From cef66f33096e82044c76d8fa9704d55c903462f1 Mon Sep 17 00:00:00 2001 From: isbrahm <43386070+isbrahm@users.noreply.github.com> Date: Fri, 4 Sep 2020 16:07:18 -0700 Subject: [PATCH 1/4] Update AppLocker CSP warning Previously indicated reboots were only scheduled during OOBE, but this is not the case --- windows/client-management/mdm/applocker-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index cfe9b24bd5..8a15141c07 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -35,7 +35,7 @@ Defines restrictions for applications. > Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node. > [!NOTE] -> Deploying policies via the AppLocker CSP will force a reboot during OOBE. +> The AppLocker CSP will schedule a reboot when a policy is applied or a deletion occurs using the AppLocker/ApplicationLaunchRestrictions/Grouping/CodeIntegrity/Policy URI. Additional information: From 5dae5d6ce03add8fc6e0bcbed534f1280a8b0580 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Wed, 9 Sep 2020 15:56:16 -0700 Subject: [PATCH 2/4] pencil edit --- windows/client-management/mdm/applocker-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 8a15141c07..9904301173 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -484,7 +484,7 @@ The following list shows the apps that may be included in the inbox. -Colour profile +Color profile b08997ca-60ab-4dce-b088-f92e9c7994f3 From 49bc113e62cb120a2a7868c33c77e94755dba856 Mon Sep 17 00:00:00 2001 From: ManikaDhiman Date: Wed, 9 Sep 2020 16:06:03 -0700 Subject: [PATCH 3/4] Removed unsupported policy setting --- ...ew-in-windows-mdm-enrollment-management.md | 3 +- .../policy-configuration-service-provider.md | 3 - ...policy-csp-localpoliciessecurityoptions.md | 57 ------------------- 3 files changed, 1 insertion(+), 62 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index b311f49601..f11434185f 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -769,7 +769,6 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowLocalSystemToUseComputerIdentityForNTLM
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
    • -
  • LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
    • @@ -2001,6 +2000,7 @@ How do I turn if off? | The service can be stopped from the "Services" console o ### September 2020 |New or updated topic | Description| |--- | ---| +|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following policy setting from the documentation because it is not supported in Windows 10:
    LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
    | |[Policy CSP - Update](policy-csp-update.md)|Added the following policy setting:
    Update/SetProxyBehaviorForUpdateDetection
    | ### August 2020 @@ -3025,7 +3025,6 @@ How do I turn if off? | The service can be stopped from the "Services" console o
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
    • -
  • LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
    • diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5bb7f9d9c8..5df2632a15 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -2585,9 +2585,6 @@ The following diagram shows the Policy configuration service provider in tree fo
    LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
    -
    - LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon -
    LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
    diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md index 8920a8ba90..4e199c3f73 100644 --- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md +++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md @@ -132,9 +132,6 @@ manager: dansimp
    LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
    -
    - LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon -
    LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
    @@ -2902,60 +2899,6 @@ GP Info:
    - -**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon** - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Windows EditionSupported?
    Homecross mark
    Procheck mark3
    Businesscheck mark3
    Enterprisecheck mark3
    Educationcheck mark3
    - - -
    - - -Recovery console: Allow automatic administrative logon - -This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system. - -Default: This policy is not defined and automatic administrative logon is not allowed. - -Value type is integer. Supported operations are Add, Get, Replace, and Delete. - - - -Valid values: -- 0 - disabled -- 1 - enabled (allow automatic administrative logon) - - - - -
    - **LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn** From 9687ed84c330f191a951c6c861c0f449281b8cb6 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 10 Sep 2020 08:37:20 -0700 Subject: [PATCH 4/4] pencil edit --- windows/client-management/mdm/applocker-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 8a15141c07..9904301173 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -484,7 +484,7 @@ The following list shows the apps that may be included in the inbox. -Colour profile +Color profile b08997ca-60ab-4dce-b088-f92e9c7994f3