diff --git a/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md index 4f1cf1dfd9..06392494c0 100644 --- a/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md +++ b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md @@ -77,7 +77,7 @@ It's possible that you might revoke data from an unenrolled device only to later 1. Have your employee sign in to the unenrolled device, open a command prompt, and type: - `Robocopy “%localappdata%\Microsoft\WIP\Recovery” <“new_location”> /EFSRAW` + `Robocopy “%localappdata%\Microsoft\EDP\Recovery” <“new_location”> /EFSRAW` Where *<”new_location”>* is in a different directory. This can be on the employee’s device or on a Windows 8 or Windows Server 2012 or newer server file share that can be accessed while you're logged in as a data recovery agent. @@ -87,7 +87,7 @@ It's possible that you might revoke data from an unenrolled device only to later 3. Have your employee sign in to the unenrolled device, and type: - `Robocopy <”new_location”> “%localappdata%\Microsoft\WIP\Recovery\Input”` + `Robocopy <”new_location”> “%localappdata%\Microsoft\EDP\Recovery\Input”` 4. Ask the employee to lock and unlock the device. diff --git a/windows/manage/set-up-shared-or-guest-pc.md b/windows/manage/set-up-shared-or-guest-pc.md index 047004f0c0..f641f80569 100644 --- a/windows/manage/set-up-shared-or-guest-pc.md +++ b/windows/manage/set-up-shared-or-guest-pc.md @@ -100,6 +100,7 @@ Use the Windows ICD tool included in the Windows Assessment and Deployment Kit ( 11. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing. - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen. - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package. + > [!IMPORTANT]   > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.