deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/microsoftdocs/windows-itpro-docs

Browse Source
This commit is contained in:
Liza Poggemeyer
2018-11-30 10:19:08 -08:00
parent 797915c4cf 9de33a28be
commit d5be1076cb
5 changed files with 167 additions and 158 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
devices/surface/surface-diagnostic-toolkit-business.md
View File

@ -32,8 +32,8 @@ To run SDT for Business, download the components listed in the following table.
Mode | Primary scenarios | Download | Learn more Mode | Primary scenarios | Download | Learn more
--- | --- | --- | --- --- | --- | --- | ---
Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package<br>Microsoft Surface Diagnostic Toolkit for Business Installer.MSI<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md) Desktop mode | Assist users in running SDT on their Surface devices to troubleshoot issues.<br>Create a custom package to deploy on one or more Surface devices allowing users to select specific logs to collect and analyze. | SDT distributable MSI package:<br>Microsoft Surface Diagnostic Toolkit for Business Installer<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Use Surface Diagnostic Toolkit in desktop mode](surface-diagnostic-toolkit-desktop-mode.md)
Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app<br>Microsoft Surface Diagnostics App Console.exe<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md) Command line | Directly troubleshoot Surface devices remotely without user interaction, using standard tools such as Configuration Manager. It includes the following commands:<br>`-DataCollector` collects all log files<br>`-bpa` runs health diagnostics using Best Practice Analyzer.<br>`-windowsupdate` checks Windows update for missing firmware or driver updates.<br><br>**Note:** Support for the ability to confirm warranty information will be available via the command `-warranty` | SDT console app:<br>Microsoft Surface Diagnostics App Console<br>[Surface Tools for IT](https://www.microsoft.com/download/details.aspx?id=46703) | [Run Surface Diagnostic Toolkit using commands](surface-diagnostic-toolkit-command-line.md)
## Supported devices ## Supported devices

9
devices/surface/surface-diagnostic-toolkit-command-line.md
View File

@ -25,13 +25,18 @@ Download and install SDT app console from the [Surface Tools for IT download pag
- Run health diagnostics using Best Practice Analyzer. - Run health diagnostics using Best Practice Analyzer.
- Check update for missing firmware or driver updates. - Check update for missing firmware or driver updates.
By default, output files are saved to C:\Administrator\user. Refer to the following table for a complete list of commands. >[!NOTE]
>In this release, the SDT app console supports single commands only. Running multiple command line options requires running the console exe separately for each command.
By default, output files are saved in the same location as the console app. Refer to the following table for a complete list of commands.
Command | Notes Command | Notes
--- | --- --- | ---
-DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip` -DataCollector "output file" | Collects system details into a zip file. "output file" is the file path to create system details zip file.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -DataCollector SDT_DataCollection.zip`
-bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html` -bpa "output file" | Checks several settings and health indicators in the device. “output file" is the file path to create the HTML report.<br><br>**Example**:<br>`Microsoft.Surface.Diagnostics.App.Console.exe -bpa BPA.html`
-windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.<br><br>**Example**:<br>Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate -windowsupdate | Checks Windows Update online servers for missing firmware and/or driver updates.<br><br>**Example**:<br>Microsoft.Surface.Diagnostics.App.Console.exe -windowsupdate
-warranty "output file" | Checks warranty information on the device (valid or invalid). The optional “output file” is the file path to create the xml file. <br><br>**Example**: <br>Microsoft.Surface.Diagnostics.App.Console.exe warranty “warranty.xml”
>[!NOTE] >[!NOTE]
>To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organizations software distribution processes. >To run the SDT app console remotely on target devices, you can use a configuration management tool such as System Center Configuration Manager. Alternatively, you can create a .zip file containing the console app and appropriate console commands and deploy per your organizations software distribution processes.
@ -140,4 +145,4 @@ You can run BPA tests across key components such as BitLocker, Secure Boot, and
<tr><td><strong>Value:</strong></td><td></td></tr> <tr><td><strong>Value:</strong></td><td></td></tr>
<tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr> <tr><td><strong>Condition:</strong></td><td><font color="00ff00">Optimal</font></td></tr>
<tr><td><strong>Guidance:</strong></td><td>Check with the original equipment manufacturer for compatibility with your Surface device.</td></tr> <tr><td><strong>Guidance:</strong></td><td>Check with the original equipment manufacturer for compatibility with your Surface device.</td></tr>
</table> </table>

2
mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
View File

@ -43,7 +43,7 @@ Because settings packages might contain personal information, you should take ca
| User account | Recommended permissions | Folder | | User account | Recommended permissions | Folder |
| - | - | - | | - | - | - |
| Creator/Owner | No permissions | No permissions | | Creator/Owner | Full control | Subfolders and files only|
| Domain Admins | Full control | This folder, subfolders, and files | | Domain Admins | Full control | This folder, subfolders, and files |
| Security group of UE-V users | List folder/read data, create folders/append data | This folder only | | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
| Everyone | Remove all permissions | No permissions | | Everyone | Remove all permissions | No permissions |

308
windows/client-management/data-collection-for-802-authentication.md
View File

@ -25,19 +25,19 @@ Use the following steps to collect wireless and wired logs on Windows and Window
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg,wireless\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_cli.etl netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
``` ```
**Wireless Windows 7 and Windows 8:** **Wireless Windows 7 and Windows 8:**
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_cli.etl netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
``` ```
**Wired client, regardless of version** **Wired client, regardless of version**
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wired\_cli.etl netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_cli.etl
``` ```
3. Run the following command to enable CAPI2 logging: 3. Run the following command to enable CAPI2 logging:
@ -54,21 +54,21 @@ Use the following steps to collect wireless and wired logs on Windows and Window
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg,wireless\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_nps.etl netsh trace start scenario=wlan,wlan_wpp,wlan_dbg,wireless_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
``` ```
**Windows Server 2008 R2, Windows Server 2012 wireless network** **Windows Server 2008 R2, Windows Server 2012 wireless network**
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=wlan,wlan\_wpp,wlan\_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wireless\_nps.etl netsh trace start scenario=wlan,wlan_wpp,wlan_dbg globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wireless_nps.etl
``` ```
**Wired network** **Wired network**
``` ```
netsh ras set tracing * enabled netsh ras set tracing * enabled
netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%\_wired\_nps.etl netsh trace start scenario=lan globallevel=0xff capture=yes maxsize=1024 tracefile=C:\MSLOG\%COMPUTERNAME%_wired_nps.etl
``` ```
6. Run the following command to enable CAPI2 logging: 6. Run the following command to enable CAPI2 logging:
@ -82,7 +82,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
> When the mouse button is clicked, the cursor will blink in red while capturing a screen image. > When the mouse button is clicked, the cursor will blink in red while capturing a screen image.
``` ```
psr /start /output c:\MSLOG\%computername%\_psr.zip /maxsc 100 psr /start /output c:\MSLOG\%computername%_psr.zip /maxsc 100
``` ```
8. Repro the issue. 8. Repro the issue.
9. Run the following command on the client PC to stop the PSR capturing: 9. Run the following command on the client PC to stop the PSR capturing:
@ -103,7 +103,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
``` ```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\CAPI2\_%COMPUTERNAME%.evtx wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
``` ```
11. Run the following commands on the client PC. 11. Run the following commands on the client PC.
@ -116,14 +116,14 @@ Use the following steps to collect wireless and wired logs on Windows and Window
- To disable and copy the CAPI2 log: - To disable and copy the CAPI2 log:
``` ```
wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false wevtutil.exe sl Microsoft-Windows-CAPI2/Operational /e:false
wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\CAPI2\_%COMPUTERNAME%.evtx wevtutil.exe epl Microsoft-Windows-CAPI2/Operational C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
``` ```
12. Save the following logs on the client and the NPS: 12. Save the following logs on the client and the NPS:
**Client** **Client**
- C:\MSLOG\%computername%_psr.zip - C:\MSLOG\%computername%_psr.zip
- C:\MSLOG\CAPI2_%COMPUTERNAME%.evtx - C:\MSLOG\%COMPUTERNAME%_CAPI2.evtx
- C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl - C:\MSLOG\%COMPUTERNAME%_wireless_cli.etl
- C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab - C:\MSLOG\%COMPUTERNAME%_wireless_cli.cab
- All log files and folders in %Systemroot%\Tracing - All log files and folders in %Systemroot%\Tracing
@ -144,75 +144,77 @@ Use the following steps to collect wireless and wired logs on Windows and Window
- Environmental information and Group Policies application status - Environmental information and Group Policies application status
``` ```
gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.htm gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.htm
msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
``` ```
- Event logs - Event logs
``` ```
wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx wevtutil epl Microsoft-Windows-GroupPolicy/Operational C:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%\_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx wevtutil epl "Microsoft-Windows-WLAN-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-WLAN-AutoConfig-Operational.evtx
wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%\_Microsoft-Windows-Wired-AutoConfig-Operational.evtx wevtutil epl "Microsoft-Windows-Wired-AutoConfig/Operational" c:\MSLOG\%COMPUTERNAME%_Microsoft-Windows-Wired-AutoConfig-Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
``` ```
- For Windows 8 and later, also run these commands for event logs: - For Windows 8 and later, also run these commands for event logs:
``` ```
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
``` ```
- Certificates Store information: - Certificates Store information:
``` ```
certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
``` ```
- Wireless LAN client information: - Wireless LAN client information:
``` ```
netsh wlan show all > c:\MSLOG\%COMPUTERNAME%\_wlan\_show\_all.txt netsh wlan show all > c:\MSLOG\%COMPUTERNAME%_wlan_show_all.txt
netsh wlan export profile folder=c:\MSLOG\ netsh wlan export profile folder=c:\MSLOG\
``` ```
- Wired LAN Client information - Wired LAN Client information
``` ```
netsh lan show all > c:\MSLOG\%COMPUTERNAME%\_lan\_show\_all.txt netsh lan show interfaces > c:\MSLOG\%computername%_lan_interfaces.txt
netsh lan show profiles > c:\MSLOG\%computername%_lan_profiles.txt
netsh lan show settings > c:\MSLOG\%computername%_lan_settings.txt
netsh lan export profile folder=c:\MSLOG\ netsh lan export profile folder=c:\MSLOG\
``` ```
4. Save the logs stored in C:\MSLOG. 4. Save the logs stored in C:\MSLOG.
@ -225,68 +227,68 @@ Use the following steps to collect wireless and wired logs on Windows and Window
- Environmental information and Group Policies application status: - Environmental information and Group Policies application status:
``` ```
gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.txt gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
``` ```
- Event logs: - Event logs:
``` ```
wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
``` ```
- Run the following 3 commands on Windows Server 2012 and later: - Run the following 3 commands on Windows Server 2012 and later:
``` ```
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
``` ```
- Certificates store information - Certificates store information
``` ```
certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
``` ```
- NPS configuration information: - NPS configuration information:
``` ```
netsh nps show config > C:\MSLOG\%COMPUTERNAME%\_nps\_show\_config.txt netsh nps show config > C:\MSLOG\%COMPUTERNAME%_nps_show_config.txt
netsh nps export filename=C:\MSLOG\%COMPUTERNAME%\_nps\_export.xml exportPSK=YES netsh nps export filename=C:\MSLOG\%COMPUTERNAME%_nps_export.xml exportPSK=YES
``` ```
3. Take the following steps to save an NPS accounting log. 3. Take the following steps to save an NPS accounting log.
1. Open **Administrative tools > Network Policy Server**. 1. Open **Administrative tools > Network Policy Server**.
@ -304,70 +306,70 @@ Use the following steps to collect wireless and wired logs on Windows and Window
- Environmental information and Group Policies application status - Environmental information and Group Policies application status
``` ```
gpresult /H C:\MSLOG\%COMPUTERNAME%\_gpresult.txt gpresult /H C:\MSLOG\%COMPUTERNAME%_gpresult.txt
msinfo32 /report c:\MSLOG\%COMPUTERNAME%\_msinfo32.txt msinfo32 /report c:\MSLOG\%COMPUTERNAME%_msinfo32.txt
ipconfig /all > c:\MSLOG\%COMPUTERNAME%\_ipconfig.txt ipconfig /all > c:\MSLOG\%COMPUTERNAME%_ipconfig.txt
route print > c:\MSLOG\%COMPUTERNAME%\_route\_print.txt route print > c:\MSLOG\%COMPUTERNAME%_route_print.txt
``` ```
- Event logs - Event logs
``` ```
wevtutil epl Application c:\MSLOG\%COMPUTERNAME%\_Application.evtx wevtutil epl Application c:\MSLOG\%COMPUTERNAME%_Application.evtx
wevtutil epl System c:\MSLOG\%COMPUTERNAME%\_System.evtx wevtutil epl System c:\MSLOG\%COMPUTERNAME%_System.evtx
wevtutil epl Security c:\MSLOG\%COMPUTERNAME%\_Security.evtx wevtutil epl Security c:\MSLOG\%COMPUTERNAME%_Security.evtx
wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%\_GroupPolicy\_Operational.evtx wevtutil epl Microsoft-Windows-GroupPolicy/Operational c:\MSLOG\%COMPUTERNAME%_GroupPolicy_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-CredentialRoaming\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-CredentialRoaming_Operational.evtx
wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%\_CertPoleEng\_Operational.evtx wevtutil epl Microsoft-Windows-CertPoleEng/Operational c:\MSLOG\%COMPUTERNAME%_CertPoleEng_Operational.evtx
``` ```
- Run the following 3 lines on Windows 2012 and up - Run the following 3 lines on Windows 2012 and up
``` ```
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-System\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-System/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-System_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServicesClient-Lifecycle-User\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServicesClient-Lifecycle-User/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServicesClient-Lifecycle-User_Operational.evtx
wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%\_CertificateServices-Deployment\_Operational.evtx wevtutil epl Microsoft-Windows-CertificateServices-Deployment/Operational c:\MSLOG\%COMPUTERNAME%_CertificateServices-Deployment_Operational.evtx
``` ```
- Certificates store information - Certificates store information
``` ```
certutil.exe -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-Personal-Registry.txt certutil -v -silent -store MY > c:\MSLOG\%COMPUTERNAME%_cert-Personal-Registry.txt
certutil.exe -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-Registry.txt certutil -v -silent -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-TrustedRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy ROOT > c:\MSLOG\%COMPUTERNAME%_cert-TrustedRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_TrustedRootCA-Enterprise.txt certutil -v -silent -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Reg.txt certutil -v -silent -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Reg.txt
certutil.exe -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-EnterpriseTrust-Enterprise.txt certutil -v -silent -store -enterprise TRUST > c:\MSLOG\%COMPUTERNAME%_cert-EnterpriseTrust-Enterprise.txt
certutil.exe -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-Registry.txt certutil -v -silent -store CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-IntermediateCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%\_cert-Intermediate-Enterprise.txt certutil -v -silent -store -enterprise CA > c:\MSLOG\%COMPUTERNAME%_cert-Intermediate-Enterprise.txt
certutil.exe -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Registry.txt certutil -v -silent -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-3rdPartyRootCA-Enterprise.txt certutil -v -silent -store -enterprise AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-3rdPartyRootCA-Enterprise.txt
certutil.exe -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Registry.txt certutil -v -silent -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Registry.txt
certutil.exe -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-GroupPolicy.txt certutil -v -silent -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-SmartCardRoot-Enterprise.txt certutil -v -silent -store -enterprise SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-SmartCardRoot-Enterprise.txt
certutil.exe -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%\_cert-NtAuth-Enterprise.txt certutil -v -silent -store -enterprise NTAUTH > c:\MSLOG\%COMPUTERNAME%_cert-NtAuth-Enterprise.txt
certutil.exe -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%\_cert-User-Personal-Registry.txt certutil -v -silent -user -store MY > c:\MSLOG\%COMPUTERNAME%_cert-User-Personal-Registry.txt
certutil.exe -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Registry.txt certutil -v -silent -user -store ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Registry.txt
certutil.exe -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%\_cert-User-TrustedRootCA-Enterprise.txt certutil -v -silent -user -store -enterprise ROOT > c:\MSLOG\%COMPUTERNAME%_cert-User-TrustedRootCA-Enterprise.txt
certutil.exe -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-Registry.txt certutil -v -silent -user -store TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%\_cert-User-EnterpriseTrust-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy TRUST > c:\MSLOG\%COMPUTERNAME%_cert-User-EnterpriseTrust-GroupPolicy.txt
certutil.exe -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-Registry.txt certutil -v -silent -user -store CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%\_cert-User-IntermediateCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy CA > c:\MSLOG\%COMPUTERNAME%_cert-User-IntermediateCA-GroupPolicy.txt
certutil.exe -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-Registry.txt certutil -v -silent -user -store Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%\_cert-User-UntrustedCertificates-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy Disallowed > c:\MSLOG\%COMPUTERNAME%_cert-User-UntrustedCertificates-GroupPolicy.txt
certutil.exe -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-Registry.txt certutil -v -silent -user -store AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-3rdPartyRootCA-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy AuthRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-3rdPartyRootCA-GroupPolicy.txt
certutil.exe -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-Registry.txt certutil -v -silent -user -store SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-Registry.txt
certutil.exe -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%\_cert-User-SmartCardRoot-GroupPolicy.txt certutil -v -silent -user -store -grouppolicy SmartCardRoot > c:\MSLOG\%COMPUTERNAME%_cert-User-SmartCardRoot-GroupPolicy.txt
certutil.exe -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%\_cert-User-UserDS.txt certutil -v -silent -user -store UserDS > c:\MSLOG\%COMPUTERNAME%_cert-User-UserDS.txt
``` ```
- CA configuration information - CA configuration information
``` ```
reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%\_CertSvc.hiv reg save HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.hiv
reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%\_CertSvc.txt reg export HKLM\System\CurrentControlSet\Services\CertSvc c:\MSLOG\%COMPUTERNAME%_CertSvc.txt
reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%\_Cryptography.hiv reg save HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.hiv
reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%\_Cryptography.tx reg export HKLM\SOFTWARE\Microsoft\Cryptography c:\MSLOG\%COMPUTERNAME%_Cryptography.tx
``` ```
3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf 3. Copy the following files, if exist, to C:\MSLOG: %windir%\CAPolicy.inf
4. Log on to a domain controller and create C:\MSLOG to store captured logs. 4. Log on to a domain controller and create C:\MSLOG to store captured logs.
@ -376,7 +378,7 @@ Use the following steps to collect wireless and wired logs on Windows and Window
```powershell ```powershell
Import-Module ActiveDirectory Import-Module ActiveDirectory
Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter \* -Properties \* | fl \* > C:\MSLOG\Get-ADObject\_$Env:COMPUTERNAME.txt Get-ADObject -SearchBase ";CN=Public Key Services,CN=Services,CN=Configuration,DC=test,DC=local"; -Filter \* -Properties \* | fl \* > C:\MSLOG\Get-ADObject_$Env:COMPUTERNAME.txt
``` ```
7. Save the following logs. 7. Save the following logs.
- All files in C:\MSLOG on the CA - All files in C:\MSLOG on the CA

2
windows/deployment/update/windows-analytics-get-started.md
View File

@ -87,6 +87,8 @@ The compatibility update scans your devices and enables application usage tracki
| Windows 8.1 | [KB 2976978](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978>| | Windows 8.1 | [KB 2976978](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2976978>|
| Windows 7 SP1 | [KB2952664](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664>| | Windows 7 SP1 | [KB2952664](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues might be encountered when the latest Windows operating system is installed. <br>For more information about this update, see <https://support.microsoft.com/kb/2952664>|
We also recommend installing the latest [Windows Monthly Rollup](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=security%20monthly%20quality%20rollup) on Windows 7 and Windows 8.1 devices.
>[!IMPORTANT] >[!IMPORTANT]
>Restart devices after you install the compatibility updates for the first time. >Restart devices after you install the compatibility updates for the first time.