deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-29 01:03:36 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

edits

Browse Source
This commit is contained in:
Jan Backstrom
2016-06-27 11:04:41 -07:00
parent 212c5a35ee
commit d81b94f5b0
1 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
devices/surface/surface-enterprise-management-mode.md
View File

@ -1,7 +1,7 @@
--- ---
title: Surface Enterprise Management Mode (Surface) title: Surface Enterprise Management Mode (Surface)
description: See how this feature of Surface devices with Surface UEFI helps you secure and manage firmware settings within your organization. description: See how this feature of Surface devices with Surface UEFI helps you secure and manage firmware settings within your organization.
keywords: uefi, configure, firmware, secure keywords: uefi, configure, firmware, secure, semm
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: manage ms.mktglfcycl: manage
ms.pagetype: surface, devices, security ms.pagetype: surface, devices, security
@ -34,7 +34,7 @@ You can use the Microsoft Surface UEFI Configurator tool in three modes:
* [Surface UEFI Recovery Request](#recovery-request). Use this mode to respond to a recovery request to unenroll a Surface device from SEMM where a Reset Package operation is not successful. * [Surface UEFI Recovery Request](#recovery-request). Use this mode to respond to a recovery request to unenroll a Surface device from SEMM where a Reset Package operation is not successful.
### Download Microsoft Surface UEFI Configurator #### Download Microsoft Surface UEFI Configurator
You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703) page in the Microsoft Download Center. You can download Microsoft Surface UEFI Configurator from the [Surface Tools for IT](https://www.microsoft.com/en-us/download/details.aspx?id=46703) page in the Microsoft Download Center.
@ -130,10 +130,10 @@ Packages created with the Microsoft Surface UEFI Configurator tool are signed wi
* **Expiration Date** 15 Months from certificate creation * **Expiration Date** 15 Months from certificate creation
* **Key Export Policy** Exportable * **Key Export Policy** Exportable
It is also recommended that the SEMM certificate be authenticated in a two-tier public key infrastructure (PKI) architecture where the intermediate certification authority (CA) is dedicated to SEMM, enabling certificate revocation. For more information about a two tier PKI configuration, see [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348). It is also recommended that the SEMM certificate be authenticated in a two-tier public key infrastructure (PKI) architecture where the intermediate certification authority (CA) is dedicated to SEMM, enabling certificate revocation. For more information about a two-tier PKI configuration, see [Test Lab Guide: Deploying an AD CS Two-Tier PKI Hierarchy](https://technet.microsoft.com/library/hh831348).
>**Note**:  You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios. >**Note**:  You can use the following PowerShell script to create a self-signed certificate for use in proof-of-concept scenarios.
To use this script, copy the text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`. To use the following script, copy the text into Notepad and save the file as a PowerShell script (.ps1). This script creates a certificate with a password of `12345678`.
The certificate generated by this script is not recommended for production environments. The certificate generated by this script is not recommended for production environments.
``` ```