
-
-### Configure Windows Deployment Services
-
-1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
- WDSUTIL /Set-Server /AnswerClients:All
- ```
-
-2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**.
-
-3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then click **Add Boot Image**.
-
-4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image.
-
-### Deploy the client image
-
-1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway.
-
- >**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
-
- Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
-
- ```
- Disable-NetAdapter "Ethernet 2" -Confirm:$false
- ```
-
- >Wait until the disable-netadapter command completes before proceeding.
-
-
-2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
-
- ```
- New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
- Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
- ```
-
- >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
-
-3. Start the new VM and connect to it:
-
- ```
- Start-VM PC2
- vmconnect localhost PC2
- ```
-4. When prompted, hit ENTER to start the network boot process.
-
-5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
-
-6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
-
- ```
- Enable-NetAdapter "Ethernet 2"
- ```
-7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
-8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
-
- 
-
-
-This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
-
-## Refresh a computer with Windows 10
-
-This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md).
-
-1. If the PC1 VM is not already running, then start and connect to it:
-
- ```
- Start-VM PC1
- vmconnect localhost PC1
- ```
-
-2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Checkpoint-VM -Name PC1 -SnapshotName BeginState
- ```
-
-3. Sign on to PC1 using the CONTOSO\Administrator account.
-
- >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
-
-4. Open an elevated command prompt on PC1 and type the following:
-
- ```
- cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
- ```
-
- **Note**: Litetouch.vbs must be able to create the C:\MININT directory on the local computer.
-
-5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
-
-6. Choose **Do not back up the existing computer** and click **Next**.
-
- **Note**: The USMT will still back up the computer.
-
-7. Lite Touch Installation will perform the following actions:
- - Back up user settings and data using USMT.
- - Install the Windows 10 Enterprise X64 operating system.
- - Update the operating system via Windows Update.
- - Restore user settings and data using USMT.
-
- You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
-
-8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
-
-9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Checkpoint-VM -Name PC1 -SnapshotName RefreshState
- ```
-
-10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
- Start-VM PC1
- vmconnect localhost PC1
- ```
-
-11. Sign in to PC1 using the contoso\administrator account.
-
-## Replace a computer with Windows 10
-
-At a high level, the computer replace process consists of:
-- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.
-- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
-
-### Create a backup-only task sequence
-
-1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
-2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
-3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- New-Item -Path C:\MigData -ItemType directory
- New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
- icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
- ```
-4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
-5. Name the new folder **Other**, and complete the wizard using default options.
-6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
- - **Task sequence ID**: REPLACE-001
- - **Task sequence name**: Backup Only Task Sequence
- - **Task sequence comments**: Run USMT to back up user data and settings
- - **Template**: Standard Client Replace Task Sequence (note: this is not the default template)
-7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings.
-8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence.
-
-### Run the backup-only task sequence
-
-1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
-
- ```
- whoami
- ```
-2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
-
- ```
- Remove-Item c:\minint -recurse
- Remove-Item c:\_SMSTaskSequence -recurse
- Restart-Computer
- ```
-3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
-
- ```
- cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
- ```
-4. Complete the deployment wizard using the following:
- - **Task Sequence**: Backup Only Task Sequence
- - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
- - **Computer Backup**: Do not back up the existing computer.
-5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.
-6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
-7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
-
- ```
- PS C:\> dir C:\MigData\PC1\USMT
-
- Directory: C:\MigData\PC1\USMT
-
- Mode LastWriteTime Length Name
- ---- ------------- ------ ----
- -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG
- ```
- ### Deploy PC3
-
-8. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
-
- ```
- New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
- Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
- ```
-9. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- Disable-NetAdapter "Ethernet 2" -Confirm:$false
- ```
-
- >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
-
-
-10. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Start-VM PC3
- vmconnect localhost PC3
- ```
-
-11. When prompted, press ENTER for network boot.
-
-12. On PC3, use the following settings for the Windows Deployment Wizard:
- - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
- - **Move Data and Settings**: Do not move user data and settings
- - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
-
-13. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
-
- ```
- Enable-NetAdapter "Ethernet 2"
- ```
-14. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
-
-15. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
-
-16. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
-
-17. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
-
-## Troubleshooting logs, events, and utilities
-
-Deployment logs are available on the client computer in the following locations:
-- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS
-- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
-- After deployment: %WINDIR%\TEMP\DeploymentLogs
-
-You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**.
-
-Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012)
-
-Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
-
-## Related Topics
-
-[Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741)
-[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-
-
-
-
-
-
-
+---
+title: Step by step - Deploy Windows 10 in a test lab using MDT
+description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT)
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+keywords: deployment, automate, tools, configure, mdt
+ms.localizationpriority: medium
+ms.date: 10/11/2017
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+author: greg-lindsay
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+
+# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
+
+**Applies to**
+
+- Windows 10
+
+**Important**: This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide:
+- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
+
+Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
+- [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
+
+The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
+- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
+- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
+- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
+
+>This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
+
+## In this guide
+
+This guide provides instructions to install and configure the Microsoft Deployment Toolkit (MDT) to deploy a Windows 10 image.
+
+Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
+
+
+
+
+
+## About MDT
+
+MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods.
+- LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
+- ZTI is fully automated, requiring no user interaction and is performed using MDT and Microsoft Endpoint Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
+- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and Microsoft Endpoint Configuration Manager.
+
+## Install MDT
+
+1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
+
+ ```
+ $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
+ Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
+ Stop-Process -Name Explorer
+ ```
+2. Download and install the 64-bit version of [Microsoft Deployment Toolkit (MDT)](https://www.microsoft.com/download/details.aspx?id=54259) on SRV1 using the default options. As of the writing of this guide, the latest version of MDT was 8443.
+
+3. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components.
+
+3. If desired, re-enable IE Enhanced Security Configuration:
+
+ ```
+ Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
+ Stop-Process -Name Explorer
+ ```
+
+## Create a deployment share and reference image
+
+A reference image serves as the foundation for Windows 10 devices in your organization.
+
+1. In [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md), the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
+
+ ```
+ Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
+ ```
+2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
+
+3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
+
+4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then click **Pin this program to the taskbar**.
+
+5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
+
+6. Use the following settings for the New Deployment Share Wizard:
+ - Deployment share path: **C:\MDTBuildLab**
+ - Share name: **MDTBuildLab$**
+ - Deployment share description: **MDT build lab**
+ - Options: click **Next** to accept the default
+ - Summary: click **Next**
+ - Progress: settings will be applied
+ - Confirmation: click **Finish**
+
+
+7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
+
+8. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
+
+9. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+10. Use the following settings for the Import Operating System Wizard:
+ - OS Type: **Full set of source files**
+ - Source: **D:\\**
+ - Destination: **W10Ent_x64**
+ - Summary: click **Next**
+ - Progress: wait for files to be copied
+ - Confirmation: click **Finish**
+
+ >For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](https://technet.microsoft.com/itpro/windows/deploy/create-a-windows-10-reference-image#sec03) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
+
+11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+ - Task sequence ID: **REFW10X64-001**
+ - Task sequence name: **Windows 10 Enterprise x64 Default Image**
+ - Task sequence comments: **Reference Build**
+ - Template: **Standard Client Task Sequence**
+ - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
+ - Specify Product Key: **Do not specify a product key at this time**
+ - Full Name: **Contoso**
+ - Organization: **Contoso**
+ - Internet Explorer home page: **http://www.contoso.com**
+ - Admin Password: **Do not specify an Administrator password at this time**
+ - Summary: click **Next**
+ - Confirmation: click **Finish**
+
+
+12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
+
+13. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**.
+
+14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. Click another location in the window to see the name change.
+
+15. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
+
+16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
+
+17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
+
+ >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
+
+18. Click **OK** to complete editing the task sequence.
+
+19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and click **Properties**, and then click the **Rules** tab.
+
+20. Replace the default rules with the following text:
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ _SMSTSORGNAME=Contoso
+ UserDataLocation=NONE
+ DoCapture=YES
+ OSInstall=Y
+ AdminPassword=pass@word1
+ TimeZoneName=Pacific Standard Time
+ OSDComputername=#Left("PC-%SerialNumber%",7)#
+ JoinWorkgroup=WORKGROUP
+ HideShell=YES
+ FinishAction=SHUTDOWN
+ DoNotCreateExtraPartition=YES
+ ApplyGPOPack=NO
+ SkipAdminPassword=YES
+ SkipProductKey=YES
+ SkipComputerName=YES
+ SkipDomainMembership=YES
+ SkipUserData=YES
+ SkipLocaleSelection=YES
+ SkipTaskSequence=NO
+ SkipTimeZone=YES
+ SkipApplications=YES
+ SkipBitLocker=YES
+ SkipSummary=YES
+ SkipRoles=YES
+ SkipCapture=NO
+ SkipFinalSummary=NO
+ ```
+
+21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ DeployRoot=\\SRV1\MDTBuildLab$
+ UserDomain=CONTOSO
+ UserID=MDT_BA
+ UserPassword=pass@word1
+ SkipBDDWelcome=YES
+ ```
+
+22. Click **OK** to complete the configuration of the deployment share.
+
+23. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
+
+24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice. The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
+
+25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
+
+ >Hint: To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
+
+26. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
+
+
+
+
+ New-VM REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
+ Set-VMMemory REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
+ Set-VMDvdDrive REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
+ Start-VM REFW10X64-001
+ vmconnect localhost REFW10X64-001
+
+
+
+ This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
+
+## Deploy a Windows 10 image using MDT
+
+This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
+
+1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
+ - **Deployment share path**: C:\MDTProd
+ - **Share name**: MDTProd$
+ - **Deployment share description**: MDT Production
+ - **Options**: accept the default
+
+
+2. Click **Next**, verify the new deployment share was added successfully, then click **Finish**.
+
+3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
+
+4. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+5. On the **OS Type** page, choose **Custom image file** and then click **Next**.
+
+6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, click **Open**, and then click **Next**.
+
+7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**.
+
+8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**.
+
+9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, wait for the import process to complete, and then click **Finish**.
+
+10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. See the following example:
+
+ 
+
+
+### Create the deployment task sequence
+
+1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, click **New Folder** and create a folder with the name: **Windows 10**.
+
+2. Right-click the **Windows 10** folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+ - Task sequence ID: W10-X64-001
+ - Task sequence name: Windows 10 Enterprise x64 Custom Image
+ - Task sequence comments: Production Image
+ - Select Template: Standard Client Task Sequence
+ - Select OS: Windows 10 Enterprise x64 Custom Image
+ - Specify Product Key: Do not specify a product key at this time
+ - Full Name: Contoso
+ - Organization: Contoso
+ - Internet Explorer home page: http://www.contoso.com
+ - Admin Password: pass@word1
+
+### Configure the MDT production deployment share
+
+1. On SRV1, open an elevated Windows PowerShell prompt and type the following commands:
+
+ ```
+ copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
+ copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
+ ```
+2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click **Properties**.
+
+3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ _SMSTSORGNAME=Contoso
+ OSInstall=YES
+ UserDataLocation=AUTO
+ TimeZoneName=Pacific Standard Time
+ OSDComputername=#Left("PC-%SerialNumber%",7)#
+ AdminPassword=pass@word1
+ JoinDomain=contoso.com
+ DomainAdmin=administrator
+ DomainAdminDomain=CONTOSO
+ DomainAdminPassword=pass@word1
+ ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+ USMTMigFiles001=MigApp.xml
+ USMTMigFiles002=MigUser.xml
+ HideShell=YES
+ ApplyGPOPack=NO
+ SkipAppsOnUpgrade=NO
+ SkipAdminPassword=YES
+ SkipProductKey=YES
+ SkipComputerName=YES
+ SkipDomainMembership=YES
+ SkipUserData=YES
+ SkipLocaleSelection=YES
+ SkipTaskSequence=NO
+ SkipTimeZone=YES
+ SkipApplications=NO
+ SkipBitLocker=YES
+ SkipSummary=YES
+ SkipCapture=YES
+ SkipFinalSummary=NO
+ EventService=http://SRV1:9800
+ ```
+ **Note**: The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
+
+ >In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
+
+ If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
+
+ ```
+ ScanStateArgs=/ue:*\* /ui:CONTOSO\*
+ ```
+
+ For example, to migrate **all** users on the computer, replace this line with the following:
+
+ ```
+ ScanStateArgs=/all
+ ```
+
+ For more information, see [ScanState Syntax](https://technet.microsoft.com/library/cc749015.aspx).
+
+4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ DeployRoot=\\SRV1\MDTProd$
+ UserDomain=CONTOSO
+ UserID=MDT_BA
+ UserPassword=pass@word1
+ SkipBDDWelcome=YES
+ ```
+5. Click **OK** when finished.
+
+### Update the deployment share
+
+1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**.
+
+2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
+
+3. Click **Finish** when the update is complete.
+
+### Enable deployment monitoring
+
+1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**.
+
+2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+
+3. Verify the monitoring service is working as expected by opening the following link on SRV1 in Internet Explorer: [http://localhost:9800/MDTMonitorEvent/](http://localhost:9800/MDTMonitorEvent/). If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](https://blogs.technet.microsoft.com/mniehaus/2012/05/10/troubleshooting-mdt-2012-monitoring/).
+
+4. Close Internet Explorer.
+
+### Configure Windows Deployment Services
+
+1. Initialize Windows Deployment Services (WDS) by typing the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ WDSUTIL /Verbose /Progress /Initialize-Server /Server:SRV1 /RemInst:"C:\RemoteInstall"
+ WDSUTIL /Set-Server /AnswerClients:All
+ ```
+
+2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**.
+
+3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then click **Add Boot Image**.
+
+4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image.
+
+### Deploy the client image
+
+1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway.
+
+ >**Note**: Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
+
+ Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
+
+ ```
+ Disable-NetAdapter "Ethernet 2" -Confirm:$false
+ ```
+
+ >Wait until the disable-netadapter command completes before proceeding.
+
+
+2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
+
+ ```
+ New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+ Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
+ ```
+
+ >Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
+
+3. Start the new VM and connect to it:
+
+ ```
+ Start-VM PC2
+ vmconnect localhost PC2
+ ```
+4. When prompted, hit ENTER to start the network boot process.
+
+5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
+
+ ```
+ Enable-NetAdapter "Ethernet 2"
+ ```
+7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
+8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes. When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
+
+ 
+
+
+This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
+
+## Refresh a computer with Windows 10
+
+This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md).
+
+1. If the PC1 VM is not already running, then start and connect to it:
+
+ ```
+ Start-VM PC1
+ vmconnect localhost PC1
+ ```
+
+2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios. Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Checkpoint-VM -Name PC1 -SnapshotName BeginState
+ ```
+
+3. Sign on to PC1 using the CONTOSO\Administrator account.
+
+ >Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
+
+4. Open an elevated command prompt on PC1 and type the following:
+
+ ```
+ cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+ ```
+
+ **Note**: For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](https://docs.microsoft.com/configmgr/core/support/tools).
+
+5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+
+6. Choose **Do not back up the existing computer** and click **Next**.
+
+ **Note**: The USMT will still back up the computer.
+
+7. Lite Touch Installation will perform the following actions:
+ - Back up user settings and data using USMT.
+ - Install the Windows 10 Enterprise X64 operating system.
+ - Update the operating system via Windows Update.
+ - Restore user settings and data using USMT.
+
+ You can review the progress of installation on SRV1 by clicking on the **Monitoring** node in the deployment workbench. When OS installation is complete, the computer will restart, set up devices, and configure settings.
+
+8. Sign in with the CONTOSO\Administrator account and verify that all CONTOSO domain user accounts and data have been migrated to the new operating system, or other user accounts as specified [previously](#configure-the-mdt-production-deployment-share).
+
+9. Create another checkpoint for the PC1 VM so that you can review results of the computer refresh later. To create a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Checkpoint-VM -Name PC1 -SnapshotName RefreshState
+ ```
+
+10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
+ Start-VM PC1
+ vmconnect localhost PC1
+ ```
+
+11. Sign in to PC1 using the contoso\administrator account.
+
+## Replace a computer with Windows 10
+
+At a high level, the computer replace process consists of:
+- A special replace task sequence that runs the USMT backup and an optional full Window Imaging (WIM) backup.
+- A standard OS deployment on a new computer. At the end of the deployment, the USMT backup from the old computer is restored.
+
+### Create a backup-only task sequence
+
+1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
+2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
+3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ New-Item -Path C:\MigData -ItemType directory
+ New-SmbShare -Name MigData$ -Path C:\MigData -ChangeAccess EVERYONE
+ icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
+ ```
+4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
+5. Name the new folder **Other**, and complete the wizard using default options.
+6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
+ - **Task sequence ID**: REPLACE-001
+ - **Task sequence name**: Backup Only Task Sequence
+ - **Task sequence comments**: Run USMT to back up user data and settings
+ - **Template**: Standard Client Replace Task Sequence (note: this is not the default template)
+7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings.
+8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence.
+
+### Run the backup-only task sequence
+
+1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
+
+ ```
+ whoami
+ ```
+2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
+
+ ```
+ Remove-Item c:\minint -recurse
+ Remove-Item c:\_SMSTaskSequence -recurse
+ Restart-Computer
+ ```
+3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
+
+ ```
+ cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
+ ```
+4. Complete the deployment wizard using the following:
+ - **Task Sequence**: Backup Only Task Sequence
+ - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
+ - **Computer Backup**: Do not back up the existing computer.
+5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.
+6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
+7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
+
+ ```
+ PS C:\> dir C:\MigData\PC1\USMT
+
+ Directory: C:\MigData\PC1\USMT
+
+ Mode LastWriteTime Length Name
+ ---- ------------- ------ ----
+ -a--- 9/6/2016 11:34 AM 14248685 USMT.MIG
+ ```
+ ### Deploy PC3
+
+8. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
+
+ ```
+ New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+ Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
+ ```
+9. Temporarily disable the external network adapter on SRV1 again, so that we can successfully boot PC3 from WDS. To disable the adapter, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ Disable-NetAdapter "Ethernet 2" -Confirm:$false
+ ```
+
+ >As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
+
+
+10. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Start-VM PC3
+ vmconnect localhost PC3
+ ```
+
+11. When prompted, press ENTER for network boot.
+
+12. On PC3, use the following settings for the Windows Deployment Wizard:
+ - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
+ - **Move Data and Settings**: Do not move user data and settings
+ - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
+
+13. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
+
+ ```
+ Enable-NetAdapter "Ethernet 2"
+ ```
+14. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
+
+15. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
+
+16. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
+
+17. Shut down PC3 in preparation for the [next](windows-10-poc-sc-config-mgr.md) procedure.
+
+## Troubleshooting logs, events, and utilities
+
+Deployment logs are available on the client computer in the following locations:
+- Before the image is applied: X:\MININT\SMSOSD\OSDLOGS
+- After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
+- After deployment: %WINDIR%\TEMP\DeploymentLogs
+
+You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**.
+
+Tools for viewing log files, and to assist with troubleshooting are available in the [System Center 2012 R2 Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012)
+
+Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
+
+## Related Topics
+
+[Microsoft Deployment Toolkit](https://technet.microsoft.com/windows/dn475741)
+[Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
+
+
+
+
+
+
+
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index 929b097d58..fc6a392e8f 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,1081 +1,1083 @@
----
-title: Step by step - Deploy Windows 10 using System Center Configuration Manager
-description: Deploy Windows 10 in a test lab using System Center Configuration Manager
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-keywords: deployment, automate, tools, configure, sccm
-ms.localizationpriority: medium
-ms.date: 10/11/2017
-ms.reviewer:
-manager: laurawi
-ms.audience: itpro
author: greg-lindsay
-audience: itpro
author: greg-lindsay
-ms.topic: article
----
-
-# Deploy Windows 10 in a test lab using System Center Configuration Manager
-
-**Applies to**
-
-- Windows 10
-
-**Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides:
-- [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md)
-- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-
-Please complete all steps in these guides before attempting the procedures in this guide. If you wish to skip the Windows 10 deployment procedures in the MDT guide and move directly to this guide, you must at least install MDT and the Windows ADK before performing procedures in this guide. All steps in the first guide are required before attempting the procedures in this guide.
-
-The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
-- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
-- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
-- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes.
-This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
-
->Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**.
-
-## In this guide
-
-This guide provides end-to-end instructions to install and configure System Center Configuration Manager, and use it to deploy a Windows 10 image. Depending on the speed of your Hyper-V host, the procedures in this guide will require 6-10 hours to complete.
-
-Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
-
-
-
-
-
-## Install prerequisites
-1. Before installing System Center Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ
- ```
-
- >If the request to add features fails, retry the installation by typing the command again.
-
-2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory.
-3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso
- ```
-
- This command mounts the .ISO file to drive D on SRV1.
-
-4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server:
-
- ```
- D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms
- ```
- Installation will take several minutes. When installation is complete, the following output will be displayed:
-
- ```
- Microsoft (R) SQL Server 2014 12.00.5000.00
- Copyright (c) Microsoft Corporation. All rights reserved.
-
- Microsoft (R) .NET Framework CasPol 2.0.50727.7905
- Copyright (c) Microsoft Corporation. All rights reserved.
-
- Success
- Microsoft (R) .NET Framework CasPol 2.0.50727.7905
- Copyright (c) Microsoft Corporation. All rights reserved.
-
- Success
- One or more affected files have operations pending.
- You should restart your computer to complete this process.
- PS C:\>
- ```
-5. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
- New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
- New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
- New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
- New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
- ```
-
-7. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components.
-
-## Install System Center Configuration Manager
-
-1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
-
- ```
- $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
- Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
- Stop-Process -Name Explorer
- ```
-
-2. Download [System Center Configuration Manager and Endpoint Protection](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished.
-
-3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**:
-
- ```
- Get-Service Winmgmt
-
- Status Name DisplayName
- ------ ---- -----------
- Running Winmgmt Windows Management Instrumentation
-
- Test-NetConnection -ComputerName 192.168.0.2 -Port 135 -InformationLevel Detailed
-
- ComputerName : 192.168.0.2
- RemoteAddress : 192.168.0.2
- RemotePort : 135
- AllNameResolutionResults :
- MatchingIPsecRules :
- NetworkIsolationContext : Internet
- InterfaceAlias : Ethernet
- SourceAddress : 192.168.0.2
- NetRoute (NextHop) : 0.0.0.0
- PingSucceeded : True
- PingReplyDetails (RTT) : 0 ms
- TcpTestSucceeded : True
- ```
- You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**.
-
- If the WMI service is not started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information.
-
-4. To extend the Active Directory schema, type the following command at an elevated Windows PowerShell prompt:
-
- ```
- cmd /c C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe
- ```
-
-5. Temporarily switch to the DC1 VM, and type the following command at an elevated command prompt on DC1:
-
- ```
- adsiedit.msc
- ```
-
-6. Right-click **ADSI Edit**, click **Connect to**, select **Default (Domain or server that you logged in to)** under **Computer** and then click **OK**.
-7. Expand **Default naming context**>**DC=contoso,DC=com**, and then in the console tree right-click **CN=System**, point to **New**, and then click **Object**.
-8. Click **container** and then click **Next**.
-9. Next to **Value**, type **System Management**, click **Next**, and then click **Finish**.
-10. Right-click **CN=system Management** and then click **Properties**.
-11. On the **Security** tab, click **Add**, click **Object Types**, select **Computers**, and click **OK**.
-12. Under **Enter the object names to select**, type **SRV1** and click **OK**.
-13. The **SRV1** computer account will be highlighted, select **Allow** next to **Full control**.
-14. Click **Advanced**, click **SRV1 (CONTOSO\SRV1$)** and click **Edit**.
-15. Next to **Applies to**, choose **This object and all descendant objects**, and then click **OK** three times.
-16. Close the ADSI Edit console and switch back to SRV1.
-17. To start Configuration Manager installation, type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- cmd /c C:\configmgr\SMSSETUP\BIN\X64\Setup.exe
- ```
-18. Provide the following in the System Center Configuration Manager Setup Wizard:
- - **Before You Begin**: Read the text and click *Next*.
- - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox.
- - Click **Yes** in response to the popup window.
- - **Product Key**: Choose **Install the evaluation edition of this Product**.
- - **Microsoft Software License Terms**: Read the terms and then select the **I accept these license terms** checkbox.
- - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page.
- - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**.
- - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**.
- - use default settings for all other options
- - **Usage Data**: Read the text and click **Next**.
- - **Service Connection Point Setup**: Accept the default settings (SRV1.contoso.com is automatically added under Select a server to use).
- - **Settings Summary**: Review settings and click **Next**.
- - **Prerequisite Check**: No failures should be listed. Ignore any warnings and click **Begin Install**.
-
- >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment.
-
- Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete.
-
-19. If desired, re-enable IE Enhanced Security Configuration at this time on SRV1:
-
- ```
- Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
- Stop-Process -Name Explorer
- ```
-
-## Download MDOP and install DaRT
-
->[!IMPORTANT]
->This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/).
->If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/).
-
-1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
-
-2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
-
- ```
- Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso
- ```
-3. Type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- cmd /c "D:\DaRT\DaRT 10\Installers\en-us\x64\MSDaRT100.msi"
- ```
-4. Install DaRT 10 using default settings.
-5. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64"
- Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx86.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86"
- ```
-
-## Prepare for Zero Touch installation
-
-This section contains several procedures to support Zero Touch installation with System Center Configuration Manager.
-
-### Create a folder structure
-
-1. Type the following commands at a Windows PowerShell prompt on SRV1:
-
- ```
- New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
- New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
- New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
- New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
- New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
- New-Item -ItemType Directory -Path "C:\Logs"
- New-SmbShare -Name Sources$ -Path C:\Sources -ChangeAccess EVERYONE
- New-SmbShare -Name Logs$ -Path C:\Logs -ChangeAccess EVERYONE
- ```
-
-### Enable MDT ConfigMgr integration
-
-1. On SRV1, click **Start**, type **configmgr**, and then click **Configure ConfigMgr Integration**.
-2. Type **PS1** next to **Site code**, and then click **Next**.
-3. Verify **The process completed successfully** is displayed, and then click **Finish**.
-
-### Configure client settings
-
-1. On SRV1, click **Start**, type **configuration manager**, right-click **Configuration Manager Console**, and then click **Pin to Taskbar**.
-2. Click **Desktop**, and then launch the Configuration Manager console from the taskbar.
-3. If the console notifies you that an update is available, click **OK**. It is not necessary to install updates to complete this lab.
-4. In the console tree, open the **Administration** workspace (in the lower left corner) and click **Client Settings**.
-5. In the display pane, double-click **Default Client Settings**.
-6. Click **Computer Agent**, next to **Organization name displayed in Software Center** type **Contoso**, and then click **OK**.
-
-### Configure the network access account
-
-1. In the Administration workspace, expand **Site Configuration** and click **Sites**.
-2. On the **Home** ribbon at the top of the console window, click **Configure Site Components** and then click **Software Distribution**.
-3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**.
-4. Click the yellow starburst and then click **New Account**.
-5. Click **Browse** and then under **Enter the object name to select**, type **CM_NAA** and click **OK**.
-6. Next to **Password** and **Confirm Password**, type pass@word1, and then click **OK** twice.
-
-### Configure a boundary group
-
-1. In the Administration workspace, expand **Hierarchy Configuration**, right-click **Boundaries** and then click **Create Boundary**.
-2. Next to **Description**, type **PS1**, next to **Type** choose **Active Directory Site**, and then click **Browse**.
-3. Choose **Default-First-Site-Name** and then click **OK** twice.
-4. In the Administration workspace, right-click **Boundary Groups** and then click **Create Boundary Group**.
-5. Next to **Name**, type **PS1 Site Assignment and Content Location**, click **Add**, select the **Default-First-Site-Name** boundary and then click **OK**.
-6. On the **References** tab in the **Create Boundary Group** window select the **Use this boundary group for site assignment** checkbox.
-7. Click **Add**, select the **\\\SRV1.contoso.com** checkbox, and then click **OK** twice.
-
-### Add the state migration point role
-
-1. In the Administration workspace, expand **Site Configuration**, click **Sites**, and then in on the **Home** ribbon at the top of the console click **Add Site System Roles**.
-2. In the Add site System Roles Wizard, click **Next** twice and then on the Specify roles for this server page, select the **State migration point** checkbox.
-3. Click **Next**, click the yellow starburst, type **C:\MigData** for the **Storage folder**, and click **OK**.
-4. Click **Next**, and then verify under **Boundary groups** that **PS1 Site Assignment and Content Location** is displayed.
-5. Click **Next** twice and then click **Close**.
-
-### Enable PXE on the distribution point
-
->[!IMPORTANT]
->Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1:
-
-```
-WDSUTIL /Set-Server /AnswerClients:None
-```
-
-1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- (Get-NetAdapter "Ethernet").MacAddress
- ```
- >If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**.
-
-2. In the System Center Configuration Manager console, in the **Administration** workspace, click **Distribution Points**.
-3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**.
-4. On the PXE tab, select the following settings:
- - **Enable PXE support for clients**. Click **Yes** in the popup that appears.
- - **Allow this distribution point to respond to incoming PXE requests**
- - **Enable unknown computer support**. Click **OK** in the popup that appears.
- - **Require a password when computers use PXE**
- - **Password** and **Confirm password**: pass@word1
- - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
-
- See the following example:
-
- 
-
-5. Click **OK**.
-6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
-
- ```
- cmd /c dir /b C:\RemoteInstall\SMSBoot\x64
-
- abortpxe.com
- bootmgfw.efi
- bootmgr.exe
- pxeboot.com
- pxeboot.n12
- wdsmgfw.efi
- wdsnbp.com
- ```
- >If these files are not present in the C:\RemoteInstall directory, verify that the REMINST share is configured as C:\RemoteInstall. You can view the properties of this share by typing "net share REMINST" at a command prompt. If the share path is set to a different value, then replace C:\RemoteInstall with your REMINST share path.
- >You can also type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red:
-
- ```
- Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
- ```
-
- The log file will updated continuously while Configuration Manager is running. Wait for Configuration Manager to repair any issues that are present, and periodically re-check that the files are present in the REMINST share location. Close the Configuration Manager Trace Log Tool when done. You will see the following line in distmgr.log that indicates the REMINST share is being populated with necessary files:
-
- Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall"
-
- Once the files are present in the REMINST share location, you can close the cmtrace tool.
-
-### Create a branding image file
-
-1. If you have a bitmap (.BMP) image for suitable use as a branding image, copy it to the C:\Sources\OSD\Branding folder on SRV1. Otherwise, use the following step to copy a simple branding image.
-2. Type the following command at an elevated Windows PowerShell prompt:
-
- ```
- copy "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" "C:\Sources\OSD\Branding\contoso.bmp"
- ```
- >You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image.
-
-
-### Create a boot image for Configuration Manager
-
-1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**.
-2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**.
- - The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later.
-3. On the General Settings page, type **Zero Touch WinPE x64** next to **Name**, and click **Next**.
-4. On the Options page, under **Platform** choose **x64**, and click **Next**.
-5. On the Components page, in addition to the default selection of **Microsoft Data Access Components (MDAC/ADO) support**, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox, and click **Next**.
-6. On the Customization page, select the **Use a custom background bitmap file** checkbox, and under **UNC path**, type or browse to **\\\SRV1\Sources$\OSD\Branding\contoso.bmp**, and then click **Next** twice. It will take a few minutes to generate the boot image.
-7. Click **Finish**.
-8. In the console display pane, right-click the **Zero Touch WinPE x64** boot image, and then click **Distribute Content**.
-9. In the Distribute Content Wizard, click **Next**, click **Add** and select **Distribution Point**, select the **SRV1.CONTOSO.COM** checkbox, click **OK**, click **Next** twice, and then click **Close**.
-10. Use the CMTrace application to view the **distmgr.log** file again and verify that the boot image has been distributed. To open CMTrace, type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
- ```
-
- In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
-
- ```
- STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A" SMS_DISTRIBUTION_MANAGER 10/9/2018 3:36:30 PM 1424 (0x0590)
- ```
-
-11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
-12. Next, in the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
-13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**.
-14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example:
-
- ```
- cmd /c dir /s /b C:\RemoteInstall\SMSImages
-
- C:\RemoteInstall\SMSImages\PS100004
- C:\RemoteInstall\SMSImages\PS100005
- C:\RemoteInstall\SMSImages\PS100006
- C:\RemoteInstall\SMSImages\PS100004\boot.PS100004.wim
- C:\RemoteInstall\SMSImages\PS100005\boot.PS100005.wim
- C:\RemoteInstall\SMSImages\PS100006\WinPE.PS100006.wim
- ```
-
- >The first two images (*.wim files) are default boot images. The third is the new boot image with DaRT.
-
-### Create a Windows 10 reference image
-
-If you have already completed steps in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then you have already created a Windows 10 reference image. In this case, skip to the next procedure in this guide: [Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image). If you have not yet created a Windows 10 reference image, complete the steps in this section.
-
-1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
-
- ```
- Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
- ```
-2. Verify that the Windows Enterprise installation DVD is mounted on SRV1 as drive letter D.
-
-3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
-
-4. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-
-5. Use the following settings for the New Deployment Share Wizard:
- - Deployment share path: **C:\MDTBuildLab**
- - Share name: **MDTBuildLab$**
- - Deployment share description: **MDT build lab**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
- - Confirmation: click **Finish**
-
-6. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
-
-7. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
-
-7. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
-
-8. Use the following settings for the Import Operating System Wizard:
- - OS Type: **Full set of source files**
- - Source: **D:\\**
- - Destination: **W10Ent_x64**
- - Summary: click **Next**
- - Confirmation: click **Finish**
-
-9. For purposes of this test lab, we will not add applications, such as Microsoft Office, to the deployment share. For information about adding applications, see the [Add applications](deploy-windows-mdt/create-a-windows-10-reference-image.md#sec03) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
-
-10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node under **MDT Build Lab** and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
- - Task sequence ID: **REFW10X64-001**
- - Task sequence name: **Windows 10 Enterprise x64 Default Image**
- - Task sequence comments: **Reference Build**
- - Template: **Standard Client Task Sequence**
- - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
- - Specify Product Key: **Do not specify a product key at this time**
- - Full Name: **Contoso**
- - Organization: **Contoso**
- - Internet Explorer home page: **http://www.contoso.com**
- - Admin Password: **Do not specify an Administrator password at this time**
- - Summary: click **Next**
- - Confirmation: click **Finish**
-
-11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
-
-12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
-
-13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again.
-
-14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
-
-15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
-
-16. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
- >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
-
-17. Click **OK** to complete editing the task sequence.
-
-18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click **Properties**, and then click the **Rules** tab.
-
-19. Replace the default rules with the following text:
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- _SMSTSORGNAME=Contoso
- UserDataLocation=NONE
- DoCapture=YES
- OSInstall=Y
- AdminPassword=pass@word1
- TimeZoneName=Pacific Standard TimeZoneName
- OSDComputername=#Left("PC-%SerialNumber%",7)#
- JoinWorkgroup=WORKGROUP
- HideShell=YES
- FinishAction=SHUTDOWN
- DoNotCreateExtraPartition=YES
- ApplyGPOPack=NO
- SkipAdminPassword=YES
- SkipProductKey=YES
- SkipComputerName=YES
- SkipDomainMembership=YES
- SkipUserData=YES
- SkipLocaleSelection=YES
- SkipTaskSequence=NO
- SkipTimeZone=YES
- SkipApplications=YES
- SkipBitLocker=YES
- SkipSummary=YES
- SkipRoles=YES
- SkipCapture=NO
- SkipFinalSummary=NO
- ```
-
-20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
-
- ```
- [Settings]
- Priority=Default
-
- [Default]
- DeployRoot=\\SRV1\MDTBuildLab$
- UserDomain=CONTOSO
- UserID=MDT_BA
- UserPassword=pass@word1
- SkipBDDWelcome=YES
- ```
-
-21. Click **OK** to complete the configuration of the deployment share.
-
-22. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
-
-23. Accept all default values in the Update Deployment Share Wizard by clicking **Next**. The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
-
-24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
-
- >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
-
-25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
-
- ```
- New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
- Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
- Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
- Start-VM REFW10X64-001
- vmconnect localhost REFW10X64-001
- ```
-26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**.
-
-27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated.
-
- Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
-
- - Install the Windows 10 Enterprise operating system.
- - Install added applications, roles, and features.
- - Update the operating system using Windows Update (or WSUS if optionally specified).
- - Stage Windows PE on the local disk.
- - Run System Preparation (Sysprep) and reboot into Windows PE.
- - Capture the installation to a Windows Imaging (WIM) file.
- - Turn off the virtual machine.
-
- This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**.
-
-### Add a Windows 10 operating system image
-
-1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
- cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
- ```
-
-2. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Operating System Images**, and then click **Add Operating System Image**.
-
-3. On the Data Source page, under **Path:**, type or browse to **\\\SRV1\Sources$\OSD\OS\Windows 10 Enterprise x64\REFW10X64-001.wim**, and click **Next**.
-
-4. On the General page, next to **Name:**, type **Windows 10 Enterprise x64**, click **Next** twice, and then click **Close**.
-
-5. Distribute the operating system image to the SRV1 distribution point by right-clicking the **Windows 10 Enterprise x64** operating system image and then clicking **Distribute Content**.
-
-6. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
-
-7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar (be sure there is no space at the end of the location or you will get an error), click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
-
- >If content distribution is not successful, verify that sufficient disk space is available.
-
-### Create a task sequence
-
->Complete this section slowly. There are a large number of similar settings from which to choose.
-
-1. In the Configuration Manager console, in the **Software Library** workspace expand **Operating Systems**, right-click **Task Sequences**, and then click **Create MDT Task Sequence**.
-
-2. On the Choose Template page, select the **Client Task Sequence** template and click **Next**.
-
-3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**.
-
-4. On the Details page, enter the following settings:
- - Join a domain: **contoso.com**
- - Account: click **Set**
- - User name: **contoso\CM_JD**
- - Password: pass@word1
- - Confirm password: pass@word1
- - Click **OK**
- - Windows Settings
- - User name: **Contoso**
- - Organization name: **Contoso**
- - Product key: \
- - Administrator Account: **Enable the account and specify the local administrator password**
- - Password: pass@word1
- - Confirm password: pass@word1
- - Click **Next**
-
-5. On the Capture Settings page, accept the default settings and click **Next**.
-
-6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, click **OK**, and then click **Next**.
-
-7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\MDT\MDT** (MDT is repeated here, not a typo), and then click **Next**.
-
-8. On the MDT Details page, next to **Name:** type **MDT** and then click **Next**.
-
-9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, click **OK**, and then click **Next**.
-
-10. On the Deployment Method page, accept the default settings for **Zero Touch Installation** and click **Next**.
-
-11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package**, click **OK**, and then click **Next**.
-
-12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 10.0.14393.0** package, click **OK**, and then click **Next**.
-
-13. On the Settings Package page, select **Create a new settings package**, and under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Settings\Windows 10 x64 Settings**, and then click **Next**.
-
-14. On the Settings Details page, next to **Name:**, type **Windows 10 x64 Settings**, and click **Next**.
-
-15. On the Sysprep Package page, click **Next** twice.
-
-16. On the Confirmation page, click **Finish**.
-
-### Edit the task sequence
-
-1. In the Configuration Manager console, in the **Software Library** workspace, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Edit**.
-
-2. Scroll down to the **Install** group and click the **Set Variable for Drive Letter** action.
-
-3. Change the Value under **OSDPreserveDriveLetter** from **False** to **True**, and then click **Apply**.
-
-4. In the **State Restore** group, click the **Set Status 5** action, click **Add** in the upper left corner, point to **User State**, and click **Request State Store**. This adds a new action immediately after **Set Status 5**.
-
-5. Configure the **Request State Store** action that was just added with the following settings:
- - Request state storage location to: **Restore state from another computer**
- - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **Apply**
.
-
-6. In the **State Restore** group, click **Restore User State**, click **Add**, point to **User State**, and click **Release State Store**.
-
-7. Configure the **Release State Store** action that was just added with the following settings:
- - Options tab: Select the **Continue on error** checkbox.
- - Add Condition: **Task Sequence Variable**:
- - Variable: **USMTLOCAL**
- - Condition: **not equals**
- - Value: **True**
- - Click **OK**.
- - Click **OK**
.
-
-
-### Finalize the operating system configuration
-
->If you completed all procedures in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then the MDT deployment share is already present on SRV1. In this case, skip the first four steps below and begin with step 5 to edit CustomSettings.ini.
-
-1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then click **New Deployment Share**.
-
-2. Use the following settings for the New Deployment Share Wizard:
- - Deployment share path: **C:\MDTProduction**
- - Share name: **MDTProduction$**
- - Deployment share description: **MDT Production**
- - Options: click **Next** to accept the default
- - Summary: click **Next**
- - Progress: settings will be applied
- - Confirmation: click **Finish**
-
-3. Right-click the **MDT Production** deployment share, and click **Properties**.
-
-4. Click the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
-
-5. Type the following command at an elevated Windows PowerShell prompt on SRV1:
-
- ```
- notepad "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini"
- ```
-6. Replace the contents of the file with the following text, and then save the file:
-
- ```
- [Settings]
- Priority=Default
- Properties=OSDMigrateConfigFiles,OSDMigrateMode
-
- [Default]
- DoCapture=NO
- ComputerBackupLocation=NONE
- OSDMigrateMode=Advanced
- OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
- OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
- SLSHARE=\\SRV1\Logs$
- EventService=http://SRV1:9800
- ApplyGPOPack=NO
- ```
-
- >As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts:
-
- ```
- OSDMigrateAdditionalCaptureOptions=/all
- ```
-
-
-7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears.
-
-8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**.
-
-9. In the Distribute Content Wizard, click **Next** twice, click **Add**, click **Distribution Point**, select the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
-
-10. Enter **\Monitoring\Overview\Distribution Status\Content Status\Windows 10 Enterprise x64** on the location bar, double-click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**.
-
-### Create a deployment for the task sequence
-
-1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**.
-
-2. On the General page, next to **Collection**, click **Browse**, select the **All Unknown Computers** collection, click **OK**, and then click **Next**.
-
-3. On the Deployment Settings page, use the following settings:
- - Purpose: **Available**
- - Make available to the following: **Only media and PXE**
- - Click **Next**.
-4. Click **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages.
-
-5. Click **Close**.
-
-## Deploy Windows 10 using PXE and Configuration Manager
-
-In this first deployment scenario, we will deploy Windows 10 using PXE. This scenario creates a new computer that does not have any migrated users or settings.
-
-1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
- Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
- Start-VM PC4
- vmconnect localhost PC4
- ```
-
-2. Press ENTER when prompted to start the network boot service.
-
-3. In the Task Sequence Wizard, provide the password: pass@word1, and then click **Next**.
-
-4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
-
-5. At the command prompt, type **explorer.exe** and review the Windows PE file structure.
-
-6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations:
- - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted.
- - x:\smstslog\smsts.log after disks are formatted.
- - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the System Center Configuration Manager client is installed.
- - c:\windows\ccm\logs\Smstslog\smsts.log after the System Center Configuration Manager client is installed.
- - c:\windows\ccm\logs\smsts.log when the task sequence is complete.
-
- Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open.
-
-7. In the explorer window, click **Tools** and then click **Map Network Drive**.
-
-8. Do not map a network drive at this time. If you need to save the smsts.log file, you can use this method to save the file to a location on SRV1.
-
-9. Close the Map Network Drive window, the Explorer window, and the command prompt.
-
-10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequenc Wizard. Click **Next** to continue with the deployment.
-
-11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will:
- - Install Windows 10
- - Install the Configuration Manager client and hotfix
- - Join the computer to the contoso.com domain
- - Install any applications that were specified in the reference image
-
-
-12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account.
-
-13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click **Turn Windows features on or off**, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image.
-
-14. Shut down the PC4 VM.
-
->Note: The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete.
-
-## Replace a client with Windows 10 using Configuration Manager
-
->Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoso.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter.
-
-
-
-In the replace procedure, PC1 will not be migrated to a new operating system. It is simplest to perform this procedure before performing the refresh procedure. After refreshing PC1, the operating system will be new. The next (replace) procedure does not install a new operating system on PC1 but rather performs a side-by-side migration of PC1 and another computer (PC4), to copy users and settings from PC1 to the new computer.
-
-### Create a replace task sequence
-
-1. On SRV1, in the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and then click **Create MDT Task Sequence**.
-
-2. On the Choose Template page, select **Client Replace Task Sequence** and click **Next**.
-
-3. On the General page, type the following:
- - Task sequence name: **Replace Task Sequence**
- - Task sequence comments: **USMT backup only**
-
-4. Click **Next**, and on the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package. Click **OK** and then click **Next** to continue.
-5. On the MDT Package page, browse and select the **MDT** package. Click **OK** and then click **Next** to continue.
-6. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package. Click **OK** and then click **Next** to continue.
-7. On the Settings Package page, browse and select the **Windows 10 x64 Settings** package. Click **OK** and then click **Next** to continue.
-8. On the Summary page, review the details and then click **Next**.
-9. On the Confirmation page, click **Finish**.
-
->If an error is displayed at this stage it can be caused by a corrupt MDT integration. To repair it, close the Configuration Manager console, remove MDT integration, and then restore MDT integration.
-
-### Deploy PC4
-
-Create a VM named PC4 to receive the applications and settings from PC1. This VM represents a new computer that will replace PC1. To create this VM, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
-```
-New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
-Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20
-Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
-```
-
->Hyper-V enables us to define a static MAC address on PC4. In a real-world scenario you must determine the MAC address of the new computer.
-
-### Install the Configuration Manager client on PC1
-
-1. Verify that the PC1 VM is running and in its original state, which was saved as a checkpoint and then restored in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md).
-
-2. If a PC1 checkpoint has not already been saved, then save a checkpoint by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Checkpoint-VM -Name PC1 -SnapshotName BeginState
- ```
-
-3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**.
-4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox.
-5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times.
-6. When a popup dialog box asks if you want to run full discovery, click **Yes**.
-7. In the Assets and Compliance workspace, click **Devices** and verify that the computer account names for SRV1 and PC1 are displayed. See the following example (GREGLIN-PC1 is the computer account name of PC1 in this example):
-
- 
-
- >If you do not see the computer account for PC1, try clicking the **Refresh** button in the upper right corner of the console.
-
- The **Client** column indicates that the Configuration Manager client is not currently installed. This procedure will be carried out next.
-
-8. Sign in to PC1 using the contoso\administrator account and type the following at an elevated command prompt to remove any pre-existing client configuration, if it exists. Note: this command requires an elevated command prompt not an elevated Windows PowerShell prompt:
-
- ```
- sc stop ccmsetup
- "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall
- ```
- >If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the SCCM client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/).
-
-9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue:
-
- ```
- net stop wuauserv
- net stop BITS
- ```
-
- Verify that both services were stopped successfully, then type the following at an elevated command prompt:
-
- ```
- del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
- net start BITS
- bitsadmin /list /allusers
- ```
-
- Verify that BITSAdmin displays 0 jobs.
-
-10. To install the Configuration Manager client as a standalone process, type the following at an elevated command prompt:
-
- ```
- "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /mp:SRV1.contoso.com /logon SMSSITECODE=PS1
- ```
-11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here.
-12. Installation progress will be captured in the file: **c:\windows\ccmsetup\logs\ccmsetup.log**. You can periodically open this file in notepad, or you can type the following command at an elevated Windows PowerShell prompt to monitor installation progress:
-
- ```
- Get-Content -Path c:\windows\ccmsetup\logs\ccmsetup.log -Wait
- ```
-
- Installation might require several minutes, and display of the log file will appear to hang while some applications are installed. This is normal. When setup is complete, verify that **CcmSetup is existing with return code 0** is displayed on the last line of the ccmsetup.log file and then press **CTRL-C** to break out of the Get-Content operation (if you are viewing the log in Windows PowerShell the last line will be wrapped). A return code of 0 indicates that installation was successful and you should now see a directory created at **C:\Windows\CCM** that contains files used in registration of the client with its site.
-
-13. On PC1, open the Configuration Manager control panel applet by typing the following command:
-
- ```
- control smscfgrc
- ```
-
-14. Click the **Site** tab, click **Configure Settings**, and click **Find Site**. The client will report that it has found the PS1 site. See the following example:
-
- 
-
- If the client is not able to find the PS1 site, review any error messages that are displayed in **C:\Windows\CCM\Logs\ClientIDManagerStartup.log** and **LocationServices.log**. A common reason the site code is not located is because a previous configuration exists. For example, if a previous site code is configured at **HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\GPRequestedSiteAssignmentCode** this must be deleted or updated.
-
-15. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **All Desktop and Server Clients**. This node will be added under **Devices**.
-
-16. Click **All Desktop and Server Clients** and verify that the computer account for PC1 is displayed here with **Yes** and **Active** in the **Client** and **Client Activity** columns, respectively. You might have to refresh the view and wait few minutes for the client to appear here. See the following example:
-
- 
-
- >It might take several minutes for the client to fully register with the site and complete a client check. When it is complete you will see a green check mark over the client icon as shown above. To refresh the client, click it and then press **F5** or right-click the client and click **Refresh**.
-
-### Create a device collection and deployment
-
-1. On SRV1, in the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**.
-
-2. Use the following settings in the **Create Device Collection Wizard**:
- - General > Name: **Install Windows 10 Enterprise x64**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM
- - Click **Next** twice and then click **Close** in both windows (Next, Next, Close, then Next, Next, Close)
-
-3. Double-click the Install Windows 10 Enterprise x64 device collection and verify that the PC1 computer account is displayed.
-
-4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**.
-
-5. Use the following settings in the Deploy Software wizard:
- - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
- - Deployment Settings > Purpose: **Available**
- - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
- - Scheduling > Click **Next**
- - User Experience > Click **Next**
- - Alerts > Click **Next**
- - Distribution Points > Click **Next**
- - Summary > Click **Next**
- - Verify that the wizard completed successfully and then click **Close**
-
-
-### Associate PC4 with PC1
-
-1. On SRV1 in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices** and then click **Import Computer Information**.
-
-2. On the Select Source page, choose **Import single computer** and click **Next**.
-
-3. On the Single Computer page, use the following settings:
- - Computer Name: **PC4**
- - MAC Address: **00:15:5D:83:26:FF**
- - Source Computer: \
-
-4. Click **Next**, and on the User Accounts page choose **Capture and restore specified user accounts**, then click the yellow starburst next to **User accounts to migrate**.
-
-5. Click **Browse** and then under Enter the object name to select type **user1** and click OK twice.
-
-6. Click the yellow starburst again and repeat the previous step to add the **contoso\administrator** account.
-
-7. Click **Next** twice, and on the Choose Target Collection page, choose **Add computers to the following collection**, click **Browse**, choose **Install Windows 10 Enterprise x64**, click **OK**, click **Next** twice, and then click **Close**.
-
-8. In the Assets and Compliance workspace, click **User State Migration** and review the computer association in the display pane. The source computer will be the computername of PC1 (GREGLIN-PC1 in this example), the destination computer will be **PC4**, and the migration type will be **side-by-side**.
-
-9. Right-click the association in the display pane and then click **Specify User Accounts**. You can add or remove user account here. Click **OK**.
-
-10. Right-click the association in the display pane and then click **View Recovery Information**. Note that a recovery key has been assigned, but a user state store location has not. Click **Close**.
-
-11. Click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. Verify that **PC4** is displayed in the collection. You might have to update and refresh the collection, or wait a few minutes, but do not proceed until PC4 is available. See the following example:
-
- 
-
-### Create a device collection for PC1
-
-1. On SRV1, in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**.
-
-2. Use the following settings in the **Create Device Collection Wizard**:
- - General > Name: **USMT Backup (Replace)**
- - General > Limiting collection: **All Systems**
- - Membership Rules > Add Rule: **Direct Rule**
- - The **Create Direct Membership Rule Wizard** opens, click **Next**
- - Search for Resources > Resource class: **System Resource**
- - Search for Resources > Attribute name: **Name**
- - Search for Resources > Value: **%**
- - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
- - Click **Next** twice and then click **Close** in both windows.
-
-3. Click **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Do not proceed until this name is displayed.
-
-### Create a new deployment
-
-In the Configuration Manager console, in the Software Library workspace under Operating Systems, click **Task Sequences**, right-click **Replace Task Sequence**, click **Deploy**, and use the following settings:
-- General > Collection: **USMT Backup (Replace)**
-- Deployment Settings > Purpose: **Available**
-- Deployment Settings > Make available to the following: **Only Configuration Manager Clients**
-- Scheduling: Click **Next**
-- User Experience: Click **Next**
-- Alerts: Click **Next**
-- Distribution Points: Click **Next**
-- Click **Next** and then click **Close**.
-
-### Verify the backup
-
-1. On PC1, open the Configuration Manager control panel applet by typing the following command:
-
- ```
- control smscfgrc
- ```
-2. On the **Actions** tab, click **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, click **OK**, and then click **OK** again. This is one method that can be used to run a task sequence in addition to the Client Notification method that will be demonstrated in the computer refresh procedure.
-
-3. Type the following at an elevated command prompt to open the Software Center:
-
- ```
- C:\Windows\CCM\SCClient.exe
- ```
-
-4. In the Software Center , click **Available Software** and then select the **Replace Task Sequence** checkbox. See the following example:
-
- 
-
- >If you do not see any available software, try running step #2 again to start the Machine Policy Retrieval & Evaluation Cycle. You should see an alert that new software is available.
-
-5. Click **INSTALL SELECTED** and then click **INSTALL OPERATING SYSTEM**.
-6. Allow the **Replace Task Sequence** to complete, then verify that the C:\MigData folder on SRV1 contains the USMT backup.
-
-### Deploy the new computer
-
-1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows Powershell prompt on the Hyper-V host:
-
- ```
- Start-VM PC4
- vmconnect localhost PC4
- ```
-2. In the **Welcome to the Task Sequence Wizard**, enter pass@word1 and click **Next**.
-3. Choose the **Windows 10 Enterprise X64** image.
-4. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1.
-5. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs.
-
- To save a checkpoint for all VMs, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
-
- ```
- Checkpoint-VM -Name DC1 -SnapshotName cm-refresh
- Checkpoint-VM -Name SRV1 -SnapshotName cm-refresh
- Checkpoint-VM -Name PC1 -SnapshotName cm-refresh
- ```
-
-## Refresh a client with Windows 10 using Configuration Manager
-
-
-### Initiate the computer refresh
-
-1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**.
-2. Right-click the computer account for PC1, point to **Client Notification**, click **Download Computer Policy**, and click **OK** in the popup dialog box.
-3. On PC1, in the notification area, click **New software is available** and then click **Open Software Center**.
-4. In the Software Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example:
-
- 
-
- The computer will restart several times during the installation process. Installation includes downloading updates, reinstalling the Configuration Manager Client Agent, and restoring the user state. You can view status of the installation in the Configuration Manager console by accessing the Monitoring workspace, clicking **Deployments**, and then double-clicking the deployment associated with the **Install Windows 10 Enterprise x64** collection. Under **Asset Details**, right-click the device and then click **More Details**. Click the **Status** tab to see a list of tasks that have been performed. See the following example:
-
- 
-
- You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**.
-
- When installation has completed, sign in using the contoso\administrator account or the contoso\user1 account and verify that applications and settings have been successfully backed up and restored to your new Windows 10 Enterprise operating system.
-
- 
-
-
-
-## Related Topics
-
-[System Center 2012 Configuration Manager Survival Guide](https://social.technet.microsoft.com/wiki/contents/articles/7075.system-center-2012-configuration-manager-survival-guide.aspx#Step-by-Step_Guides)
-
-
-
-
-
-
-
+---
+title: Step by step - Deploy Windows 10 using Microsoft Endpoint Configuration Manager
+description: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: deploy
+keywords: deployment, automate, tools, configure, sccm
+ms.localizationpriority: medium
+ms.date: 10/11/2017
+ms.reviewer:
+manager: laurawi
+ms.audience: itpro
+author: greg-lindsay
+audience: itpro
+author: greg-lindsay
+ms.topic: article
+---
+
+# Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager
+
+**Applies to**
+
+- Windows 10
+
+**Important**: This guide leverages the proof of concept (PoC) environment, and some settings that are configured in the following guides:
+- [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md)
+- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
+
+Please complete all steps in these guides before attempting the procedures in this guide. If you wish to skip the Windows 10 deployment procedures in the MDT guide and move directly to this guide, you must at least install MDT and the Windows ADK before performing procedures in this guide. All steps in the first guide are required before attempting the procedures in this guide.
+
+The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
+- **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
+- **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
+- **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been cloned from a physical computer on your corporate network for testing purposes.
+This guide leverages the Hyper-V server role to perform procedures. If you do not complete all steps in a single session, consider using [checkpoints](https://technet.microsoft.com/library/dn818483.aspx) and [saved states](https://technet.microsoft.com/library/ee247418.aspx) to pause, resume, or restart your work.
+
+>Multiple features and services are installed on SRV1 in this guide. This is not a typical installation, and is only done to set up a lab environment with a bare minimum of resources. However, if less than 4 GB of RAM is allocated to SRV1 in the Hyper-V console, some procedures will be extremely slow to complete. If resources are limited on the Hyper-V host, consider reducing RAM allocation on DC1 and PC1, and then increasing the RAM allocation on SRV1. You can adjust RAM allocation for a VM by right-clicking the VM in the Hyper-V Manager console, clicking **Settings**, clicking **Memory**, and modifying the value next to **Maximum RAM**.
+
+## In this guide
+
+This guide provides end-to-end instructions to install and configure Microsoft Endpoint Configuration Manager, and use it to deploy a Windows 10 image. Depending on the speed of your Hyper-V host, the procedures in this guide will require 6-10 hours to complete.
+
+Topics and procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
+
+
+
+
+
+## Install prerequisites
+1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ
+ ```
+
+ >If the request to add features fails, retry the installation by typing the command again.
+
+2. Download [SQL Server 2014 SP2](https://www.microsoft.com/evalcenter/evaluate-sql-server-2014-sp2) from the Microsoft Evaluation Center as an .ISO file on the Hyper-V host computer. Save the file to the **C:\VHD** directory.
+3. When you have downloaded the file **SQLServer2014SP2-FullSlipstream-x64-ENU.iso** and placed it in the C:\VHD directory, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\SQLServer2014SP2-FullSlipstream-x64-ENU.iso
+ ```
+
+ This command mounts the .ISO file to drive D on SRV1.
+
+4. Type the following command at an elevated Windows PowerShell prompt on SRV1 to install SQL Server:
+
+ ```
+ D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms
+ ```
+ Installation will take several minutes. When installation is complete, the following output will be displayed:
+
+ ```
+ Microsoft (R) SQL Server 2014 12.00.5000.00
+ Copyright (c) Microsoft Corporation. All rights reserved.
+
+ Microsoft (R) .NET Framework CasPol 2.0.50727.7905
+ Copyright (c) Microsoft Corporation. All rights reserved.
+
+ Success
+ Microsoft (R) .NET Framework CasPol 2.0.50727.7905
+ Copyright (c) Microsoft Corporation. All rights reserved.
+
+ Success
+ One or more affected files have operations pending.
+ You should restart your computer to complete this process.
+ PS C:\>
+ ```
+5. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ New-NetFirewallRule -DisplayName “SQL Server” -Direction Inbound –Protocol TCP –LocalPort 1433 -Action allow
+ New-NetFirewallRule -DisplayName “SQL Admin Connection” -Direction Inbound –Protocol TCP –LocalPort 1434 -Action allow
+ New-NetFirewallRule -DisplayName “SQL Database Management” -Direction Inbound –Protocol UDP –LocalPort 1434 -Action allow
+ New-NetFirewallRule -DisplayName “SQL Service Broker” -Direction Inbound –Protocol TCP –LocalPort 4022 -Action allow
+ New-NetFirewallRule -DisplayName “SQL Debugger/RPC” -Direction Inbound –Protocol TCP –LocalPort 135 -Action allow
+ ```
+
+7. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 1703. Installation might require several minutes to acquire all components.
+
+## Install Microsoft Endpoint Configuration Manager
+
+1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
+
+ ```
+ $AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
+ Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 0
+ Stop-Process -Name Explorer
+ ```
+
+2. Download [Microsoft Endpoint Configuration Manager and Endpoint Protection](https://www.microsoft.com/evalcenter/evaluate-system-center-configuration-manager-and-endpoint-protection) on SRV1 (download the executable file anywhere on SRV1), double-click the file, enter **C:\configmgr** for **Unzip to folder**, and click **Unzip**. The C:\configmgr directory will be automatically created. Click **OK** and then close the **WinZip Self-Extractor** dialog box when finished.
+
+3. Before starting the installation, verify that WMI is working on SRV1. See the following examples. Verify that **Running** is displayed under **Status** and **True** is displayed next to **TcpTestSucceeded**:
+
+ ```
+ Get-Service Winmgmt
+
+ Status Name DisplayName
+ ------ ---- -----------
+ Running Winmgmt Windows Management Instrumentation
+
+ Test-NetConnection -ComputerName 192.168.0.2 -Port 135 -InformationLevel Detailed
+
+ ComputerName : 192.168.0.2
+ RemoteAddress : 192.168.0.2
+ RemotePort : 135
+ AllNameResolutionResults :
+ MatchingIPsecRules :
+ NetworkIsolationContext : Internet
+ InterfaceAlias : Ethernet
+ SourceAddress : 192.168.0.2
+ NetRoute (NextHop) : 0.0.0.0
+ PingSucceeded : True
+ PingReplyDetails (RTT) : 0 ms
+ TcpTestSucceeded : True
+ ```
+ You can also verify WMI using the WMI console by typing **wmimgmt.msc**, right-clicking **WMI Control (Local)** in the console tree, and then clicking **Properties**.
+
+ If the WMI service is not started, attempt to start it or reboot the computer. If WMI is running but errors are present, see [WMIDiag](https://blogs.technet.microsoft.com/askperf/2015/05/12/wmidiag-2-2-is-here/) for troubleshooting information.
+
+4. To extend the Active Directory schema, type the following command at an elevated Windows PowerShell prompt:
+
+ ```
+ cmd /c C:\configmgr\SMSSETUP\BIN\X64\extadsch.exe
+ ```
+
+5. Temporarily switch to the DC1 VM, and type the following command at an elevated command prompt on DC1:
+
+ ```
+ adsiedit.msc
+ ```
+
+6. Right-click **ADSI Edit**, click **Connect to**, select **Default (Domain or server that you logged in to)** under **Computer** and then click **OK**.
+7. Expand **Default naming context**>**DC=contoso,DC=com**, and then in the console tree right-click **CN=System**, point to **New**, and then click **Object**.
+8. Click **container** and then click **Next**.
+9. Next to **Value**, type **System Management**, click **Next**, and then click **Finish**.
+10. Right-click **CN=system Management** and then click **Properties**.
+11. On the **Security** tab, click **Add**, click **Object Types**, select **Computers**, and click **OK**.
+12. Under **Enter the object names to select**, type **SRV1** and click **OK**.
+13. The **SRV1** computer account will be highlighted, select **Allow** next to **Full control**.
+14. Click **Advanced**, click **SRV1 (CONTOSO\SRV1$)** and click **Edit**.
+15. Next to **Applies to**, choose **This object and all descendant objects**, and then click **OK** three times.
+16. Close the ADSI Edit console and switch back to SRV1.
+17. To start Configuration Manager installation, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ cmd /c C:\configmgr\SMSSETUP\BIN\X64\Setup.exe
+ ```
+18. Provide the following in the Microsoft Endpoint Configuration Manager Setup Wizard:
+ - **Before You Begin**: Read the text and click *Next*.
+ - **Getting Started**: Choose **Install a Configuration Manager primary site** and select the **Use typical installation options for a stand-alone primary site** checkbox.
+ - Click **Yes** in response to the popup window.
+ - **Product Key**: Choose **Install the evaluation edition of this Product**.
+ - **Microsoft Software License Terms**: Read the terms and then select the **I accept these license terms** checkbox.
+ - **Prerequisite Licenses**: Review license terms and select all three checkboxes on the page.
+ - **Prerequisite Downloads**: Choose **Download required files** and enter **c:\windows\temp** next to **Path**.
+ - **Site and Installation Settings**: Site code: **PS1**, Site name: **Contoso**.
+ - use default settings for all other options
+ - **Usage Data**: Read the text and click **Next**.
+ - **Service Connection Point Setup**: Accept the default settings (SRV1.contoso.com is automatically added under Select a server to use).
+ - **Settings Summary**: Review settings and click **Next**.
+ - **Prerequisite Check**: No failures should be listed. Ignore any warnings and click **Begin Install**.
+
+ >There should be at most three warnings present: WSUS on site server, configuration for SQL Server memory usage, and SQL Server process memory allocation. These warnings can safely be ignored in this test environment.
+
+ Depending on the speed of the Hyper-V host and resources allocated to SRV1, installation can require approximately one hour. Click **Close** when installation is complete.
+
+19. If desired, re-enable IE Enhanced Security Configuration at this time on SRV1:
+
+ ```
+ Set-ItemProperty -Path $AdminKey -Name “IsInstalled” -Value 1
+ Stop-Process -Name Explorer
+ ```
+
+## Download MDOP and install DaRT
+
+>[!IMPORTANT]
+>This step requires an MSDN subscription or volume licence agreement. For more information, see [Ready for Windows 10: MDOP 2015 and more tools are now available](https://blogs.technet.microsoft.com/windowsitpro/2015/08/17/ready-for-windows-10-mdop-2015-and-more-tools-are-now-available/).
+>If your organization qualifies and does not already have an MSDN subscription, you can obtain a [free MSDN subscription with BizSpark](https://blogs.msdn.microsoft.com/zainnab/2011/03/14/bizspark-free-msdn-subscription-for-start-up-companies/).
+
+1. Download the [Microsoft Desktop Optimization Pack 2015](https://msdn.microsoft.com/subscriptions/downloads/#ProductFamilyId=597) to the Hyper-V host using an MSDN subscription. Download the .ISO file (mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso, 2.79 GB) to the C:\VHD directory on the Hyper-V host.
+
+2. Type the following command at an elevated Windows PowerShell prompt on the Hyper-V host to mount the MDOP file on SRV1:
+
+ ```
+ Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\mu_microsoft_desktop_optimization_pack_2015_x86_x64_dvd_5975282.iso
+ ```
+3. Type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ cmd /c "D:\DaRT\DaRT 10\Installers\en-us\x64\MSDaRT100.msi"
+ ```
+4. Install DaRT 10 using default settings.
+5. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx64.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x64"
+ Copy-Item "C:\Program Files\Microsoft DaRT\v10\Toolsx86.cab" -Destination "C:\Program Files\Microsoft Deployment Toolkit\Templates\Distribution\Tools\x86"
+ ```
+
+## Prepare for Zero Touch installation
+
+This section contains several procedures to support Zero Touch installation with Microsoft Endpoint Configuration Manager.
+
+### Create a folder structure
+
+1. Type the following commands at a Windows PowerShell prompt on SRV1:
+
+ ```
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\Boot"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\Settings"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\Branding"
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\MDT"
+ New-Item -ItemType Directory -Path "C:\Logs"
+ New-SmbShare -Name Sources$ -Path C:\Sources -ChangeAccess EVERYONE
+ New-SmbShare -Name Logs$ -Path C:\Logs -ChangeAccess EVERYONE
+ ```
+
+### Enable MDT ConfigMgr integration
+
+1. On SRV1, click **Start**, type **configmgr**, and then click **Configure ConfigMgr Integration**.
+2. Type **PS1** next to **Site code**, and then click **Next**.
+3. Verify **The process completed successfully** is displayed, and then click **Finish**.
+
+### Configure client settings
+
+1. On SRV1, click **Start**, type **configuration manager**, right-click **Configuration Manager Console**, and then click **Pin to Taskbar**.
+2. Click **Desktop**, and then launch the Configuration Manager console from the taskbar.
+3. If the console notifies you that an update is available, click **OK**. It is not necessary to install updates to complete this lab.
+4. In the console tree, open the **Administration** workspace (in the lower left corner) and click **Client Settings**.
+5. In the display pane, double-click **Default Client Settings**.
+6. Click **Computer Agent**, next to **Organization name displayed in Software Center** type **Contoso**, and then click **OK**.
+
+### Configure the network access account
+
+1. In the Administration workspace, expand **Site Configuration** and click **Sites**.
+2. On the **Home** ribbon at the top of the console window, click **Configure Site Components** and then click **Software Distribution**.
+3. On the **Network Access Account** tab, choose **Specify the account that accesses network locations**.
+4. Click the yellow starburst and then click **New Account**.
+5. Click **Browse** and then under **Enter the object name to select**, type **CM_NAA** and click **OK**.
+6. Next to **Password** and **Confirm Password**, type pass@word1, and then click **OK** twice.
+
+### Configure a boundary group
+
+1. In the Administration workspace, expand **Hierarchy Configuration**, right-click **Boundaries** and then click **Create Boundary**.
+2. Next to **Description**, type **PS1**, next to **Type** choose **Active Directory Site**, and then click **Browse**.
+3. Choose **Default-First-Site-Name** and then click **OK** twice.
+4. In the Administration workspace, right-click **Boundary Groups** and then click **Create Boundary Group**.
+5. Next to **Name**, type **PS1 Site Assignment and Content Location**, click **Add**, select the **Default-First-Site-Name** boundary and then click **OK**.
+6. On the **References** tab in the **Create Boundary Group** window select the **Use this boundary group for site assignment** checkbox.
+7. Click **Add**, select the **\\\SRV1.contoso.com** checkbox, and then click **OK** twice.
+
+### Add the state migration point role
+
+1. In the Administration workspace, expand **Site Configuration**, click **Sites**, and then in on the **Home** ribbon at the top of the console click **Add Site System Roles**.
+2. In the Add site System Roles Wizard, click **Next** twice and then on the Specify roles for this server page, select the **State migration point** checkbox.
+3. Click **Next**, click the yellow starburst, type **C:\MigData** for the **Storage folder**, and click **OK**.
+4. Click **Next**, and then verify under **Boundary groups** that **PS1 Site Assignment and Content Location** is displayed.
+5. Click **Next** twice and then click **Close**.
+
+### Enable PXE on the distribution point
+
+>[!IMPORTANT]
+>Before enabling PXE in Configuration Manager, ensure that any previous installation of WDS does not cause conflicts. Configuration Manager will automatically configure the WDS service to manage PXE requests. To disable a previous installation, if it exists, type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+```
+WDSUTIL /Set-Server /AnswerClients:None
+```
+
+1. Determine the MAC address of the internal network adapter on SRV1. To determine this, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ (Get-NetAdapter "Ethernet").MacAddress
+ ```
+ >If the internal network adapter, assigned an IP address of 192.168.0.2, is not named "Ethernet" then replace the name "Ethernet" in the previous command with the name of this network adapter. You can review the names of network adapters and the IP addresses assigned to them by typing **ipconfig**.
+
+2. In the Microsoft Endpoint Configuration Manager console, in the **Administration** workspace, click **Distribution Points**.
+3. In the display pane, right-click **SRV1.CONTOSO.COM** and then click **Properties**.
+4. On the PXE tab, select the following settings:
+ - **Enable PXE support for clients**. Click **Yes** in the popup that appears.
+ - **Allow this distribution point to respond to incoming PXE requests**
+ - **Enable unknown computer support**. Click **OK** in the popup that appears.
+ - **Require a password when computers use PXE**
+ - **Password** and **Confirm password**: pass@word1
+ - **Respond to PXE requests on specific network interfaces**: Click the yellow starburst and then enter the MAC address determined in the first step of this procedure.
+
+ See the following example:
+
+
+
+5. Click **OK**.
+6. Wait for a minute, then type the following command at an elevated Windows PowerShell prompt on SRV1, and verify that the files displayed are present:
+
+ ```
+ cmd /c dir /b C:\RemoteInstall\SMSBoot\x64
+
+ abortpxe.com
+ bootmgfw.efi
+ bootmgr.exe
+ pxeboot.com
+ pxeboot.n12
+ wdsmgfw.efi
+ wdsnbp.com
+ ```
+ >If these files are not present in the C:\RemoteInstall directory, verify that the REMINST share is configured as C:\RemoteInstall. You can view the properties of this share by typing "net share REMINST" at a command prompt. If the share path is set to a different value, then replace C:\RemoteInstall with your REMINST share path.
+ >You can also type the following command at an elevated Windows PowerShell prompt to open the Configuration Manager Trace Log Tool. In the tool, click **File**, click **Open**, and then open the **distmgr.log** file. If errors are present, they will be highlighted in red:
+
+ ```
+ Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
+ ```
+
+ The log file will updated continuously while Configuration Manager is running. Wait for Configuration Manager to repair any issues that are present, and periodically re-check that the files are present in the REMINST share location. Close the Configuration Manager Trace Log Tool when done. You will see the following line in distmgr.log that indicates the REMINST share is being populated with necessary files:
+
+ Running: WDSUTIL.exe /Initialize-Server /REMINST:"C:\RemoteInstall"
+
+ Once the files are present in the REMINST share location, you can close the cmtrace tool.
+
+### Create a branding image file
+
+1. If you have a bitmap (.BMP) image for suitable use as a branding image, copy it to the C:\Sources\OSD\Branding folder on SRV1. Otherwise, use the following step to copy a simple branding image.
+2. Type the following command at an elevated Windows PowerShell prompt:
+
+ ```
+ copy "C:\ProgramData\Microsoft\User Account Pictures\user.bmp" "C:\Sources\OSD\Branding\contoso.bmp"
+ ```
+ >You can open C:\Sources\OSD\Branding\contoso.bmp in MSPaint.exe if desired to customize this image.
+
+
+### Create a boot image for Configuration Manager
+
+1. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Boot Images**, and then click **Create Boot Image using MDT**.
+2. On the Package Source page, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Boot\Zero Touch WinPE x64**, and then click **Next**.
+ - The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later.
+3. On the General Settings page, type **Zero Touch WinPE x64** next to **Name**, and click **Next**.
+4. On the Options page, under **Platform** choose **x64**, and click **Next**.
+5. On the Components page, in addition to the default selection of **Microsoft Data Access Components (MDAC/ADO) support**, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** checkbox, and click **Next**.
+6. On the Customization page, select the **Use a custom background bitmap file** checkbox, and under **UNC path**, type or browse to **\\\SRV1\Sources$\OSD\Branding\contoso.bmp**, and then click **Next** twice. It will take a few minutes to generate the boot image.
+7. Click **Finish**.
+8. In the console display pane, right-click the **Zero Touch WinPE x64** boot image, and then click **Distribute Content**.
+9. In the Distribute Content Wizard, click **Next**, click **Add** and select **Distribution Point**, select the **SRV1.CONTOSO.COM** checkbox, click **OK**, click **Next** twice, and then click **Close**.
+10. Use the CMTrace application to view the **distmgr.log** file again and verify that the boot image has been distributed. To open CMTrace, type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ Invoke-Item 'C:\Program Files\Microsoft Configuration Manager\tools\cmtrace.exe'
+ ```
+
+ In the trace tool, click **Tools** on the menu and choose **Find**. Search for "**STATMSG: ID=2301**". For example:
+
+ ```
+ STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=SRV1.CONTOSO.COM SITE=PS1 PID=924 TID=1424 GMTDATE=Tue Oct 09 22:36:30.986 2018 ISTR0="Zero Touch WinPE x64" ISTR1="PS10000A" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="PS10000A" SMS_DISTRIBUTION_MANAGER 10/9/2018 3:36:30 PM 1424 (0x0590)
+ ```
+
+11. You can also review status by clicking the **Zero Touch WinPE x64** image, and then clicking **Content Status** under **Related Objects** in the bottom right-hand corner of the console, or by entering **\Monitoring\Overview\Distribution Status\Content Status** on the location bar in the console. Double-click **Zero Touch WinPE x64** under **Content Status** in the console tree and verify that a status of **Successfully distributed content** is displayed on the **Success** tab.
+12. Next, in the **Software Library** workspace, double-click **Zero Touch WinPE x64** and then click the **Data Source** tab.
+13. Select the **Deploy this boot image from the PXE-enabled distribution point** checkbox, and click **OK**.
+14. Review the distmgr.log file again for "**STATMSG: ID=2301**" and verify that there are three folders under **C:\RemoteInstall\SMSImages** with boot images. See the following example:
+
+ ```
+ cmd /c dir /s /b C:\RemoteInstall\SMSImages
+
+ C:\RemoteInstall\SMSImages\PS100004
+ C:\RemoteInstall\SMSImages\PS100005
+ C:\RemoteInstall\SMSImages\PS100006
+ C:\RemoteInstall\SMSImages\PS100004\boot.PS100004.wim
+ C:\RemoteInstall\SMSImages\PS100005\boot.PS100005.wim
+ C:\RemoteInstall\SMSImages\PS100006\WinPE.PS100006.wim
+ ```
+
+ >The first two images (*.wim files) are default boot images. The third is the new boot image with DaRT.
+
+### Create a Windows 10 reference image
+
+If you have already completed steps in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then you have already created a Windows 10 reference image. In this case, skip to the next procedure in this guide: [Add a Windows 10 operating system image](#add-a-windows-10-operating-system-image). If you have not yet created a Windows 10 reference image, complete the steps in this section.
+
+1. In [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md) the Windows 10 Enterprise .iso file was saved to the c:\VHD directory as **c:\VHD\w10-enterprise.iso**. The first step in creating a deployment share is to mount this file on SRV1. To mount the Windows 10 Enterprise DVD on SRV1, open an elevated Windows PowerShell prompt on the Hyper-V host computer and type the following command:
+
+ ```
+ Set-VMDvdDrive -VMName SRV1 -Path c:\VHD\w10-enterprise.iso
+ ```
+2. Verify that the Windows Enterprise installation DVD is mounted on SRV1 as drive letter D.
+
+3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
+
+4. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
+
+5. Use the following settings for the New Deployment Share Wizard:
+ - Deployment share path: **C:\MDTBuildLab**
+ - Share name: **MDTBuildLab$**
+ - Deployment share description: **MDT build lab**
+ - Options: click **Next** to accept the default
+ - Summary: click **Next**
+ - Progress: settings will be applied
+ - Confirmation: click **Finish**
+
+6. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
+
+7. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
+
+7. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+
+8. Use the following settings for the Import Operating System Wizard:
+ - OS Type: **Full set of source files**
+ - Source: **D:\\**
+ - Destination: **W10Ent_x64**
+ - Summary: click **Next**
+ - Confirmation: click **Finish**
+
+9. For purposes of this test lab, we will not add applications, such as Microsoft Office, to the deployment share. For information about adding applications, see the [Add applications](deploy-windows-mdt/create-a-windows-10-reference-image.md#sec03) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
+
+10. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node under **MDT Build Lab** and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+ - Task sequence ID: **REFW10X64-001**
+ - Task sequence name: **Windows 10 Enterprise x64 Default Image**
+ - Task sequence comments: **Reference Build**
+ - Template: **Standard Client Task Sequence**
+ - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
+ - Specify Product Key: **Do not specify a product key at this time**
+ - Full Name: **Contoso**
+ - Organization: **Contoso**
+ - Internet Explorer home page: **http://www.contoso.com**
+ - Admin Password: **Do not specify an Administrator password at this time**
+ - Summary: click **Next**
+ - Confirmation: click **Finish**
+
+11. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
+
+12. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**. A new group will be added under Tattoo.
+
+13. On the Properties tab of the group that was created in the previous step, change the Name from New Group to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. To see the name change, click **Tattoo**, then click the new group again.
+
+14. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
+
+15. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
+
+16. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
+ >Note: Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
+
+17. Click **OK** to complete editing the task sequence.
+
+18. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click MDT build lab (C:\MDTBuildLab) and click **Properties**, and then click the **Rules** tab.
+
+19. Replace the default rules with the following text:
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ _SMSTSORGNAME=Contoso
+ UserDataLocation=NONE
+ DoCapture=YES
+ OSInstall=Y
+ AdminPassword=pass@word1
+ TimeZoneName=Pacific Standard TimeZoneName
+ OSDComputername=#Left("PC-%SerialNumber%",7)#
+ JoinWorkgroup=WORKGROUP
+ HideShell=YES
+ FinishAction=SHUTDOWN
+ DoNotCreateExtraPartition=YES
+ ApplyGPOPack=NO
+ SkipAdminPassword=YES
+ SkipProductKey=YES
+ SkipComputerName=YES
+ SkipDomainMembership=YES
+ SkipUserData=YES
+ SkipLocaleSelection=YES
+ SkipTaskSequence=NO
+ SkipTimeZone=YES
+ SkipApplications=YES
+ SkipBitLocker=YES
+ SkipSummary=YES
+ SkipRoles=YES
+ SkipCapture=NO
+ SkipFinalSummary=NO
+ ```
+
+20. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
+
+ ```
+ [Settings]
+ Priority=Default
+
+ [Default]
+ DeployRoot=\\SRV1\MDTBuildLab$
+ UserDomain=CONTOSO
+ UserID=MDT_BA
+ UserPassword=pass@word1
+ SkipBDDWelcome=YES
+ ```
+
+21. Click **OK** to complete the configuration of the deployment share.
+
+22. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
+
+23. Accept all default values in the Update Deployment Share Wizard by clicking **Next**. The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
+
+24. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
+
+ >Hint: Top copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
+
+25. Open a Windows PowerShell prompt on the Hyper-V host computer and type the following commands:
+
+ ```
+ New-VM –Name REFW10X64-001 -SwitchName poc-internal -NewVHDPath "c:\VHD\REFW10X64-001.vhdx" -NewVHDSizeBytes 60GB
+ Set-VMMemory -VMName REFW10X64-001 -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 1024MB -Buffer 20
+ Set-VMDvdDrive -VMName REFW10X64-001 -Path c:\VHD\LiteTouchPE_x86.iso
+ Start-VM REFW10X64-001
+ vmconnect localhost REFW10X64-001
+ ```
+26. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**.
+
+27. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated.
+
+ Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
+
+ - Install the Windows 10 Enterprise operating system.
+ - Install added applications, roles, and features.
+ - Update the operating system using Windows Update (or WSUS if optionally specified).
+ - Stage Windows PE on the local disk.
+ - Run System Preparation (Sysprep) and reboot into Windows PE.
+ - Capture the installation to a Windows Imaging (WIM) file.
+ - Turn off the virtual machine.
+
+ This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host and your network's download speed. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on SRV1. The file name is **REFW10X64-001.wim**.
+
+### Add a Windows 10 operating system image
+
+1. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ New-Item -ItemType Directory -Path "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
+ cmd /c copy /z "C:\MDTBuildLab\Captures\REFW10X64-001.wim" "C:\Sources\OSD\OS\Windows 10 Enterprise x64"
+ ```
+
+2. In the Configuration Manager console, in the **Software Library** workspace, expand **Operating Systems**, right-click **Operating System Images**, and then click **Add Operating System Image**.
+
+3. On the Data Source page, under **Path:**, type or browse to **\\\SRV1\Sources$\OSD\OS\Windows 10 Enterprise x64\REFW10X64-001.wim**, and click **Next**.
+
+4. On the General page, next to **Name:**, type **Windows 10 Enterprise x64**, click **Next** twice, and then click **Close**.
+
+5. Distribute the operating system image to the SRV1 distribution point by right-clicking the **Windows 10 Enterprise x64** operating system image and then clicking **Distribute Content**.
+
+6. In the Distribute Content Wizard, click **Next**, click **Add**, click **Distribution Point**, add the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
+
+7. Enter **\Monitoring\Overview\Distribution Status\Content Status** on the location bar (be sure there is no space at the end of the location or you will get an error), click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**. Processing of the image on the site server can take several minutes.
+
+ >If content distribution is not successful, verify that sufficient disk space is available.
+
+### Create a task sequence
+
+>Complete this section slowly. There are a large number of similar settings from which to choose.
+
+1. In the Configuration Manager console, in the **Software Library** workspace expand **Operating Systems**, right-click **Task Sequences**, and then click **Create MDT Task Sequence**.
+
+2. On the Choose Template page, select the **Client Task Sequence** template and click **Next**.
+
+3. On the General page, type **Windows 10 Enterprise x64** under **Task sequence name:** and then click **Next**.
+
+4. On the Details page, enter the following settings:
+ - Join a domain: **contoso.com**
+ - Account: click **Set**
+ - User name: **contoso\CM_JD**
+ - Password: pass@word1
+ - Confirm password: pass@word1
+ - Click **OK**
+ - Windows Settings
+ - User name: **Contoso**
+ - Organization name: **Contoso**
+ - Product key: \
+ - Administrator Account: **Enable the account and specify the local administrator password**
+ - Password: pass@word1
+ - Confirm password: pass@word1
+ - Click **Next**
+
+5. On the Capture Settings page, accept the default settings and click **Next**.
+
+6. On the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package, click **OK**, and then click **Next**.
+
+7. On the MDT Package page, select **Create a new Microsoft Deployment Toolkit Files package**, under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\MDT\MDT** (MDT is repeated here, not a typo), and then click **Next**.
+
+8. On the MDT Details page, next to **Name:** type **MDT** and then click **Next**.
+
+9. On the OS Image page, browse and select the **Windows 10 Enterprise x64** package, click **OK**, and then click **Next**.
+
+10. On the Deployment Method page, accept the default settings for **Zero Touch Installation** and click **Next**.
+
+11. On the Client Package page, browse and select the **Microsoft Corporation Configuration Manager Client package**, click **OK**, and then click **Next**.
+
+12. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows 10.0.14393.0** package, click **OK**, and then click **Next**.
+
+13. On the Settings Package page, select **Create a new settings package**, and under **Package source folder to be created (UNC Path):**, type **\\\SRV1\Sources$\OSD\Settings\Windows 10 x64 Settings**, and then click **Next**.
+
+14. On the Settings Details page, next to **Name:**, type **Windows 10 x64 Settings**, and click **Next**.
+
+15. On the Sysprep Package page, click **Next** twice.
+
+16. On the Confirmation page, click **Finish**.
+
+### Edit the task sequence
+
+1. In the Configuration Manager console, in the **Software Library** workspace, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Edit**.
+
+2. Scroll down to the **Install** group and click the **Set Variable for Drive Letter** action.
+
+3. Change the Value under **OSDPreserveDriveLetter** from **False** to **True**, and then click **Apply**.
+
+4. In the **State Restore** group, click the **Set Status 5** action, click **Add** in the upper left corner, point to **User State**, and click **Request State Store**. This adds a new action immediately after **Set Status 5**.
+
+5. Configure the **Request State Store** action that was just added with the following settings:
+ - Request state storage location to: **Restore state from another computer**
+ - Select the **If computer account fails to connect to state store, use the Network Access account** checkbox.
+ - Options tab: Select the **Continue on error** checkbox.
+ - Add Condition: **Task Sequence Variable**:
+ - Variable: **USMTLOCAL**
+ - Condition: **not equals**
+ - Value: **True**
+ - Click **OK**.
+ - Click **Apply**
.
+
+6. In the **State Restore** group, click **Restore User State**, click **Add**, point to **User State**, and click **Release State Store**.
+
+7. Configure the **Release State Store** action that was just added with the following settings:
+ - Options tab: Select the **Continue on error** checkbox.
+ - Add Condition: **Task Sequence Variable**:
+ - Variable: **USMTLOCAL**
+ - Condition: **not equals**
+ - Value: **True**
+ - Click **OK**.
+ - Click **OK**
.
+
+
+### Finalize the operating system configuration
+
+>If you completed all procedures in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) then the MDT deployment share is already present on SRV1. In this case, skip the first four steps below and begin with step 5 to edit CustomSettings.ini.
+
+1. In the MDT deployment workbench on SRV1, right-click **Deployment Shares** and then click **New Deployment Share**.
+
+2. Use the following settings for the New Deployment Share Wizard:
+ - Deployment share path: **C:\MDTProduction**
+ - Share name: **MDTProduction$**
+ - Deployment share description: **MDT Production**
+ - Options: click **Next** to accept the default
+ - Summary: click **Next**
+ - Progress: settings will be applied
+ - Confirmation: click **Finish**
+
+3. Right-click the **MDT Production** deployment share, and click **Properties**.
+
+4. Click the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+
+5. Type the following command at an elevated Windows PowerShell prompt on SRV1:
+
+ ```
+ notepad "C:\Sources\OSD\Settings\Windows 10 x64 Settings\CustomSettings.ini"
+ ```
+6. Replace the contents of the file with the following text, and then save the file:
+
+ ```
+ [Settings]
+ Priority=Default
+ Properties=OSDMigrateConfigFiles,OSDMigrateMode
+
+ [Default]
+ DoCapture=NO
+ ComputerBackupLocation=NONE
+ OSDMigrateMode=Advanced
+ OSDMigrateAdditionalCaptureOptions=/ue:*\* /ui:CONTOSO\*
+ OSDMigrateConfigFiles=Miguser.xml,Migapp.xml
+ SLSHARE=\\SRV1\Logs$
+ EventService=http://SRV1:9800
+ ApplyGPOPack=NO
+ ```
+
+ >As noted previously, if you wish to migrate accounts other than those in the Contoso domain, then change the OSDMigrateAdditionalCaptureOptions option. For example, the following option will capture settings from all user accounts:
+
+ ```
+ OSDMigrateAdditionalCaptureOptions=/all
+ ```
+
+
+7. Return to the Configuration Manager console, and in the Software Library workspace, expand **Application Management**, click **Packages**, right-click **Windows 10 x64 Settings**, and then click **Update Distribution Points**. Click **OK** in the popup that appears.
+
+8. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Distribute Content**.
+
+9. In the Distribute Content Wizard, click **Next** twice, click **Add**, click **Distribution Point**, select the **SRV1.CONTOSO.COM** distribution point, click **OK**, click **Next** twice and then click **Close**.
+
+10. Enter **\Monitoring\Overview\Distribution Status\Content Status\Windows 10 Enterprise x64** on the location bar, double-click **Windows 10 Enterprise x64**, and monitor the status of content distribution until it is successful and no longer in progress. Refresh the view with the F5 key or by right-clicking **Windows 10 Enterprise x64** and clicking **Refresh**.
+
+### Create a deployment for the task sequence
+
+1. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64**, and then click **Deploy**.
+
+2. On the General page, next to **Collection**, click **Browse**, select the **All Unknown Computers** collection, click **OK**, and then click **Next**.
+
+3. On the Deployment Settings page, use the following settings:
+ - Purpose: **Available**
+ - Make available to the following: **Only media and PXE**
+ - Click **Next**.
+4. Click **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages.
+
+5. Click **Close**.
+
+## Deploy Windows 10 using PXE and Configuration Manager
+
+In this first deployment scenario, we will deploy Windows 10 using PXE. This scenario creates a new computer that does not have any migrated users or settings.
+
+1. Type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 40GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+ Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
+ Start-VM PC4
+ vmconnect localhost PC4
+ ```
+
+2. Press ENTER when prompted to start the network boot service.
+
+3. In the Task Sequence Wizard, provide the password: pass@word1, and then click **Next**.
+
+4. Before you click **Next** in the Task Sequence Wizard, press the **F8** key. A command prompt will open.
+
+5. At the command prompt, type **explorer.exe** and review the Windows PE file structure.
+
+6. The smsts.log file is critical for troubleshooting any installation problems that might be encountered. Depending on the deployment phase, the smsts.log file is created in different locations:
+ - X:\windows\temp\SMSTSLog\smsts.log before disks are formatted.
+ - x:\smstslog\smsts.log after disks are formatted.
+ - c:\_SMSTaskSequence\Logs\Smstslog\smsts.log before the Microsoft Endpoint Configuration Manager client is installed.
+ - c:\windows\ccm\logs\Smstslog\smsts.log after the Microsoft Endpoint Configuration Manager client is installed.
+ - c:\windows\ccm\logs\smsts.log when the task sequence is complete.
+
+ Note: If a reboot is pending on the client, the reboot will be blocked as long as the command window is open.
+
+7. In the explorer window, click **Tools** and then click **Map Network Drive**.
+
+8. Do not map a network drive at this time. If you need to save the smsts.log file, you can use this method to save the file to a location on SRV1.
+
+9. Close the Map Network Drive window, the Explorer window, and the command prompt.
+
+10. The **Windows 10 Enterprise x64** task sequence is selected in the Task Sequenc Wizard. Click **Next** to continue with the deployment.
+
+11. The task sequence will require several minutes to complete. You can monitor progress of the task sequence using the MDT Deployment Workbench under Deployment Shares > MDTProduction > Monitoring. The task sequence will:
+ - Install Windows 10
+ - Install the Configuration Manager client and hotfix
+ - Join the computer to the contoso.com domain
+ - Install any applications that were specified in the reference image
+
+
+12. When Windows 10 installation has completed, sign in to PC4 using the **contoso\administrator** account.
+
+13. Right-click **Start**, click **Run**, type **control appwiz.cpl**, press ENTER, click **Turn Windows features on or off**, and verify that **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** is installed. This is a feature included in the reference image.
+
+14. Shut down the PC4 VM.
+
+>Note: The following two procedures 1) Replace a client with Windows 10 and 2) Refresh a client with Windows 10 have been exchanged in their order in this guide compared to the previous version. This is to avoid having to restore Hyper-V checkpoints to have access to PC1 before the OS is upgraded. If this is your first time going through this guide, you won't notice any change, but if you have tried the guide previously then this change should make it simpler to complete.
+
+## Replace a client with Windows 10 using Configuration Manager
+
+>Before starting this section, you can delete computer objects from Active Directory that were created as part of previous deployment procedures. Use the Active Directory Users and Computers console on DC1 to remove stale entries under contoso.com\Computers, but do not delete the computer account (hostname) for PC1. There should be at least two computer accounts present in the contoso.com\Computers container: one for SRV1, and one for the hostname of PC1. It is not required to delete the stale entries, this is only done to remove clutter.
+
+
+
+In the replace procedure, PC1 will not be migrated to a new operating system. It is simplest to perform this procedure before performing the refresh procedure. After refreshing PC1, the operating system will be new. The next (replace) procedure does not install a new operating system on PC1 but rather performs a side-by-side migration of PC1 and another computer (PC4), to copy users and settings from PC1 to the new computer.
+
+### Create a replace task sequence
+
+1. On SRV1, in the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and then click **Create MDT Task Sequence**.
+
+2. On the Choose Template page, select **Client Replace Task Sequence** and click **Next**.
+
+3. On the General page, type the following:
+ - Task sequence name: **Replace Task Sequence**
+ - Task sequence comments: **USMT backup only**
+
+4. Click **Next**, and on the Boot Image page, browse and select the **Zero Touch WinPE x64** boot image package. Click **OK** and then click **Next** to continue.
+5. On the MDT Package page, browse and select the **MDT** package. Click **OK** and then click **Next** to continue.
+6. On the USMT Package page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package. Click **OK** and then click **Next** to continue.
+7. On the Settings Package page, browse and select the **Windows 10 x64 Settings** package. Click **OK** and then click **Next** to continue.
+8. On the Summary page, review the details and then click **Next**.
+9. On the Confirmation page, click **Finish**.
+
+>If an error is displayed at this stage it can be caused by a corrupt MDT integration. To repair it, close the Configuration Manager console, remove MDT integration, and then restore MDT integration.
+
+### Deploy PC4
+
+Create a VM named PC4 to receive the applications and settings from PC1. This VM represents a new computer that will replace PC1. To create this VM, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+```
+New-VM –Name "PC4" –NewVHDPath "c:\vhd\pc4.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+Set-VMMemory -VMName "PC4" -DynamicMemoryEnabled $true -MinimumBytes 1024MB -MaximumBytes 2048MB -Buffer 20
+Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
+```
+
+>Hyper-V enables us to define a static MAC address on PC4. In a real-world scenario you must determine the MAC address of the new computer.
+
+### Install the Configuration Manager client on PC1
+
+1. Verify that the PC1 VM is running and in its original state, which was saved as a checkpoint and then restored in [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md).
+
+2. If a PC1 checkpoint has not already been saved, then save a checkpoint by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Checkpoint-VM -Name PC1 -SnapshotName BeginState
+ ```
+
+3. On SRV1, in the Configuration Manager console, in the Administration workspace, expand **Hierarchy Configuration** and click on **Discovery Methods**.
+4. Double-click **Active Directory System Discovery** and on the **General** tab select the **Enable Active Directory System Discovery** checkbox.
+5. Click the yellow starburst, click **Browse**, select **contoso\Computers**, and then click **OK** three times.
+6. When a popup dialog box asks if you want to run full discovery, click **Yes**.
+7. In the Assets and Compliance workspace, click **Devices** and verify that the computer account names for SRV1 and PC1 are displayed. See the following example (GREGLIN-PC1 is the computer account name of PC1 in this example):
+
+ 
+
+ >If you do not see the computer account for PC1, try clicking the **Refresh** button in the upper right corner of the console.
+
+ The **Client** column indicates that the Configuration Manager client is not currently installed. This procedure will be carried out next.
+
+8. Sign in to PC1 using the contoso\administrator account and type the following at an elevated command prompt to remove any pre-existing client configuration, if it exists. Note: this command requires an elevated command prompt not an elevated Windows PowerShell prompt:
+
+ ```
+ sc stop ccmsetup
+ "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /Uninstall
+ ```
+ >If PC1 still has Configuration Manager registry settings that were applied by Group Policy, startup scripts, or other policies in its previous domain, these might not all be removed by CCMSetup /Uninstall and can cause problems with installation or registration of the client in its new environment. It might be necessary to manually remove these settings if they are present. For more information, see [Manual removal of the SCCM client](https://blogs.technet.microsoft.com/michaelgriswold/2013/01/02/manual-removal-of-the-sccm-client/).
+
+9. On PC1, temporarily stop Windows Update from queuing items for download and clear all BITS jobs from the queue:
+
+ ```
+ net stop wuauserv
+ net stop BITS
+ ```
+
+ Verify that both services were stopped successfully, then type the following at an elevated command prompt:
+
+ ```
+ del "%ALLUSERSPROFILE%\Application Data\Microsoft\Network\Downloader\qmgr*.dat"
+ net start BITS
+ bitsadmin /list /allusers
+ ```
+
+ Verify that BITSAdmin displays 0 jobs.
+
+10. To install the Configuration Manager client as a standalone process, type the following at an elevated command prompt:
+
+ ```
+ "\\SRV1\c$\Program Files\Microsoft Configuration Manager\Client\CCMSetup.exe" /mp:SRV1.contoso.com /logon SMSSITECODE=PS1
+ ```
+11. On PC1, using file explorer, open the **C:\Windows\ccmsetup** directory. During client installation, files will be downloaded here.
+12. Installation progress will be captured in the file: **c:\windows\ccmsetup\logs\ccmsetup.log**. You can periodically open this file in notepad, or you can type the following command at an elevated Windows PowerShell prompt to monitor installation progress:
+
+ ```
+ Get-Content -Path c:\windows\ccmsetup\logs\ccmsetup.log -Wait
+ ```
+
+ Installation might require several minutes, and display of the log file will appear to hang while some applications are installed. This is normal. When setup is complete, verify that **CcmSetup is existing with return code 0** is displayed on the last line of the ccmsetup.log file and then press **CTRL-C** to break out of the Get-Content operation (if you are viewing the log in Windows PowerShell the last line will be wrapped). A return code of 0 indicates that installation was successful and you should now see a directory created at **C:\Windows\CCM** that contains files used in registration of the client with its site.
+
+13. On PC1, open the Configuration Manager control panel applet by typing the following command:
+
+ ```
+ control smscfgrc
+ ```
+
+14. Click the **Site** tab, click **Configure Settings**, and click **Find Site**. The client will report that it has found the PS1 site. See the following example:
+
+ 
+
+ If the client is not able to find the PS1 site, review any error messages that are displayed in **C:\Windows\CCM\Logs\ClientIDManagerStartup.log** and **LocationServices.log**. A common reason the site code is not located is because a previous configuration exists. For example, if a previous site code is configured at **HKLM\SOFTWARE\Microsoft\SMS\Mobile Client\GPRequestedSiteAssignmentCode** this must be deleted or updated.
+
+15. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **All Desktop and Server Clients**. This node will be added under **Devices**.
+
+16. Click **All Desktop and Server Clients** and verify that the computer account for PC1 is displayed here with **Yes** and **Active** in the **Client** and **Client Activity** columns, respectively. You might have to refresh the view and wait few minutes for the client to appear here. See the following example:
+
+ 
+
+ >It might take several minutes for the client to fully register with the site and complete a client check. When it is complete you will see a green check mark over the client icon as shown above. To refresh the client, click it and then press **F5** or right-click the client and click **Refresh**.
+
+### Create a device collection and deployment
+
+1. On SRV1, in the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**.
+
+2. Use the following settings in the **Create Device Collection Wizard**:
+ - General > Name: **Install Windows 10 Enterprise x64**
+ - General > Limiting collection: **All Systems**
+ - Membership Rules > Add Rule: **Direct Rule**
+ - The **Create Direct Membership Rule Wizard** opens, click **Next**
+ - Search for Resources > Resource class: **System Resource**
+ - Search for Resources > Attribute name: **Name**
+ - Search for Resources > Value: **%**
+ - Select Resources > Value: Select the computername associated with the PC1 VM
+ - Click **Next** twice and then click **Close** in both windows (Next, Next, Close, then Next, Next, Close)
+
+3. Double-click the Install Windows 10 Enterprise x64 device collection and verify that the PC1 computer account is displayed.
+
+4. In the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click **Windows 10 Enterprise x64** and then click **Deploy**.
+
+5. Use the following settings in the Deploy Software wizard:
+ - General > Collection: Click Browse and select **Install Windows 10 Enterprise x64**
+ - Deployment Settings > Purpose: **Available**
+ - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
+ - Scheduling > Click **Next**
+ - User Experience > Click **Next**
+ - Alerts > Click **Next**
+ - Distribution Points > Click **Next**
+ - Summary > Click **Next**
+ - Verify that the wizard completed successfully and then click **Close**
+
+
+### Associate PC4 with PC1
+
+1. On SRV1 in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices** and then click **Import Computer Information**.
+
+2. On the Select Source page, choose **Import single computer** and click **Next**.
+
+3. On the Single Computer page, use the following settings:
+ - Computer Name: **PC4**
+ - MAC Address: **00:15:5D:83:26:FF**
+ - Source Computer: \
+
+4. Click **Next**, and on the User Accounts page choose **Capture and restore specified user accounts**, then click the yellow starburst next to **User accounts to migrate**.
+
+5. Click **Browse** and then under Enter the object name to select type **user1** and click OK twice.
+
+6. Click the yellow starburst again and repeat the previous step to add the **contoso\administrator** account.
+
+7. Click **Next** twice, and on the Choose Target Collection page, choose **Add computers to the following collection**, click **Browse**, choose **Install Windows 10 Enterprise x64**, click **OK**, click **Next** twice, and then click **Close**.
+
+8. In the Assets and Compliance workspace, click **User State Migration** and review the computer association in the display pane. The source computer will be the computername of PC1 (GREGLIN-PC1 in this example), the destination computer will be **PC4**, and the migration type will be **side-by-side**.
+
+9. Right-click the association in the display pane and then click **Specify User Accounts**. You can add or remove user account here. Click **OK**.
+
+10. Right-click the association in the display pane and then click **View Recovery Information**. Note that a recovery key has been assigned, but a user state store location has not. Click **Close**.
+
+11. Click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**. Verify that **PC4** is displayed in the collection. You might have to update and refresh the collection, or wait a few minutes, but do not proceed until PC4 is available. See the following example:
+
+ 
+
+### Create a device collection for PC1
+
+1. On SRV1, in the Configuration Manager console, in the Assets and Compliance workspace, right-click **Device Collections** and then click **Create Device Collection**.
+
+2. Use the following settings in the **Create Device Collection Wizard**:
+ - General > Name: **USMT Backup (Replace)**
+ - General > Limiting collection: **All Systems**
+ - Membership Rules > Add Rule: **Direct Rule**
+ - The **Create Direct Membership Rule Wizard** opens, click **Next**
+ - Search for Resources > Resource class: **System Resource**
+ - Search for Resources > Attribute name: **Name**
+ - Search for Resources > Value: **%**
+ - Select Resources > Value: Select the computername associated with the PC1 VM (GREGLIN-PC1 in this example).
+ - Click **Next** twice and then click **Close** in both windows.
+
+3. Click **Device Collections** and then double-click **USMT Backup (Replace)**. Verify that the computer name/hostname associated with PC1 is displayed in the collection. Do not proceed until this name is displayed.
+
+### Create a new deployment
+
+In the Configuration Manager console, in the Software Library workspace under Operating Systems, click **Task Sequences**, right-click **Replace Task Sequence**, click **Deploy**, and use the following settings:
+- General > Collection: **USMT Backup (Replace)**
+- Deployment Settings > Purpose: **Available**
+- Deployment Settings > Make available to the following: **Only Configuration Manager Clients**
+- Scheduling: Click **Next**
+- User Experience: Click **Next**
+- Alerts: Click **Next**
+- Distribution Points: Click **Next**
+- Click **Next** and then click **Close**.
+
+### Verify the backup
+
+1. On PC1, open the Configuration Manager control panel applet by typing the following command:
+
+ ```
+ control smscfgrc
+ ```
+2. On the **Actions** tab, click **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, click **OK**, and then click **OK** again. This is one method that can be used to run a task sequence in addition to the Client Notification method that will be demonstrated in the computer refresh procedure.
+
+3. Type the following at an elevated command prompt to open the Software Center:
+
+ ```
+ C:\Windows\CCM\SCClient.exe
+ ```
+
+4. In the Software Center , click **Available Software** and then select the **Replace Task Sequence** checkbox. See the following example:
+
+ 
+
+ >If you do not see any available software, try running step #2 again to start the Machine Policy Retrieval & Evaluation Cycle. You should see an alert that new software is available.
+
+5. Click **INSTALL SELECTED** and then click **INSTALL OPERATING SYSTEM**.
+6. Allow the **Replace Task Sequence** to complete, then verify that the C:\MigData folder on SRV1 contains the USMT backup.
+
+### Deploy the new computer
+
+1. Start PC4 and press ENTER for a network boot when prompted. To start PC4, type the following commands at an elevated Windows Powershell prompt on the Hyper-V host:
+
+ ```
+ Start-VM PC4
+ vmconnect localhost PC4
+ ```
+2. In the **Welcome to the Task Sequence Wizard**, enter pass@word1 and click **Next**.
+3. Choose the **Windows 10 Enterprise X64** image.
+4. Setup will install the operating system using the Windows 10 Enterprise x64 reference image, install the configuration manager client, join PC4 to the domain, and restore users and settings from PC1.
+5. Save checkpoints for all VMs if you wish to review their status at a later date. This is not required (checkpoints do take up space on the Hyper-V host). Note: the next procedure will install a new OS on PC1 update its status in Configuration Manager and in Active Directory as a Windows 10 device, so you cannot return to a previous checkpoint only on the PC1 VM without a conflict. Therefore, if you do create a checkpoint, you should do this for all VMs.
+
+ To save a checkpoint for all VMs, type the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
+
+ ```
+ Checkpoint-VM -Name DC1 -SnapshotName cm-refresh
+ Checkpoint-VM -Name SRV1 -SnapshotName cm-refresh
+ Checkpoint-VM -Name PC1 -SnapshotName cm-refresh
+ ```
+
+## Refresh a client with Windows 10 using Configuration Manager
+
+
+### Initiate the computer refresh
+
+1. On SRV1, in the Assets and Compliance workspace, click **Device Collections** and then double-click **Install Windows 10 Enterprise x64**.
+2. Right-click the computer account for PC1, point to **Client Notification**, click **Download Computer Policy**, and click **OK** in the popup dialog box.
+3. On PC1, in the notification area, click **New software is available** and then click **Open Software Center**.
+4. In the Software Center, click **Operating Systems**, click **Windows 10 Enterprise x64**, click **Install** and then click **INSTALL OPERATING SYSTEM**. See the following example:
+
+ 
+
+ The computer will restart several times during the installation process. Installation includes downloading updates, reinstalling the Configuration Manager Client Agent, and restoring the user state. You can view status of the installation in the Configuration Manager console by accessing the Monitoring workspace, clicking **Deployments**, and then double-clicking the deployment associated with the **Install Windows 10 Enterprise x64** collection. Under **Asset Details**, right-click the device and then click **More Details**. Click the **Status** tab to see a list of tasks that have been performed. See the following example:
+
+ 
+
+ You can also monitor progress of the installation by using the MDT deployment workbench and viewing the **Monitoring** node under **Deployment Shares\MDT Production**.
+
+ When installation has completed, sign in using the contoso\administrator account or the contoso\user1 account and verify that applications and settings have been successfully backed up and restored to your new Windows 10 Enterprise operating system.
+
+ 
+
+
+
+## Related Topics
+
+[System Center 2012 Configuration Manager Survival Guide](https://social.technet.microsoft.com/wiki/contents/articles/7075.system-center-2012-configuration-manager-survival-guide.aspx#Step-by-Step_Guides)
+
+
+
+
+
+
+
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index fb9fdbecee..2b72ab624c 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -25,7 +25,7 @@ ms.topic: article
This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
- [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)
-- [Step by step: Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
+- [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
The PoC deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that are not familiar with these tools, and those that are interested in setting up a proof of concept environment. The instructions in this guide should not be used in a production setting, and are not meant to replace the instructions found in production deployment guidance.
@@ -111,13 +111,13 @@ Hardware requirements are displayed below:
Any
Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade. |
- | RAM |
+ RAM |
8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
-
16 GB RAM to test Windows 10 deployment with System Center Configuration Manager. |
+
16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.
Any |
- | Disk |
+ Disk |
200 GB available hard disk space, any format. |
Any size, MBR formatted. |
@@ -779,7 +779,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
**Configure service and user accounts**
- Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
+ Windows 10 deployment with MDT and Microsoft Endpoint Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
>To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
diff --git a/windows/deployment/windows-autopilot/add-devices.md b/windows/deployment/windows-autopilot/add-devices.md
index 4c5f020f92..e674b3196e 100644
--- a/windows/deployment/windows-autopilot/add-devices.md
+++ b/windows/deployment/windows-autopilot/add-devices.md
@@ -59,9 +59,9 @@ The hardware ID, also commonly referred to as a hardware hash, contains several
Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
-### Collecting the hardware ID from existing devices using System Center Configuration Manager
+### Collecting the hardware ID from existing devices using Microsoft Endpoint Configuration Manager
-Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file.
+Microsoft Endpoint Configuration Manager automatically collects the hardware hashes for existing Windows 10 devices. For more information, see [Gather information from Configuration Manager for Windows Autopilot](https://docs.microsoft.com/configmgr/comanage/how-to-prepare-win10#windows-autopilot). You can extract the hash information from Configuration Manager into a CSV file.
> [!Note]
> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
diff --git a/windows/deployment/windows-autopilot/autopilot-faq.md b/windows/deployment/windows-autopilot/autopilot-faq.md
index e7ff819f7d..616f6b21ce 100644
--- a/windows/deployment/windows-autopilot/autopilot-faq.md
+++ b/windows/deployment/windows-autopilot/autopilot-faq.md
@@ -111,8 +111,8 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
| --- | --- |
| Must we use Intune for our MDM? | No, any MDM will work with Autopilot, but others probably won’t have the same full suite of Windows Autopilot features as Intune. You’ll get the best experience from Intune. |
| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. |
-| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like System Center Configuration Manager (SCCM). You only need to use SCCM if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + SCCM, you do it by including an SCCM agent in your Intune profile. When that profile is pushed to the device, the device will see the SCCM agent and go out to SCCM to pull down any additional profile settings. |
-| Must we use SCCM for Windows Autopilot | No. Co-management (described above) is optional. |
+| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like Microsoft Endpoint Configuration Manager. You only need to use the Configuration Manager if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + Configuration Manager, you do it by including a Configuration Manager agent in your Intune profile. When that profile is pushed to the device, the device will see the Configuration Manager agent and go out to the Configuration Manager to pull down any additional profile settings. |
+| Must we use Microsoft Endpoint Configuration Manager for Windows Autopilot | No. Co-management (described above) is optional. |
## Features
diff --git a/windows/deployment/windows-autopilot/deployment-process.md b/windows/deployment/windows-autopilot/deployment-process.md
index 3a8781ce86..6723d50e35 100644
--- a/windows/deployment/windows-autopilot/deployment-process.md
+++ b/windows/deployment/windows-autopilot/deployment-process.md
@@ -1,6 +1,6 @@
---
title: Windows 10 deployment process posters
-description: View and download Windows 10 deployment process flows for System Center Configuration Manager and Windows Autopilot.
+description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
ms.reviewer:
manager: laurawi
ms.audience: itpro
@@ -24,4 +24,4 @@ Windows Autopilot deployment processes are summarized in the poster below. The p
[](../media/Windows10AutopilotFlowchart.pdf)
-**Note**: The Windows Autopilot for existing devices process is included in the [System Center Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-system-center-configuration-manager).
\ No newline at end of file
+**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager).
\ No newline at end of file
diff --git a/windows/deployment/windows-autopilot/existing-devices.md b/windows/deployment/windows-autopilot/existing-devices.md
index a5c02be0ef..ad9577ade4 100644
--- a/windows/deployment/windows-autopilot/existing-devices.md
+++ b/windows/deployment/windows-autopilot/existing-devices.md
@@ -29,12 +29,12 @@ This topic describes how to convert Windows 7 or Windows 8.1 domain-joined compu
## Prerequisites
-- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808)
+- A currently supported version of Microsoft Endpoint Configuration Manager current branch or technical preview branch.
- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
- - Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809.
+ - For more information on Configuration Manager support, see [Support for Windows 10 ADK](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10#windows-10-adk).
- Assigned Microsoft Intune Licenses
- Azure Active Directory Premium
-- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image
+- Windows 10 version 1809 or later imported into Configuration Manager as an Operating System Image
- **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Manager’s built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903.
## Procedures
@@ -47,7 +47,7 @@ To enable and configure the enrollment and status page:
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
-3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
+3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/configmgr/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
See the following examples.
@@ -138,7 +138,7 @@ See the following examples.
- After saving the file, move the file to a location suitable as an SCCM package source.
+ After saving the file, move the file to a location suitable as a Microsoft Endpoint Configuration Manager package source.
>[!IMPORTANT]
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI.
**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.
@@ -156,7 +156,7 @@ See the following examples.
- Program Type: **Do not create a program**
4. Click **Next** twice and then click **Close**.
-**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package.
+**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Configuration Manager package.
### Create a target collection
diff --git a/windows/deployment/windows-autopilot/windows-autopilot.md b/windows/deployment/windows-autopilot/windows-autopilot.md
index a7e2877f3a..a24ff772a4 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot.md
@@ -31,7 +31,7 @@ Windows Autopilot is designed to simplify all parts of the lifecycle of Windows
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
-Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
+Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, Microsoft Endpoint Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
Windows Autopilot enables you to:
* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
index 2119a4bb72..b679ecf92c 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1703.md
@@ -1321,9 +1321,9 @@ The following fields are available:
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
-- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager (SCCM) environment.
+- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Microsoft Endpoint Configuration Manager environment.
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
-- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier.
+- **SystemCenterID** The Microsoft Endpoint Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
### Census.Firmware
@@ -3129,7 +3129,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
@@ -4528,7 +4528,7 @@ The following fields are available:
- **DeviceIsMdmManaged** This device is MDM managed.
- **IsNetworkAvailable** If the device network is not available.
- **IsNetworkMetered** If network is metered.
-- **IsSccmManaged** This device is SCCM managed.
+- **IsSccmManaged** This device is managed by Microsoft Endpoint Configuration Manager.
- **NewlyInstalledOs** OS is newly installed quiet period.
- **PausedByPolicy** Updates are paused by policy.
- **RecoveredFromRS3** Previously recovered from RS3.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
index 8c6ee5c804..e6d8367682 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1709.md
@@ -3276,7 +3276,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
index 64a869e06a..81f8c0c5fc 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1803.md
@@ -4604,7 +4604,7 @@ The following fields are available:
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
-- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
diff --git a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
index bbf2e70bfb..8048327d37 100644
--- a/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
+++ b/windows/privacy/basic-level-windows-diagnostic-events-and-fields-1809.md
@@ -2994,7 +2994,7 @@ The following fields are available:
- **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network.
- **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device.
- **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device.
-- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
+- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft Endpoint Configuration Manager client to keep the operating system and applications up to date.
- **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated.
- **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications.
- **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services).
@@ -5410,7 +5410,7 @@ The following fields are available:
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
- **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected.
- **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device.
-- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
+- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
- **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
- **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress.
- **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry.