mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-28 21:27:23 +00:00
RE-deleting the WA topics someone edited
This commit is contained in:
jaimeo
commit
ce83cb34b0
@ -25,9 +25,9 @@ Automatic Update governs the "behind the scenes" download and installation proce
|
|||||||
|
|
||||||
|Policy|Description |
|
|Policy|Description |
|
||||||
|-|-|
|
|-|-|
|
||||||
|Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](https://docs.microsoft.com/sccm/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
|
|Configure Automatic Updates|Governs the installation activity that happens in the background. This allows you to configure the installation to happen during the [maintenance window](https://docs.microsoft.com/configmgr/core/clients/manage/collections/use-maintenance-windows). Also, you can specify an installation time where the device will also try to install the latest packages. You can also pick a certain day and or week.|
|
||||||
|Automatic Update Detection Frequency|Lets you set the scan frequency the device will use to connect to Windows Update to see if there is any available content. Default is 22 hours, but you can increase or decrease the frequency. Keep in mind a desktop computer may need to scan less frequently than laptops, which can have intermittent internet connection.|
|
|Automatic Update Detection Frequency|Lets you set the scan frequency the device will use to connect to Windows Update to see if there is any available content. Default is 22 hours, but you can increase or decrease the frequency. Keep in mind a desktop computer may need to scan less frequently than laptops, which can have intermittent internet connection.|
|
||||||
|Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or System Center Configuration Manager users who want to install custom packages that are not offered through Windows Update.|
|
|Specify Intranet Microsoft Update Service Location|Used for Windows Server Update Services or Microsoft Endpoint Configuration Manager users who want to install custom packages that are not offered through Windows Update.|
|
||||||
|Do not connect to any Windows Update Internet locations <br>Required for Dual Scan|Prevents access to Windows Update.|
|
|Do not connect to any Windows Update Internet locations <br>Required for Dual Scan|Prevents access to Windows Update.|
|
||||||
|
|
||||||
## Suggested configuration
|
## Suggested configuration
|
||||||
|
|||||||
@ -41,7 +41,7 @@ You can use an on-premises catalog, like WSUS, to deploy 3rd Party patches and u
|
|||||||
|
|
||||||
|Policy| Description |
|
|Policy| Description |
|
||||||
|-|-|
|
|-|-|
|
||||||
|Specify Intranet Microsoft Update Service Location| Used for WSUS/System Center Configuration Manager customers who want to install custom packages that are not offered through Windows Update.|
|
|Specify Intranet Microsoft Update Service Location| Used for WSUS/Microsoft Endpoint Configuration Manager customers who want to install custom packages that are not offered through Windows Update.|
|
||||||
|
|
||||||
### Suggested configuration
|
### Suggested configuration
|
||||||
|
|
||||||
|
|||||||
@ -601,7 +601,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
|
|||||||
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>0x8007002 </td>
|
<td>0x8007002 </td>
|
||||||
<td>This error is specific to upgrades using System Center Configuration Manager 2012 R2 SP1 CU3 (5.00.8238.1403)</td>
|
<td>This error is specific to upgrades using System Center 2012 Configuration Manager R2 SP1 CU3 (5.00.8238.1403)</td>
|
||||||
<td>Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
|
<td>Analyze the SMSTS.log and verify that the upgrade is failing on "Apply Operating system" Phase: Error 80072efe DownloadFileWithRanges() failed. 80072efe. ApplyOperatingSystem (0x0760)
|
||||||
<br>The error 80072efe means that the connection with the server was terminated abnormally.
|
<br>The error 80072efe means that the connection with the server was terminated abnormally.
|
||||||
<br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
|
<br>To resolve this issue, try the OS Deployment test on a client in same VLAN as the Configuration Manager server. Check the network configuration for random client-server connection issues happening on the remote VLAN.
|
||||||
@ -610,7 +610,7 @@ Download and run the media creation tool. See <a href="https://www.microsoft.com
|
|||||||
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>0x80240FFF </td>
|
<td>0x80240FFF </td>
|
||||||
<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with System Center Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a>, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
|
<td>Occurs when update synchronization fails. It can occur when you are using Windows Server Update Services on its own or when it is integrated with Microsoft Endpoint Configuration Manager. If you enable update synchronization before you install <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a>, WSUS doesn't recognize the Upgrades classification and instead treats the upgrade like a regular update.</td>
|
||||||
<td> You can prevent this by installing <a href="https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
|
<td> You can prevent this by installing <a href="https://blogs.technet.microsoft.com/wsus/2015/12/03/important-update-for-wsus-4-0-kb-3095113/">hotfix 3095113</a> before you enable update synchronization. However, if you have already run into this problem, do the following:
|
||||||
<ol>
|
<ol>
|
||||||
<li>Disable the Upgrades classification.</li>
|
<li>Disable the Upgrades classification.</li>
|
||||||
@ -625,7 +625,7 @@ For detailed information on how to run these steps check out <a href="https://bl
|
|||||||
|
|
||||||
<tr>
|
<tr>
|
||||||
<td>0x8007007E</td>
|
<td>0x8007007E</td>
|
||||||
<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with System Center Configuration Manager.</td>
|
<td>Occurs when update synchronization fails because you do not have <a href="https://support.microsoft.com/help/3095113/">hotfix 3095113</a> installed before you enable update synchronization. Specifically, the CopyToCache operation fails on clients that have already downloaded the upgrade because Windows Server Update Services has bad metadata related to the upgrade. It can occur when you are using standalone Windows Server Update Services or when WSUS is integrated with Microsoft Endpoint Configuration Manager.</td>
|
||||||
<td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
|
<td> Use the following steps to repair Windows Server Update Services. You must run these steps on each WSUS server that synched metadata before you installed the hotfix.
|
||||||
<ol>
|
<ol>
|
||||||
<li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
|
<li>Stop the Windows Update service. Sign in as a user with administrative privileges, and then do the following:
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Perform in-place upgrade to Windows 10 via Configuration Manager
|
title: Perform in-place upgrade to Windows 10 via Configuration Manager
|
||||||
description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a SCCM task sequence.
|
description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
|
||||||
ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
|
ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
@ -21,7 +21,7 @@ ms.topic: article
|
|||||||
|
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
|
||||||
The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Configuration Manager task sequence to completely automate the process.
|
The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Endpoint Configuration Manager task sequence to completely automate the process.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must removed from a device before performing an in-place upgrade to Windows 10.
|
>Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must removed from a device before performing an in-place upgrade to Windows 10.
|
||||||
@ -114,10 +114,10 @@ Figure 2. Upgrade from Windows 7 to Windows 10 Enterprise x64 with a task sequ
|
|||||||
|
|
||||||
After the task sequence finishes, the computer will be fully upgraded to Windows 10.
|
After the task sequence finishes, the computer will be fully upgraded to Windows 10.
|
||||||
|
|
||||||
## Upgrade to Windows 10 with System Center Configuration Manager Current Branch
|
## Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager Current Branch
|
||||||
|
|
||||||
|
|
||||||
With System Center Configuration Manager Current Branch, new built-in functionality makes it easier to upgrade to Windows 10.
|
With Microsoft Endpoint Configuration Manager Current Branch, new built-in functionality makes it easier to upgrade to Windows 10.
|
||||||
|
|
||||||
**Note**
|
**Note**
|
||||||
For more details about Configuration Manager Current Branch, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
|
For more details about Configuration Manager Current Branch, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
|
||||||
@ -150,7 +150,7 @@ Figure 3. The Configuration Manager upgrade task sequence.
|
|||||||
|
|
||||||
### Create a device collection
|
### Create a device collection
|
||||||
|
|
||||||
After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of System Center Configuration Manager client installed.
|
After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0001 machine running Windows 7 SP1, with the next version of Microsoft Endpoint Configuration Manager client installed.
|
||||||
|
|
||||||
1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
|
1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
|
||||||
- General
|
- General
|
||||||
|
|||||||
@ -1,250 +1,251 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 edition upgrade (Windows 10)
|
title: Windows 10 edition upgrade (Windows 10)
|
||||||
description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
|
description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
|
||||||
ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
|
ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: mobile
|
ms.pagetype: mobile
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.topic: article
|
author: greg-lindsay
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Windows 10 edition upgrade
|
|
||||||
|
# Windows 10 edition upgrade
|
||||||
**Applies to**
|
|
||||||
|
**Applies to**
|
||||||
- Windows 10
|
|
||||||
- Windows 10 Mobile
|
- Windows 10
|
||||||
|
- Windows 10 Mobile
|
||||||
With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
|
|
||||||
|
With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md). Downgrading the edition of Windows is discussed in the [License expiration](#license-expiration) section on this page.
|
||||||
For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
|
|
||||||
|
For a list of operating systems that qualify for the Windows 10 Pro Upgrade or Windows 10 Enterprise Upgrade through Microsoft Volume Licensing, see [Windows 10 Qualifying Operating Systems](https://download.microsoft.com/download/2/d/1/2d14fe17-66c2-4d4c-af73-e122930b60f6/Windows10-QOS.pdf).
|
||||||
The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
|
|
||||||
|
The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
|
||||||
Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/sccm/compliance/deploy-use/upgrade-windows-version) in System Center Configuration Manager.
|
|
||||||
|
Note: Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](https://docs.microsoft.com/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Endpoint Configuration Manager.
|
||||||
 (X) = not supported</br>
|
|
||||||
 (green checkmark) = supported, reboot required</br>
|
 (X) = not supported</br>
|
||||||
 (blue checkmark) = supported, no reboot required<br>
|
 (green checkmark) = supported, reboot required</br>
|
||||||
|
 (blue checkmark) = supported, no reboot required<br>
|
||||||
<!-- OLD TABLE and key
|
|
||||||
X = unsupported <BR>
|
<!-- OLD TABLE and key
|
||||||
✔ (green) = supported; reboot required<BR>
|
X = unsupported <BR>
|
||||||
✔ (blue) = supported; no reboot required
|
✔ (green) = supported; reboot required<BR>
|
||||||
|
✔ (blue) = supported; no reboot required
|
||||||
|Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
|
|
||||||
|-------|-----------|-----------------|----------------|-----------------|----------------|--------|
|
|Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
|
||||||
| Using mobile device management (MDM) | | | | | | |
|
|-------|-----------|-----------------|----------------|-----------------|----------------|--------|
|
||||||
| Using a provisioning package | | | | | | |
|
| Using mobile device management (MDM) | | | | | | |
|
||||||
| Using a command-line tool | | | | | | |
|
| Using a provisioning package | | | | | | |
|
||||||
| Entering a product key manually | | | | | | |
|
| Using a command-line tool | | | | | | |
|
||||||
| Purchasing a license from the Microsoft Store | | | | | | |
|
| Entering a product key manually | | | | | | |
|
||||||
-->
|
| Purchasing a license from the Microsoft Store | | | | | | |
|
||||||
|
-->
|
||||||
| Edition upgrade | Using mobile device management (MDM) | Using a provisioning package | Using a command-line tool | Using Microsoft Store for Business or PC | Entering a product key manually | Purchasing a license from the Microsoft Store |
|
|
||||||
|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |
|
| Edition upgrade | Using mobile device management (MDM) | Using a provisioning package | Using a command-line tool | Using Microsoft Store for Business or PC | Entering a product key manually | Purchasing a license from the Microsoft Store |
|
||||||
| **Home > Pro** |  |  |  |  |  |  |
|
|-----------------| ------------------------------------ | --------------------------- | ------------------------- | -------------------------------------- | ----------------------------------- | --------------------------------------------- |
|
||||||
| **Home > Pro for Workstations** |  |  |  |  |  |  |
|
| **Home > Pro** |  |  |  |  |  |  |
|
||||||
| **Home > Pro Education** |  |  |  |  |  |  |
|
| **Home > Pro for Workstations** |  |  |  |  |  |  |
|
||||||
| **Home > Education** |  |  |  |  |  |  |
|
| **Home > Pro Education** |  |  |  |  |  |  |
|
||||||
| **Pro > Pro for Workstations** |  |  |  |  <br>(MSfB) |  |  |
|
| **Home > Education** |  |  |  |  |  |  |
|
||||||
| **Pro > Pro Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro > Pro for Workstations** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Pro > Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro > Pro Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Pro > Enterprise** |  |  |  |  <br>(1703 - PC)<br>(1709 - MSfB) |  |  |
|
| **Pro > Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Pro for Workstations > Pro Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro > Enterprise** |  |  |  |  <br>(1703 - PC)<br>(1709 - MSfB) |  |  |
|
||||||
| **Pro for Workstations > Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro for Workstations > Pro Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Pro for Workstations > Enterprise** |  |  |  |  <br>(1703 - PC)<br>(1709 - MSfB) |  |  |
|
| **Pro for Workstations > Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Pro Education > Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro for Workstations > Enterprise** |  |  |  |  <br>(1703 - PC)<br>(1709 - MSfB) |  |  |
|
||||||
| **Enterprise > Education** |  |  |  |  <br>(MSfB) |  |  |
|
| **Pro Education > Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
| **Mobile > Mobile Enterprise** |  | |  |  |  |  |
|
| **Enterprise > Education** |  |  |  |  <br>(MSfB) |  |  |
|
||||||
|
| **Mobile > Mobile Enterprise** |  | |  |  |  |  |
|
||||||
> [!NOTE]
|
|
||||||
> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
|
> [!NOTE]
|
||||||
> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
|
> - For information about upgrade paths in Windows 10 in S mode (for Pro or Education), check out [Windows 10 Pro/Enterprise in S mode](../windows-10-pro-in-s-mode.md)
|
||||||
> <br>
|
> - Each desktop edition in the table also has an N and KN SKU. These editions have had media-related functionality removed. Devices with N or KN SKUs installed can be upgraded to corresponding N or KN SKUs using the same methods.
|
||||||
> - Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
|
> <br>
|
||||||
|
> - Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes) the term LTSB might still be displayed in some products. This name will change to LTSC with subsequent feature updates.
|
||||||
## Upgrade using mobile device management (MDM)
|
|
||||||
- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
|
## Upgrade using mobile device management (MDM)
|
||||||
|
- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
|
||||||
- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
|
|
||||||
|
- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
|
||||||
## Upgrade using a provisioning package
|
|
||||||
Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
|
## Upgrade using a provisioning package
|
||||||
|
Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition or mobile edition of Windows 10. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
|
||||||
- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
|
|
||||||
|
- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
|
||||||
- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
|
|
||||||
|
- To create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings > EditionUpgrade > UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
|
||||||
For more info about Windows Configuration Designer, see these topics:
|
|
||||||
- [Create a provisioining package for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package)
|
For more info about Windows Configuration Designer, see these topics:
|
||||||
- [Apply a provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package)
|
- [Create a provisioining package for Windows 10](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-create-package)
|
||||||
|
- [Apply a provisioning package](https://docs.microsoft.com/windows/configuration/provisioning-packages/provisioning-apply-package)
|
||||||
|
|
||||||
## Upgrade using a command-line tool
|
|
||||||
You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
|
## Upgrade using a command-line tool
|
||||||
|
You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
|
||||||
`changepk.exe /ProductKey <enter your new product key here>`
|
|
||||||
|
`changepk.exe /ProductKey <enter your new product key here>`
|
||||||
You can also upgrade using slmgr.vbs and a [KMS client setup key](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v%3dws.11)). For example, the following command will upgrade to Windows 10 Enterprise.
|
|
||||||
|
You can also upgrade using slmgr.vbs and a [KMS client setup key](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v%3dws.11)). For example, the following command will upgrade to Windows 10 Enterprise.
|
||||||
`Cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43`
|
|
||||||
|
`Cscript.exe c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43`
|
||||||
|
|
||||||
## Upgrade by manually entering a product key
|
|
||||||
If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
|
## Upgrade by manually entering a product key
|
||||||
|
If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
|
||||||
**To manually enter a product key**
|
|
||||||
|
**To manually enter a product key**
|
||||||
1. From either the Start menu or the Start screen, type 'Activation' and click on the Activation shortcut.
|
|
||||||
|
1. From either the Start menu or the Start screen, type 'Activation' and click on the Activation shortcut.
|
||||||
2. Click **Change product key**.
|
|
||||||
|
2. Click **Change product key**.
|
||||||
3. Enter your product key.
|
|
||||||
|
3. Enter your product key.
|
||||||
4. Follow the on-screen instructions.
|
|
||||||
|
4. Follow the on-screen instructions.
|
||||||
## Upgrade by purchasing a license from the Microsoft Store
|
|
||||||
If you do not have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
|
## Upgrade by purchasing a license from the Microsoft Store
|
||||||
|
If you do not have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
|
||||||
**To upgrade through the Microsoft Store**
|
|
||||||
|
**To upgrade through the Microsoft Store**
|
||||||
1. From either the **Start** menu or the **Start** screen, type 'Activation' and click on the Activation shortcut.
|
|
||||||
|
1. From either the **Start** menu or the **Start** screen, type 'Activation' and click on the Activation shortcut.
|
||||||
2. Click **Go to Store**.
|
|
||||||
|
2. Click **Go to Store**.
|
||||||
3. Follow the on-screen instructions.
|
|
||||||
|
3. Follow the on-screen instructions.
|
||||||
**Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
|
|
||||||
|
**Note**<br>If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
|
||||||
## License expiration
|
|
||||||
|
## License expiration
|
||||||
Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
|
|
||||||
|
Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
|
||||||
Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
|
|
||||||
|
Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported. You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
|
||||||
Note: If you are using [Windows 10 Enterprise Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
|
|
||||||
|
Note: If you are using [Windows 10 Enterprise Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
|
||||||
### Scenario example
|
|
||||||
|
### Scenario example
|
||||||
Downgrading from Enterprise
|
|
||||||
- Original edition: **Professional OEM**
|
Downgrading from Enterprise
|
||||||
- Upgrade edition: **Enterprise**
|
- Original edition: **Professional OEM**
|
||||||
- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
|
- Upgrade edition: **Enterprise**
|
||||||
|
- Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
|
||||||
You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
|
|
||||||
|
You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
|
||||||
### Supported Windows 10 downgrade paths
|
|
||||||
|
### Supported Windows 10 downgrade paths
|
||||||
✔ = Supported downgrade path<br>
|
|
||||||
S = Supported; Not considered a downgrade or an upgrade<br>
|
✔ = Supported downgrade path<br>
|
||||||
[blank] = Not supported or not a downgrade<br>
|
S = Supported; Not considered a downgrade or an upgrade<br>
|
||||||
|
[blank] = Not supported or not a downgrade<br>
|
||||||
<br>
|
|
||||||
<table border="0" cellpadding="1">
|
<br>
|
||||||
<tr>
|
<table border="0" cellpadding="1">
|
||||||
<td colspan="10" align="center">Destination edition</td>
|
<tr>
|
||||||
</tr>
|
<td colspan="10" align="center">Destination edition</td>
|
||||||
<tr>
|
</tr>
|
||||||
<td> </td>
|
<tr>
|
||||||
<td></td>
|
<td> </td>
|
||||||
<td>Home</td>
|
<td></td>
|
||||||
<td>Pro</td>
|
<td>Home</td>
|
||||||
<td>Pro for Workstations</td>
|
<td>Pro</td>
|
||||||
<td>Pro Education</td>
|
<td>Pro for Workstations</td>
|
||||||
<td>Education</td>
|
<td>Pro Education</td>
|
||||||
<td>Enterprise LTSC</td>
|
<td>Education</td>
|
||||||
<td>Enterprise</td>
|
<td>Enterprise LTSC</td>
|
||||||
</tr>
|
<td>Enterprise</td>
|
||||||
<tr>
|
</tr>
|
||||||
<td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
|
<tr>
|
||||||
</tr>
|
<td rowspan="9" nowrap="nowrap" valign="middle">Starting edition</td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Home</td>
|
<tr>
|
||||||
<td></td>
|
<td>Home</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Pro</td>
|
<tr>
|
||||||
<td></td>
|
<td>Pro</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Pro for Workstations</td>
|
<tr>
|
||||||
<td></td>
|
<td>Pro for Workstations</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Pro Education</td>
|
<tr>
|
||||||
<td></td>
|
<td>Pro Education</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Education</td>
|
<tr>
|
||||||
<td></td>
|
<td>Education</td>
|
||||||
<td align="center">✔</td>
|
<td></td>
|
||||||
<td align="center">✔</td>
|
<td align="center">✔</td>
|
||||||
<td align="center">✔</td>
|
<td align="center">✔</td>
|
||||||
<td></td>
|
<td align="center">✔</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
<td>S</td>
|
<td></td>
|
||||||
</tr>
|
<td>S</td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Enterprise LTSC</td>
|
<tr>
|
||||||
<td></td>
|
<td>Enterprise LTSC</td>
|
||||||
<td align="center"></td>
|
<td></td>
|
||||||
<td align="center"></td>
|
<td align="center"></td>
|
||||||
<td align="center"></td>
|
<td align="center"></td>
|
||||||
<td align="center"></td>
|
<td align="center"></td>
|
||||||
<td></td>
|
<td align="center"></td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
<tr>
|
</tr>
|
||||||
<td>Enterprise</td>
|
<tr>
|
||||||
<td></td>
|
<td>Enterprise</td>
|
||||||
<td align="center">✔</td>
|
<td></td>
|
||||||
<td align="center">✔</td>
|
<td align="center">✔</td>
|
||||||
<td align="center">✔</td>
|
<td align="center">✔</td>
|
||||||
<td align="center">S</td>
|
<td align="center">✔</td>
|
||||||
<td></td>
|
<td align="center">S</td>
|
||||||
<td></td>
|
<td></td>
|
||||||
</tr>
|
<td></td>
|
||||||
</table>
|
</tr>
|
||||||
|
</table>
|
||||||
> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
|
|
||||||
>
|
> **Windows 10 LTSC/LTSB**: Due to [naming changes](https://docs.microsoft.com/windows/deployment/update/waas-overview#naming-changes), product versions that display Windows 10 LTSB will be replaced with Windows 10 LTSC in subsequent feature updates. The term LTSC is used here to refer to all long term servicing versions.
|
||||||
> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
|
>
|
||||||
|
> **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
|
||||||
Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
|
|
||||||
|
Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
[Windows 10 upgrade paths](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths)<br>
|
|
||||||
[Windows 10 volume license media](https://docs.microsoft.com/windows/deployment/windows-10-media)<br>
|
[Windows 10 upgrade paths](https://docs.microsoft.com/windows/deployment/upgrade/windows-10-upgrade-paths)<br>
|
||||||
[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation)
|
[Windows 10 volume license media](https://docs.microsoft.com/windows/deployment/windows-10-media)<br>
|
||||||
|
[Windows 10 Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation)
|
||||||
|
|||||||
@ -1,154 +1,155 @@
|
|||||||
---
|
---
|
||||||
title: Common Migration Scenarios (Windows 10)
|
title: Common Migration Scenarios (Windows 10)
|
||||||
description: Common Migration Scenarios
|
description: Common Migration Scenarios
|
||||||
ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
|
ms.assetid: 1d8170d5-e775-4963-b7a5-b55e8987c1e4
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.date: 04/19/2017
|
author: greg-lindsay
|
||||||
ms.topic: article
|
ms.date: 04/19/2017
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Common Migration Scenarios
|
|
||||||
|
# Common Migration Scenarios
|
||||||
|
|
||||||
You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
|
|
||||||
|
You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
|
||||||
One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
|
|
||||||
|
One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
|
||||||
## In This Topic
|
|
||||||
|
## In This Topic
|
||||||
|
|
||||||
[PC Refresh](#bkmk-pcrefresh)
|
|
||||||
|
[PC Refresh](#bkmk-pcrefresh)
|
||||||
[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh)
|
|
||||||
|
[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh)
|
||||||
[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh)
|
|
||||||
|
[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh)
|
||||||
[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh)
|
|
||||||
|
[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh)
|
||||||
[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh)
|
|
||||||
|
[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh)
|
||||||
[PC Replacement](#bkmk-pcreplace)
|
|
||||||
|
[PC Replacement](#bkmk-pcreplace)
|
||||||
[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace)
|
|
||||||
|
[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace)
|
||||||
[Scenario Two: Manual network migration](#bkmk-twopcreplace)
|
|
||||||
|
[Scenario Two: Manual network migration](#bkmk-twopcreplace)
|
||||||
[Scenario Three: Managed network migration](#bkmk-threepcreplace)
|
|
||||||
|
[Scenario Three: Managed network migration](#bkmk-threepcreplace)
|
||||||
## <a href="" id="bkmk-pcrefresh"></a>PC-Refresh
|
|
||||||
|
## <a href="" id="bkmk-pcrefresh"></a>PC-Refresh
|
||||||
|
|
||||||
The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer.
|
|
||||||
|
The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-onepcrefresh"></a>Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
|
|
||||||
|
### <a href="" id="bkmk-onepcrefresh"></a>Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
|
||||||
A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
|
|
||||||
|
A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
|
||||||
1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
|
|
||||||
|
1. On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
|
||||||
2. On each computer, the administrator installs the company’s standard operating environment (SOE) which includes Windows 10 and other company applications.
|
|
||||||
|
2. On each computer, the administrator installs the company’s standard operating environment (SOE) which includes Windows 10 and other company applications.
|
||||||
3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer.
|
|
||||||
|
3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer.
|
||||||
### <a href="" id="bkmk-twopcrefresh"></a>Scenario Two: PC-refresh using a compressed migration store
|
|
||||||
|
### <a href="" id="bkmk-twopcrefresh"></a>Scenario Two: PC-refresh using a compressed migration store
|
||||||
A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
|
|
||||||
|
A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
|
||||||
1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server.
|
|
||||||
|
1. The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server.
|
||||||
2. On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications.
|
|
||||||
|
2. On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications.
|
||||||
3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer.
|
|
||||||
|
3. The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer.
|
||||||
### <a href="" id="bkmk-threepcrefresh"></a>Scenario Three: PC-refresh using a hard-link migration store
|
|
||||||
|
### <a href="" id="bkmk-threepcrefresh"></a>Scenario Three: PC-refresh using a hard-link migration store
|
||||||
A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
|
|
||||||
|
A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
|
||||||
1. The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
|
|
||||||
|
1. The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
|
||||||
2. On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
|
|
||||||
|
2. On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
|
||||||
3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
|
|
||||||
|
3. The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
|
||||||
### <a href="" id="bkmk-fourpcrefresh"></a>Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
|
|
||||||
|
### <a href="" id="bkmk-fourpcrefresh"></a>Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
|
||||||
A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
|
|
||||||
|
A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
|
||||||
1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
|
|
||||||
|
1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
|
||||||
2. On each computer, the administrator installs the company’s SOE which includes company applications.
|
|
||||||
|
2. On each computer, the administrator installs the company’s SOE which includes company applications.
|
||||||
3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options.
|
|
||||||
|
3. The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options.
|
||||||
## <a href="" id="bkmk-pcreplace"></a>PC-Replacement
|
|
||||||
|
## <a href="" id="bkmk-pcreplace"></a>PC-Replacement
|
||||||
|
|
||||||
The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer.
|
|
||||||
|
The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### <a href="" id="bkmk-onepcreplace"></a>Scenario One: Offline migration using WinPE and an external migration store
|
|
||||||
|
### <a href="" id="bkmk-onepcreplace"></a>Scenario One: Offline migration using WinPE and an external migration store
|
||||||
A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection.
|
|
||||||
|
A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection.
|
||||||
1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk.
|
|
||||||
|
1. On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk.
|
||||||
2. On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
|
|
||||||
|
2. On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
|
||||||
3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers.
|
|
||||||
|
3. On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers.
|
||||||
### <a href="" id="bkmk-twopcreplace"></a>Scenario Two: Manual network migration
|
|
||||||
|
### <a href="" id="bkmk-twopcreplace"></a>Scenario Two: Manual network migration
|
||||||
A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
|
|
||||||
|
A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
|
||||||
1. The administrator runs the ScanState tool on each of the manager’s old laptops, and saves each user state to a server.
|
|
||||||
|
1. The administrator runs the ScanState tool on each of the manager’s old laptops, and saves each user state to a server.
|
||||||
2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
|
|
||||||
|
2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
|
||||||
3. The administrator runs the LoadState tool on the new laptops to migrate the managers’ user states to the appropriate computer. The new laptops are now ready for the managers to use.
|
|
||||||
|
3. The administrator runs the LoadState tool on the new laptops to migrate the managers’ user states to the appropriate computer. The new laptops are now ready for the managers to use.
|
||||||
4. On the old computers, the administrator installs the company’s SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
|
|
||||||
|
4. On the old computers, the administrator installs the company’s SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
|
||||||
### <a href="" id="bkmk-threepcreplace"></a>Scenario Three: Managed network migration
|
|
||||||
|
### <a href="" id="bkmk-threepcreplace"></a>Scenario Three: Managed network migration
|
||||||
A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store.
|
|
||||||
|
A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store.
|
||||||
1. On each source computer, the administrator runs the ScanState tool using Microsoft System Center Configuration Manager (SCCM), Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server.
|
|
||||||
|
1. On each source computer, the administrator runs the ScanState tool using Microsoft Endpoint Configuration Manager, Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server.
|
||||||
2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
|
|
||||||
|
2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
|
||||||
3. On each of the new computers, the administrator runs the LoadState tool using System Center Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers.
|
|
||||||
|
3. On each of the new computers, the administrator runs the LoadState tool using Microsoft Endpoint Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers.
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
|
|
||||||
[Plan Your Migration](usmt-plan-your-migration.md)
|
|
||||||
|
[Plan Your Migration](usmt-plan-your-migration.md)
|
||||||
[Choose a Migration Store Type](usmt-choose-migration-store-type.md)
|
|
||||||
|
[Choose a Migration Store Type](usmt-choose-migration-store-type.md)
|
||||||
[Offline Migration Reference](offline-migration-reference.md)
|
|
||||||
|
[Offline Migration Reference](offline-migration-reference.md)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,53 +1,54 @@
|
|||||||
---
|
---
|
||||||
title: Test Your Migration (Windows 10)
|
title: Test Your Migration (Windows 10)
|
||||||
description: Test Your Migration
|
description: Test Your Migration
|
||||||
ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
|
ms.assetid: 754af276-8386-4eac-8079-3d1e45964a0d
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.date: 04/19/2017
|
author: greg-lindsay
|
||||||
ms.topic: article
|
ms.date: 04/19/2017
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Test Your Migration
|
|
||||||
|
# Test Your Migration
|
||||||
|
|
||||||
Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data.
|
|
||||||
|
Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data.
|
||||||
After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
|
|
||||||
|
After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
|
||||||
If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line.
|
|
||||||
|
If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line.
|
||||||
In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**<em>:5</em> option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
|
|
||||||
|
In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**<em>:5</em> option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
|
||||||
**Note**
|
|
||||||
Running the ScanState and LoadState tools with the **/v**<em>:5</em> option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
|
**Note**
|
||||||
|
Running the ScanState and LoadState tools with the **/v**<em>:5</em> option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
|
||||||
|
|
||||||
|
|
||||||
After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246).
|
|
||||||
|
After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft Endpoint Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](https://docs.microsoft.com/configmgr/osd/get-started/manage-user-state).
|
||||||
**Note**
|
|
||||||
For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
|
**Note**
|
||||||
|
For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
|
|
||||||
[Plan Your Migration](usmt-plan-your-migration.md)
|
|
||||||
|
[Plan Your Migration](usmt-plan-your-migration.md)
|
||||||
[Log Files](usmt-log-files.md)
|
|
||||||
|
[Log Files](usmt-log-files.md)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,94 +1,95 @@
|
|||||||
---
|
---
|
||||||
title: Configure Client Computers (Windows 10)
|
title: Configure Client Computers (Windows 10)
|
||||||
description: Configure Client Computers
|
description: Configure Client Computers
|
||||||
ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
|
ms.assetid: a48176c9-b05c-4dd5-a9ef-83073e2370fc
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: activation
|
ms.pagetype: activation
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.date: 04/25/2017
|
author: greg-lindsay
|
||||||
ms.topic: article
|
ms.date: 04/25/2017
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Configure Client Computers
|
|
||||||
|
# Configure Client Computers
|
||||||
To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:
|
|
||||||
|
To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:
|
||||||
- An exception must be set in the client computer's firewall.
|
|
||||||
- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.
|
- An exception must be set in the client computer's firewall.
|
||||||
|
- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.
|
||||||
Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
|
|
||||||
|
Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
|
||||||
**Important**
|
|
||||||
This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
|
**Important**
|
||||||
|
This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
|
||||||
## Configuring the Windows Firewall to allow VAMT access
|
|
||||||
|
## Configuring the Windows Firewall to allow VAMT access
|
||||||
Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
|
|
||||||
1. Open Control Panel and double-click **System and Security**.
|
Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
|
||||||
2. Click **Windows Firewall**.
|
1. Open Control Panel and double-click **System and Security**.
|
||||||
3. Click **Allow a program or feature through Windows Firewall**.
|
2. Click **Windows Firewall**.
|
||||||
4. Click the **Change settings** option.
|
3. Click **Allow a program or feature through Windows Firewall**.
|
||||||
5. Select the **Windows Management Instrumentation (WMI)** checkbox.
|
4. Click the **Change settings** option.
|
||||||
6. Click **OK**.
|
5. Select the **Windows Management Instrumentation (WMI)** checkbox.
|
||||||
|
6. Click **OK**.
|
||||||
**Warning**
|
|
||||||
By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
|
**Warning**
|
||||||
|
By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
|
||||||
## Configure Windows Firewall to allow VAMT access across multiple subnets
|
|
||||||
|
## Configure Windows Firewall to allow VAMT access across multiple subnets
|
||||||
Enable the VAMT to access client computers across multiple subnets using the **Windows Firewall with Advanced Security** Control Panel:
|
|
||||||
|
Enable the VAMT to access client computers across multiple subnets using the **Windows Firewall with Advanced Security** Control Panel:
|
||||||
|
|
||||||
|
|
||||||
1. Open the Control Panel and double-click **Administrative Tools**.
|
|
||||||
2. Click **Windows Firewall with Advanced Security**.
|
1. Open the Control Panel and double-click **Administrative Tools**.
|
||||||
3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
|
2. Click **Windows Firewall with Advanced Security**.
|
||||||
- Windows Management Instrumentation (ASync-In)
|
3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
|
||||||
- Windows Management Instrumentation (DCOM-In)
|
- Windows Management Instrumentation (ASync-In)
|
||||||
- Windows Management Instrumentation (WMI-In)
|
- Windows Management Instrumentation (DCOM-In)
|
||||||
|
- Windows Management Instrumentation (WMI-In)
|
||||||
4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
|
|
||||||
|
4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
|
||||||
5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
|
|
||||||
|
5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
|
||||||
- On the **General** tab, select the **Allow the connection** checkbox.
|
|
||||||
- On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
|
- On the **General** tab, select the **Allow the connection** checkbox.
|
||||||
- On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
|
- On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
|
||||||
|
- On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
|
||||||
In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
|
|
||||||
For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
|
In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
|
||||||
|
For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
|
||||||
## Create a registry value for the VAMT to access workgroup-joined computer
|
|
||||||
|
## Create a registry value for the VAMT to access workgroup-joined computer
|
||||||
**Caution**
|
|
||||||
This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
|
**Caution**
|
||||||
|
This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
|
||||||
On the client computer, create the following registry key using regedit.exe.
|
|
||||||
|
On the client computer, create the following registry key using regedit.exe.
|
||||||
1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
|
|
||||||
2. Enter the following details:
|
1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
|
||||||
**Value Name: LocalAccountTokenFilterPolicy**
|
2. Enter the following details:
|
||||||
**Type: DWORD**
|
**Value Name: LocalAccountTokenFilterPolicy**
|
||||||
**Value Data: 1**
|
**Type: DWORD**
|
||||||
**Note**
|
**Value Data: 1**
|
||||||
To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.
|
**Note**
|
||||||
|
To discover VAMT-manageable Windows computers in workgroups, you must enable network discovery on each client.
|
||||||
## Deployment options
|
|
||||||
|
## Deployment options
|
||||||
There are several options for organizations to configure the WMI firewall exception for computers:
|
|
||||||
- **Image.** Add the configurations to the master Windows image deployed to all clients.
|
There are several options for organizations to configure the WMI firewall exception for computers:
|
||||||
- **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
|
- **Image.** Add the configurations to the master Windows image deployed to all clients.
|
||||||
- **Script.** Execute a script using Microsoft System Center Configuration Manager or a third-party remote script execution facility.
|
- **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
|
||||||
- **Manual.** Configure the WMI firewall exception individually on each client.
|
- **Script.** Execute a script using Microsoft Endpoint Configuration Manager or a third-party remote script execution facility.
|
||||||
The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.
|
- **Manual.** Configure the WMI firewall exception individually on each client.
|
||||||
|
The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
- [Install and Configure VAMT](install-configure-vamt.md)
|
|
||||||
|
- [Install and Configure VAMT](install-configure-vamt.md)
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 deployment process posters
|
title: Windows 10 deployment process posters
|
||||||
description: View and download Windows 10 deployment process flows for System Center Configuration Manager and Windows Autopilot.
|
description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.audience: itpro
|
ms.audience: itpro
|
||||||
@ -21,7 +21,7 @@ ms.topic: article
|
|||||||
**Applies to**
|
**Applies to**
|
||||||
- Windows 10
|
- Windows 10
|
||||||
|
|
||||||
The following posters step through various options for deploying Windows 10 with Windows Autopilot or System Center Configuration Manager.
|
The following posters step through various options for deploying Windows 10 with Windows Autopilot or Microsoft Endpoint Configuration Manager.
|
||||||
|
|
||||||
## Deploy Windows 10 with Autopilot
|
## Deploy Windows 10 with Autopilot
|
||||||
|
|
||||||
@ -29,7 +29,7 @@ The Windows Autopilot poster is two pages in portrait mode (11x17). Click the im
|
|||||||
|
|
||||||
[](./media/Windows10AutopilotFlowchart.pdf)
|
[](./media/Windows10AutopilotFlowchart.pdf)
|
||||||
|
|
||||||
## Deploy Windows 10 with System Center Configuration Manager
|
## Deploy Windows 10 with Microsoft Endpoint Configuration Manager
|
||||||
|
|
||||||
The Configuration Manager poster is one page in landscape mode (17x11). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.vsdx) format.
|
The Configuration Manager poster is one page in landscape mode (17x11). Click the image to view a PDF in your browser. You can also download this poster in [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.pdf) or [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/deployment/media/Windows10DeploymentConfigManager.vsdx) format.
|
||||||
|
|
||||||
@ -38,4 +38,4 @@ The Configuration Manager poster is one page in landscape mode (17x11). Click th
|
|||||||
## See also
|
## See also
|
||||||
|
|
||||||
[Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)<br>
|
[Overview of Windows Autopilot](https://docs.microsoft.com/windows/deployment/windows-autopilot/windows-autopilot)<br>
|
||||||
[Scenarios to deploy enterprise operating systems with Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems)
|
[Scenarios to deploy enterprise operating systems with Configuration Manager](https://docs.microsoft.com/configmgr/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems)
|
||||||
@ -25,7 +25,7 @@ ms.topic: article
|
|||||||
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
|
To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
|
||||||
|
|
||||||
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
|
The following table summarizes various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
|
||||||
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
|
- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home).
|
||||||
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
|
- Dynamic deployment methods enable you to configure applications and settings for specific use cases.
|
||||||
- Traditional deployment methods use existing tools to deploy operating system images.<br>
|
- Traditional deployment methods use existing tools to deploy operating system images.<br>
|
||||||
|
|
||||||
@ -109,7 +109,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
|
|||||||
Deploy a new device, or wipe an existing device and deploy with a fresh image.
|
Deploy a new device, or wipe an existing device and deploy with a fresh image.
|
||||||
</td>
|
</td>
|
||||||
<td align="center" style="width:16%; border:1;">
|
<td align="center" style="width:16%; border:1;">
|
||||||
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/sccm/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with System Center Configuration Manager</a>
|
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt">Deploy a Windows 10 image using MDT</a><br><a href="https://docs.microsoft.com/configmgr/osd/deploy-use/install-new-windows-version-new-computer-bare-metal">Install a new version of Windows on a new computer with Microsoft Endpoint Configuration Manager</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
@ -121,7 +121,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
|
|||||||
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
|
Also called wipe and load. Redeploy a device by saving the user state, wiping the disk, then restoring the user state.
|
||||||
</td>
|
</td>
|
||||||
<td align="center" style="width:16%; border:1;">
|
<td align="center" style="width:16%; border:1;">
|
||||||
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10">Refresh a Windows 7 computer with Windows 10</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-configmgr/refresh-a-windows-7-client-with-windows-10-using-configuration-manager">Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
@ -133,7 +133,7 @@ The following table summarizes various Windows 10 deployment scenarios. The scen
|
|||||||
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
|
Replace an existing device with a new one by saving the user state on the old device and then restoring it to the new device.
|
||||||
</td>
|
</td>
|
||||||
<td align="center" style="width:16%; border:1;">
|
<td align="center" style="width:16%; border:1;">
|
||||||
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
<a href="https://docs.microsoft.com/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer">Replace a Windows 7 computer with a Windows 10 computer</a><br><a href="https://docs.microsoft.com/windows/deployment/deploy-windows-configmgr/replace-a-windows-7-client-with-windows-10-using-configuration-manager">Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
@ -159,7 +159,7 @@ For more information about Windows Autopilot, see [Overview of Windows Autopilot
|
|||||||
|
|
||||||
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
|
For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
|
||||||
|
|
||||||
Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like System Center Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
|
Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like Microsoft Endpoint Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
|
||||||
|
|
||||||
The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
|
The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
|
||||||
|
|
||||||
@ -206,7 +206,7 @@ While the initial Windows 10 release includes a variety of provisioning setting
|
|||||||
|
|
||||||
## Traditional deployment:
|
## Traditional deployment:
|
||||||
|
|
||||||
New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [System Center Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
|
New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md), and [Microsoft Endpoint Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md).
|
||||||
|
|
||||||
With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
|
With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
|
||||||
|
|
||||||
@ -269,7 +269,7 @@ The deployment process for the replace scenario is as follows:
|
|||||||
## Related topics
|
## Related topics
|
||||||
|
|
||||||
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
|
- [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
|
||||||
- [Upgrade to Windows 10 with System Center Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
|
- [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
|
||||||
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
|
- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
|
||||||
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
|
- [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
|
||||||
- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
|
- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
|
||||||
|
|||||||
@ -1,258 +1,260 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 Enterprise E3 in CSP
|
title: Windows 10 Enterprise E3 in CSP
|
||||||
description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
|
description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
|
||||||
keywords: upgrade, update, task sequence, deploy
|
keywords: upgrade, update, task sequence, deploy
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
ms.pagetype: mdt
|
ms.pagetype: mdt
|
||||||
ms.date: 08/24/2017
|
ms.date: 08/24/2017
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.audience: itpro
author: greg-lindsay
|
ms.audience: itpro
|
||||||
audience: itpro
author: greg-lindsay
|
author: greg-lindsay
|
||||||
ms.collection: M365-modern-desktop
|
audience: itpro
|
||||||
ms.topic: article
|
author: greg-lindsay
|
||||||
---
|
ms.collection: M365-modern-desktop
|
||||||
|
ms.topic: article
|
||||||
# Windows 10 Enterprise E3 in CSP
|
---
|
||||||
|
|
||||||
Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
|
# Windows 10 Enterprise E3 in CSP
|
||||||
|
|
||||||
- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
|
Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
|
||||||
- Azure Active Directory (Azure AD) available for identity management
|
|
||||||
|
- Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later, installed and activated, on the devices to be upgraded
|
||||||
Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
|
- Azure Active Directory (Azure AD) available for identity management
|
||||||
|
|
||||||
Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
|
Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
|
||||||
|
|
||||||
When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
|
Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
|
||||||
|
|
||||||
- **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
|
When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
|
||||||
|
|
||||||
- **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
|
- **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
|
||||||
|
|
||||||
- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
|
- **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
|
||||||
|
|
||||||
- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
|
- **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
|
||||||
|
|
||||||
- **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
|
- **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
|
||||||
|
|
||||||
- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
|
- **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
|
||||||
|
|
||||||
How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
|
- **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
|
||||||
|
|
||||||
- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
|
How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
|
||||||
|
|
||||||
- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
|
- [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
|
||||||
|
|
||||||
- **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
|
- [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
|
||||||
|
|
||||||
- **Training**. These benefits include training vouchers, online e-learning, and a home use program.
|
- **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
|
||||||
|
|
||||||
- **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
|
- **Training**. These benefits include training vouchers, online e-learning, and a home use program.
|
||||||
|
|
||||||
- **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
|
- **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
|
||||||
|
|
||||||
In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
|
- **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
|
||||||
|
|
||||||
In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
|
In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
|
||||||
|
|
||||||
## Compare Windows 10 Pro and Enterprise editions
|
In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
|
||||||
|
|
||||||
Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
|
## Compare Windows 10 Pro and Enterprise editions
|
||||||
|
|
||||||
*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
|
Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
|
||||||
|
|
||||||
<table>
|
*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
|
||||||
<colgroup>
|
|
||||||
<col width="20%" />
|
<table>
|
||||||
<col width="80%" />
|
<colgroup>
|
||||||
</colgroup>
|
<col width="20%" />
|
||||||
<thead>
|
<col width="80%" />
|
||||||
<tr class="header">
|
</colgroup>
|
||||||
<th align="left">Feature</th>
|
<thead>
|
||||||
<th align="left">Description</th>
|
<tr class="header">
|
||||||
</tr>
|
<th align="left">Feature</th>
|
||||||
</thead>
|
<th align="left">Description</th>
|
||||||
<tbody>
|
</tr>
|
||||||
<tr class="odd">
|
</thead>
|
||||||
<td align="left"><p>Credential Guard<strong><em></strong></p></td>
|
<tbody>
|
||||||
<td align="left"><p>This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.</p>
|
<tr class="odd">
|
||||||
<p>Credential Guard has the following features:</p>
|
<td align="left"><p>Credential Guard<strong><em></strong></p></td>
|
||||||
<ul>
|
<td align="left"><p>This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.</p>
|
||||||
<li><p><strong>Hardware-level security</strong>. Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.</p></li>
|
<p>Credential Guard has the following features:</p>
|
||||||
<li><p><strong>Virtualization-based security</strong>. Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.</p></li>
|
<ul>
|
||||||
<li><p><strong>Improved protection against persistent threats</strong>. Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.</p></li>
|
<li><p><strong>Hardware-level security</strong>. Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.</p></li>
|
||||||
<li><p><strong>Improved manageability</strong>. Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.</p></li>
|
<li><p><strong>Virtualization-based security</strong>. Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.</p></li>
|
||||||
</ul>
|
<li><p><strong>Improved protection against persistent threats</strong>. Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.</p></li>
|
||||||
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard" data-raw-source="[Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)">Protect derived domain credentials with Credential Guard</a>.</p>
|
<li><p><strong>Improved manageability</strong>. Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.</p></li>
|
||||||
<p></em> <i>Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)</i></p></td>
|
</ul>
|
||||||
</tr>
|
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard" data-raw-source="[Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)">Protect derived domain credentials with Credential Guard</a>.</p>
|
||||||
<tr class="even">
|
<p></em> <i>Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)</i></p></td>
|
||||||
<td align="left"><p>Device Guard</p></td>
|
</tr>
|
||||||
<td align="left"><p>This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.</p>
|
<tr class="even">
|
||||||
<p>Device Guard does the following:</p>
|
<td align="left"><p>Device Guard</p></td>
|
||||||
<ul>
|
<td align="left"><p>This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.</p>
|
||||||
<li><p>Helps protect against malware</p></li>
|
<p>Device Guard does the following:</p>
|
||||||
<li><p>Helps protect the Windows system core from vulnerability and zero-day exploits</p></li>
|
<ul>
|
||||||
<li><p>Allows only trusted apps to run</p></li>
|
<li><p>Helps protect against malware</p></li>
|
||||||
</ul>
|
<li><p>Helps protect the Windows system core from vulnerability and zero-day exploits</p></li>
|
||||||
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies" data-raw-source="[Introduction to Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies)">Introduction to Device Guard</a>.</p></td>
|
<li><p>Allows only trusted apps to run</p></li>
|
||||||
</tr>
|
</ul>
|
||||||
<tr class="odd">
|
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies" data-raw-source="[Introduction to Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies)">Introduction to Device Guard</a>.</p></td>
|
||||||
<td align="left"><p>AppLocker management</p></td>
|
</tr>
|
||||||
<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
|
<tr class="odd">
|
||||||
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview" data-raw-source="[AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview)">AppLocker</a>.</p></td>
|
<td align="left"><p>AppLocker management</p></td>
|
||||||
</tr>
|
<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
|
||||||
<tr class="even">
|
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview" data-raw-source="[AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview)">AppLocker</a>.</p></td>
|
||||||
<td align="left"><p>Application Virtualization (App-V)</p></td>
|
</tr>
|
||||||
<td align="left"><p>This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.</p>
|
<tr class="even">
|
||||||
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/manage/appv-getting-started" data-raw-source="[Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)">Getting Started with App-V for Windows 10</a>.</p></td>
|
<td align="left"><p>Application Virtualization (App-V)</p></td>
|
||||||
</tr>
|
<td align="left"><p>This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.</p>
|
||||||
<tr class="odd">
|
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/manage/appv-getting-started" data-raw-source="[Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)">Getting Started with App-V for Windows 10</a>.</p></td>
|
||||||
<td align="left"><p>User Experience Virtualization (UE-V)</p></td>
|
</tr>
|
||||||
<td align="left"><p>With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p>
|
<tr class="odd">
|
||||||
<p>UE-V provides the ability to do the following:</p>
|
<td align="left"><p>User Experience Virtualization (UE-V)</p></td>
|
||||||
<ul>
|
<td align="left"><p>With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p>
|
||||||
<li><p>Specify which application and Windows settings synchronize across user devices</p></li>
|
<p>UE-V provides the ability to do the following:</p>
|
||||||
<li><p>Deliver the settings anytime and anywhere users work throughout the enterprise</p></li>
|
<ul>
|
||||||
<li><p>Create custom templates for your third-party or line-of-business applications</p></li>
|
<li><p>Specify which application and Windows settings synchronize across user devices</p></li>
|
||||||
<li><p>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state</p></li>
|
<li><p>Deliver the settings anytime and anywhere users work throughout the enterprise</p></li>
|
||||||
</ul>
|
<li><p>Create custom templates for your third-party or line-of-business applications</p></li>
|
||||||
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/manage/uev-for-windows" data-raw-source="[User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)">User Experience Virtualization (UE-V) for Windows 10 overview</a>.</p></td>
|
<li><p>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state</p></li>
|
||||||
</tr>
|
</ul>
|
||||||
<tr class="even">
|
<p>For more information, see <a href="https://technet.microsoft.com/itpro/windows/manage/uev-for-windows" data-raw-source="[User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)">User Experience Virtualization (UE-V) for Windows 10 overview</a>.</p></td>
|
||||||
<td align="left"><p>Managed User Experience</p></td>
|
</tr>
|
||||||
<td align="left"><p>This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:</p>
|
<tr class="even">
|
||||||
<ul>
|
<td align="left"><p>Managed User Experience</p></td>
|
||||||
<li><p>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands</p></li>
|
<td align="left"><p>This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:</p>
|
||||||
<li><p>Removing Log Off (the User tile) from the Start menu</p></li>
|
<ul>
|
||||||
<li><p>Removing frequent programs from the Start menu</p></li>
|
<li><p>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands</p></li>
|
||||||
<li><p>Removing the All Programs list from the Start menu</p></li>
|
<li><p>Removing Log Off (the User tile) from the Start menu</p></li>
|
||||||
<li><p>Preventing users from customizing their Start screen</p></li>
|
<li><p>Removing frequent programs from the Start menu</p></li>
|
||||||
<li><p>Forcing Start menu to be either full-screen size or menu size</p></li>
|
<li><p>Removing the All Programs list from the Start menu</p></li>
|
||||||
<li><p>Preventing changes to Taskbar and Start menu settings</p></li>
|
<li><p>Preventing users from customizing their Start screen</p></li>
|
||||||
</ul>
|
<li><p>Forcing Start menu to be either full-screen size or menu size</p></li>
|
||||||
</tr>
|
<li><p>Preventing changes to Taskbar and Start menu settings</p></li>
|
||||||
</tbody>
|
</ul>
|
||||||
</table>
|
</tr>
|
||||||
|
</tbody>
|
||||||
## Deployment of Windows 10 Enterprise E3 licenses
|
</table>
|
||||||
|
|
||||||
See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
|
## Deployment of Windows 10 Enterprise E3 licenses
|
||||||
|
|
||||||
## Deploy Windows 10 Enterprise features
|
See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
|
||||||
|
|
||||||
Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
|
## Deploy Windows 10 Enterprise features
|
||||||
|
|
||||||
The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
|
Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
|
||||||
|
|
||||||
### Credential Guard\*
|
The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
|
||||||
|
|
||||||
You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
|
### Credential Guard\*
|
||||||
|
|
||||||
- **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
|
You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
|
||||||
|
|
||||||
- **Manual**. You can manually turn on Credential Guard by doing the following:
|
- **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
|
||||||
|
|
||||||
- Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
|
- **Manual**. You can manually turn on Credential Guard by doing the following:
|
||||||
|
|
||||||
- Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
|
- Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
|
||||||
|
|
||||||
You can automate these manual steps by using a management tool such as System Center Configuration Manager.
|
- Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
|
||||||
|
|
||||||
For more information about implementing Credential Guard, see the following resources:
|
You can automate these manual steps by using a management tool such as Microsoft Endpoint Configuration Manager.
|
||||||
|
|
||||||
- [Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
|
For more information about implementing Credential Guard, see the following resources:
|
||||||
- [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
|
|
||||||
- [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
|
- [Protect derived domain credentials with Credential Guard](https://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
|
||||||
|
- [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
|
||||||
\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
|
- [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337)
|
||||||
|
|
||||||
### Device Guard
|
\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
|
||||||
|
|
||||||
Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
|
### Device Guard
|
||||||
|
|
||||||
1. **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
|
Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
|
||||||
|
|
||||||
2. **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
|
1. **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
|
||||||
|
|
||||||
3. **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
|
2. **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
|
||||||
|
|
||||||
4. **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
|
3. **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
|
||||||
|
|
||||||
5. **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
|
4. **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
|
||||||
|
|
||||||
6. **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
|
5. **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
|
||||||
|
|
||||||
7. **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
|
6. **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
|
||||||
|
|
||||||
For more information about implementing Device Guard, see:
|
7. **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
|
||||||
|
|
||||||
- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
|
For more information about implementing Device Guard, see:
|
||||||
- [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
|
|
||||||
|
- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
|
||||||
### AppLocker management
|
- [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
|
||||||
|
|
||||||
You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
|
### AppLocker management
|
||||||
|
|
||||||
For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
|
You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
|
||||||
|
|
||||||
### App-V
|
For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
|
||||||
|
|
||||||
App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
|
### App-V
|
||||||
|
|
||||||
- **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
|
App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
|
||||||
|
|
||||||
- **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
|
- **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
|
||||||
|
|
||||||
- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
|
- **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
|
||||||
|
|
||||||
For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
|
- **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
|
||||||
|
|
||||||
- [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
|
For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
|
||||||
- [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
|
|
||||||
- [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
|
- [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
|
||||||
|
- [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
|
||||||
### UE-V
|
- [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
|
||||||
UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
|
|
||||||
|
### UE-V
|
||||||
- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
|
UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
|
||||||
|
|
||||||
- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
|
- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
|
||||||
|
|
||||||
- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
|
- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
|
||||||
|
|
||||||
- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
|
- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
|
||||||
|
|
||||||
- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
|
- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
|
||||||
|
|
||||||
For more information about deploying UE-V, see the following resources:
|
- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
|
||||||
|
|
||||||
- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
|
For more information about deploying UE-V, see the following resources:
|
||||||
- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
|
|
||||||
- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment)
|
- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
|
||||||
|
- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
|
||||||
### Managed User Experience
|
- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment)
|
||||||
|
|
||||||
The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
|
### Managed User Experience
|
||||||
|
|
||||||
*Table 2. Managed User Experience features*
|
The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
|
||||||
|
|
||||||
| Feature | Description |
|
*Table 2. Managed User Experience features*
|
||||||
|------------------|-----------------|
|
|
||||||
| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](https://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
|
| Feature | Description |
|
||||||
| Unbranded boot | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.<br>For more information on these settings, see [Unbranded Boot](https://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx). |
|
|------------------|-----------------|
|
||||||
| Custom logon | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](https://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx). |
|
| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](https://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
|
||||||
| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.<br>For more information on these settings, see [Shell Launcher](https://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx). |
|
| Unbranded boot | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.<br>For more information on these settings, see [Unbranded Boot](https://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx). |
|
||||||
| Keyboard filter | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](https://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx). |
|
| Custom logon | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](https://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx). |
|
||||||
| Unified write filter | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.<br>For more information on these settings, see [Unified Write Filter](https://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx). |
|
| Shell launcher | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.<br>For more information on these settings, see [Shell Launcher](https://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx). |
|
||||||
|
| Keyboard filter | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](https://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx). |
|
||||||
## Related topics
|
| Unified write filter | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.<br>For more information on these settings, see [Unified Write Filter](https://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx). |
|
||||||
|
|
||||||
[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
|
## Related topics
|
||||||
<BR>[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
|
|
||||||
<BR>[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
|
[Windows 10 Enterprise Subscription Activation](windows-10-subscription-activation.md)
|
||||||
<BR>[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
|
<BR>[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
|
||||||
|
<BR>[Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)
|
||||||
|
<BR>[Windows for business](https://www.microsoft.com/windowsforbusiness/default.aspx)
|
||||||
|
|||||||
@ -44,7 +44,7 @@ For ISOs that you download from the VLSC or Visual Studio Subscriptions, you can
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or System Center Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update.
|
When using the contents of these ISOs with tools such as the Microsoft Deployment Toolkit or Microsoft Endpoint Configuration Manager, make sure you select the appropriate image index in any task sequences that you create or update.
|
||||||
|
|
||||||
For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package:
|
For packages published to Windows Server Update Services (WSUS), you’ll also notice the change because, instead of having separate packages for each Windows edition, there will be just one package:
|
||||||
|
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -25,7 +25,7 @@ ms.topic: article
|
|||||||
This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
|
This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
|
||||||
|
|
||||||
- [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)<BR>
|
- [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)<BR>
|
||||||
- [Step by step: Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)<BR>
|
- [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)<BR>
|
||||||
|
|
||||||
The PoC deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that are not familiar with these tools, and those that are interested in setting up a proof of concept environment. The instructions in this guide should not be used in a production setting, and are not meant to replace the instructions found in production deployment guidance.
|
The PoC deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that are not familiar with these tools, and those that are interested in setting up a proof of concept environment. The instructions in this guide should not be used in a production setting, and are not meant to replace the instructions found in production deployment guidance.
|
||||||
|
|
||||||
@ -111,13 +111,13 @@ Hardware requirements are displayed below:
|
|||||||
<td>Any<BR><I>Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.</I></td>
|
<td>Any<BR><I>Note: Retaining applications and settings requires that architecture (32 or 64-bit) is the same before and after the upgrade.</I></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td BGCOLOR="#a0e4fa"><font color="#000000"><strong>RAM</strong></font></td>
|
<td BGCOLOR="#a0e4fa"><strong>RAM</strong></td>
|
||||||
<td>8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
|
<td>8 GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.
|
||||||
<BR>16 GB RAM to test Windows 10 deployment with System Center Configuration Manager.</td>
|
<BR>16 GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.</td>
|
||||||
<td>Any</td>
|
<td>Any</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td BGCOLOR="#a0e4fa"><font color="#000000"><strong>Disk</strong></font></td>
|
<td BGCOLOR="#a0e4fa"><strong>Disk</strong></td>
|
||||||
<td>200 GB available hard disk space, any format.</td>
|
<td>200 GB available hard disk space, any format.</td>
|
||||||
<td>Any size, MBR formatted.</td>
|
<td>Any size, MBR formatted.</td>
|
||||||
</tr>
|
</tr>
|
||||||
@ -779,7 +779,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40GB to
|
|||||||
|
|
||||||
**Configure service and user accounts**
|
**Configure service and user accounts**
|
||||||
|
|
||||||
Windows 10 deployment with MDT and System Center Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
|
Windows 10 deployment with MDT and Microsoft Endpoint Configuration Manager requires specific accounts to perform some actions. Service accounts will be created to use for these tasks. A user account is also added in the contoso.com domain that can be used for testing purposes. In the test lab environment, passwords are set to never expire.
|
||||||
|
|
||||||
>To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
>To keep this test lab relatively simple, we will not create a custom OU structure and set permissions. Required permissions are enabled by adding accounts to the Domain Admins group. To configure these settings in a production environment, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
||||||
|
|
||||||
|
|||||||
@ -59,9 +59,9 @@ The hardware ID, also commonly referred to as a hardware hash, contains several
|
|||||||
|
|
||||||
Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
|
Note that the hardware hash also contains details about when it was generated, so it will change each time it is generated. When the Windows Autopilot deployment service attempts to match a device, it considers changes like that, as well as more substantial changes such as a new hard drive, and is still able to match successfully. But substantial changes to the hardware, such as a motherboard replacement, would not match, so a new hash would need to be generated and uploaded.
|
||||||
|
|
||||||
### Collecting the hardware ID from existing devices using System Center Configuration Manager
|
### Collecting the hardware ID from existing devices using Microsoft Endpoint Configuration Manager
|
||||||
|
|
||||||
Starting with System Center Configuration Manager current branch version 1802, the hardware hashes for existing Windows 10 devices are automatically collected by Configuration Manager. See the [What’s new in version 1802](https://docs.microsoft.com/sccm/core/plan-design/changes/whats-new-in-version-1802#report-on-windows-autopilot-device-information) documentation for more details. The hash information can be extracted from Configuration Manager into a CSV file.
|
Microsoft Endpoint Configuration Manager automatically collects the hardware hashes for existing Windows 10 devices. For more information, see [Gather information from Configuration Manager for Windows Autopilot](https://docs.microsoft.com/configmgr/comanage/how-to-prepare-win10#windows-autopilot). You can extract the hash information from Configuration Manager into a CSV file.
|
||||||
|
|
||||||
> [!Note]
|
> [!Note]
|
||||||
> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
|
> Before uploading the CSV file on Intune, please make sure that the first row contains the device serial number, Windows product ID, hardware hash, group tag, and assigned user. If there is header information on the top of CSV file, please delete that header information. See details at [Enroll Windows devices in Intune](https://docs.microsoft.com/intune/enrollment/enrollment-autopilot).
|
||||||
|
|||||||
@ -111,8 +111,8 @@ A [glossary](#glossary) of abbreviations used in this article is provided at the
|
|||||||
| --- | --- |
|
| --- | --- |
|
||||||
| Must we use Intune for our MDM? | No, any MDM will work with Autopilot, but others probably won’t have the same full suite of Windows Autopilot features as Intune. You’ll get the best experience from Intune. |
|
| Must we use Intune for our MDM? | No, any MDM will work with Autopilot, but others probably won’t have the same full suite of Windows Autopilot features as Intune. You’ll get the best experience from Intune. |
|
||||||
| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. |
|
| Can Intune support Win32 app preinstalls? | Yes. Starting with the Windows 10 October Update (version 1809), Intune supports Win32 apps using .msi (and .msix) wrappers. |
|
||||||
| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like System Center Configuration Manager (SCCM). You only need to use SCCM if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + SCCM, you do it by including an SCCM agent in your Intune profile. When that profile is pushed to the device, the device will see the SCCM agent and go out to SCCM to pull down any additional profile settings. |
|
| What is co-management? | Co-management is when you use a combination of a cloud MDM tool (Intune) and an on-premises configuration tool like Microsoft Endpoint Configuration Manager. You only need to use the Configuration Manager if Intune can’t support what you want to do with your profile. If you choose to co-manage using Intune + Configuration Manager, you do it by including a Configuration Manager agent in your Intune profile. When that profile is pushed to the device, the device will see the Configuration Manager agent and go out to the Configuration Manager to pull down any additional profile settings. |
|
||||||
| Must we use SCCM for Windows Autopilot | No. Co-management (described above) is optional. |
|
| Must we use Microsoft Endpoint Configuration Manager for Windows Autopilot | No. Co-management (described above) is optional. |
|
||||||
|
|
||||||
|
|
||||||
## Features
|
## Features
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 deployment process posters
|
title: Windows 10 deployment process posters
|
||||||
description: View and download Windows 10 deployment process flows for System Center Configuration Manager and Windows Autopilot.
|
description: View and download Windows 10 deployment process flows for Microsoft Endpoint Configuration Manager and Windows Autopilot.
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.audience: itpro
|
ms.audience: itpro
|
||||||
@ -24,4 +24,4 @@ Windows Autopilot deployment processes are summarized in the poster below. The p
|
|||||||
|
|
||||||
[](../media/Windows10AutopilotFlowchart.pdf)
|
[](../media/Windows10AutopilotFlowchart.pdf)
|
||||||
|
|
||||||
**Note**: The Windows Autopilot for existing devices process is included in the [System Center Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-system-center-configuration-manager).
|
**Note**: The Windows Autopilot for existing devices process is included in the [Microsoft Endpoint Configuration Manager deployment poster](../windows-10-deployment-posters.md#deploy-windows-10-with-microsoft-endpoint-configuration-manager).
|
||||||
@ -29,12 +29,12 @@ This topic describes how to convert Windows 7 or Windows 8.1 domain-joined compu
|
|||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
- System Center Configuration Manager Current Branch (1806) OR System Center Configuration Manager Technical Preview (1808)
|
- A currently supported version of Microsoft Endpoint Configuration Manager current branch or technical preview branch.
|
||||||
- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
|
- The [Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) 1803 or later
|
||||||
- Note: Config Mgr 1806 or later is required to [support](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10#windows-10-adk) the Windows ADK 1809.
|
- For more information on Configuration Manager support, see [Support for Windows 10 ADK](https://docs.microsoft.com/configmgr/core/plan-design/configs/support-for-windows-10#windows-10-adk).
|
||||||
- Assigned Microsoft Intune Licenses
|
- Assigned Microsoft Intune Licenses
|
||||||
- Azure Active Directory Premium
|
- Azure Active Directory Premium
|
||||||
- Windows 10 version 1809 or later imported into Config Mgr as an Operating System Image
|
- Windows 10 version 1809 or later imported into Configuration Manager as an Operating System Image
|
||||||
- **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Manager’s built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903.
|
- **Important**: See [Known issues](known-issues.md) if you are using Windows 10 1903 with Configuration Manager’s built-in **Windows Autopilot existing device** task sequence template. Currently, one of the steps in this task sequence must be edited to work properly with Windows 10, version 1903.
|
||||||
|
|
||||||
## Procedures
|
## Procedures
|
||||||
@ -47,7 +47,7 @@ To enable and configure the enrollment and status page:
|
|||||||
|
|
||||||
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
|
1. Open [Intune in the Azure portal](https://aka.ms/intuneportal).
|
||||||
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
|
2. Access **Intune > Device enrollment > Windows enrollment** and [Set up an enrollment status page](https://docs.microsoft.com/intune/windows-enrollment-status).
|
||||||
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/sccm/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
|
3. Access **Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune** and [Configure automatic MDM enrollment](https://docs.microsoft.com/configmgr/mdm/deploy-use/enroll-hybrid-windows#enable-windows-10-automatic-enrollment) and configure the MDM user scope for some or all users.
|
||||||
|
|
||||||
See the following examples.
|
See the following examples.
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ See the following examples.
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
After saving the file, move the file to a location suitable as an SCCM package source.
|
After saving the file, move the file to a location suitable as a Microsoft Endpoint Configuration Manager package source.
|
||||||
|
|
||||||
>[!IMPORTANT]
|
>[!IMPORTANT]
|
||||||
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. <br><br>**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.<br>
|
>Multiple JSON profile files can be used, but each must be named **AutopilotConfigurationFile.json** in order for OOBE to follow the Autopilot experience. The file also must be encoded as ANSI. <br><br>**Saving the file with Unicode or UTF-8 encoding or saving it with a different file name will cause Windows 10 OOBE to not follow the Autopilot experience**.<br>
|
||||||
@ -156,7 +156,7 @@ See the following examples.
|
|||||||
- <u>Program Type</u>: **Do not create a program**
|
- <u>Program Type</u>: **Do not create a program**
|
||||||
4. Click **Next** twice and then click **Close**.
|
4. Click **Next** twice and then click **Close**.
|
||||||
|
|
||||||
**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Config Mgr package.
|
**NOTE**: If you change user-driven Autopilot profile settings in Intune at a later date, you must also update the JSON file and redistribute the associated Configuration Manager package.
|
||||||
|
|
||||||
### Create a target collection
|
### Create a target collection
|
||||||
|
|
||||||
|
|||||||
@ -31,7 +31,7 @@ Windows Autopilot is designed to simplify all parts of the lifecycle of Windows
|
|||||||
|
|
||||||
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
|
When initially deploying new Windows devices, Windows Autopilot leverages the OEM-optimized version of Windows 10 that is preinstalled on the device, saving organizations the effort of having to maintain custom images and drivers for every model of device being used. Instead of re-imaging the device, your existing Windows 10 installation can be transformed into a “business-ready” state, applying settings and policies, installing apps, and even changing the edition of Windows 10 being used (e.g. from Windows 10 Pro to Windows 10 Enterprise) to support advanced features.
|
||||||
|
|
||||||
Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, System Center Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
|
Once deployed, Windows 10 devices can be managed by tools such as Microsoft Intune, Windows Update for Business, Microsoft Endpoint Configuration Manager, and other similar tools. Windows Autopilot can also be used to re-purpose a device by leveraging Windows Autopilot Reset to quickly prepare a device for a new user, or in break/fix scenarios to enable a device to quickly be brought back to a business-ready state.
|
||||||
|
|
||||||
Windows Autopilot enables you to:
|
Windows Autopilot enables you to:
|
||||||
* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
|
* Automatically join devices to Azure Active Directory (Azure AD) or Active Directory (via Hybrid Azure AD Join). See [Introduction to device management in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/device-management-introduction) for more information about the differences between these two join options.
|
||||||
|
|||||||
@ -1321,9 +1321,9 @@ The following fields are available:
|
|||||||
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
|
- **IsEDPEnabled** Represents if Enterprise data protected on the device.
|
||||||
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
|
- **IsMDMEnrolled** Whether the device has been MDM Enrolled or not.
|
||||||
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
|
- **MPNId** Returns the Partner ID/MPN ID from Regkey. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\DeployID
|
||||||
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise System Center Configuration Manager (SCCM) environment.
|
- **SCCMClientId** This ID correlate systems that send data to Compat Analytics (OMS) and other OMS based systems with systems in an Enterprise Microsoft Endpoint Configuration Manager environment.
|
||||||
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
|
- **ServerFeatures** Represents the features installed on a Windows Server. This can be used by developers and administrators who need to automate the process of determining the features installed on a set of server computers.
|
||||||
- **SystemCenterID** The SCCM ID is an anonymized one-way hash of the Active Directory Organization identifier.
|
- **SystemCenterID** The Microsoft Endpoint Configuration Manager ID is an anonymized one-way hash of the Active Directory Organization identifier.
|
||||||
|
|
||||||
|
|
||||||
### Census.Firmware
|
### Census.Firmware
|
||||||
@ -3129,7 +3129,7 @@ The following fields are available:
|
|||||||
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
||||||
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
||||||
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
||||||
- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
|
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
|
||||||
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
||||||
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
||||||
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
||||||
@ -4528,7 +4528,7 @@ The following fields are available:
|
|||||||
- **DeviceIsMdmManaged** This device is MDM managed.
|
- **DeviceIsMdmManaged** This device is MDM managed.
|
||||||
- **IsNetworkAvailable** If the device network is not available.
|
- **IsNetworkAvailable** If the device network is not available.
|
||||||
- **IsNetworkMetered** If network is metered.
|
- **IsNetworkMetered** If network is metered.
|
||||||
- **IsSccmManaged** This device is SCCM managed.
|
- **IsSccmManaged** This device is managed by Microsoft Endpoint Configuration Manager.
|
||||||
- **NewlyInstalledOs** OS is newly installed quiet period.
|
- **NewlyInstalledOs** OS is newly installed quiet period.
|
||||||
- **PausedByPolicy** Updates are paused by policy.
|
- **PausedByPolicy** Updates are paused by policy.
|
||||||
- **RecoveredFromRS3** Previously recovered from RS3.
|
- **RecoveredFromRS3** Previously recovered from RS3.
|
||||||
|
|||||||
@ -3276,7 +3276,7 @@ The following fields are available:
|
|||||||
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
||||||
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
||||||
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
||||||
- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
|
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
|
||||||
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
||||||
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
||||||
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
||||||
|
|||||||
@ -4604,7 +4604,7 @@ The following fields are available:
|
|||||||
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
- **RemediationNoisyHammerUserLoggedInAdmin** TRUE if there is the user currently logged in is an Admin.
|
||||||
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
- **RemediationShellDeviceManaged** TRUE if the device is WSUS managed or Windows Updated disabled.
|
||||||
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
||||||
- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
|
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
|
||||||
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
- **RemediationShellDeviceZeroExhaust** TRUE if the device has opted out of Windows Updates completely.
|
||||||
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
- **RemediationTargetMachine** Indicates whether the device is a target of the specified fix.
|
||||||
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
- **RemediationTaskHealthAutochkProxy** True/False based on the health of the AutochkProxy task.
|
||||||
|
|||||||
@ -2994,7 +2994,7 @@ The following fields are available:
|
|||||||
- **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network.
|
- **IsDeviceNetworkMetered** Indicates whether the device is connected to a metered network.
|
||||||
- **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device.
|
- **IsDeviceOobeBlocked** Indicates whether user approval is required to install updates on the device.
|
||||||
- **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device.
|
- **IsDeviceRequireUpdateApproval** Indicates whether user approval is required to install updates on the device.
|
||||||
- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft SCCM (System Center Configuration Manager) to keep the operating system and applications up to date.
|
- **IsDeviceSccmManaged** Indicates whether the device is running the Microsoft Endpoint Configuration Manager client to keep the operating system and applications up to date.
|
||||||
- **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated.
|
- **IsDeviceUninstallActive** Indicates whether the OS (operating system) on the device was recently updated.
|
||||||
- **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications.
|
- **IsDeviceUpdateNotificationLevel** Indicates whether the device has a set policy to control update notifications.
|
||||||
- **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services).
|
- **IsDeviceUpdateServiceManaged** Indicates whether the device uses WSUS (Windows Server Update Services).
|
||||||
@ -5410,7 +5410,7 @@ The following fields are available:
|
|||||||
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
- **RemediationShellDeviceNewOS** TRUE if the device has a recently installed OS.
|
||||||
- **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected.
|
- **RemediationShellDeviceProSku** Indicates whether a Windows 10 Professional edition is detected.
|
||||||
- **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device.
|
- **RemediationShellDeviceQualityUpdatesPaused** Indicates whether Quality Updates are paused on the device.
|
||||||
- **RemediationShellDeviceSccm** TRUE if the device is managed by SCCM (Microsoft System Center Configuration Manager).
|
- **RemediationShellDeviceSccm** TRUE if the device is managed by Microsoft Endpoint Configuration Manager.
|
||||||
- **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
|
- **RemediationShellDeviceSedimentMutexInUse** Indicates whether the Sediment Pack mutual exclusion object (mutex) is in use.
|
||||||
- **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress.
|
- **RemediationShellDeviceSetupMutexInUse** Indicates whether device setup is in progress.
|
||||||
- **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry.
|
- **RemediationShellDeviceWuRegistryBlocked** Indicates whether the Windows Update is blocked on the device via the registry.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user