deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into sfb-11538469

Browse Source
This commit is contained in:
Trudy Hakala 2017-04-20 08:53:06 -07:00
commit d841dcc035
3883 changed files with 3651 additions and 3819 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.openpublishing.redirection.json
View File

@ -1,6 +1,11 @@
{ {
"redirections": [ "redirections": [
{ {
"source_path": "windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md",
"redirect_url": "/itpro/windows/keep-secure/create-wip-policy-using-intune",
"redirect_document_id": false
},
{
"source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md", "source_path": "windows/keep-secure/configure-windows-defender-in-windows-10.md",
"redirect_url": "/itpro/windows/keep-secure/deploy-manage-report-windows-defender-antivirus", "redirect_url": "/itpro/windows/keep-secure/deploy-manage-report-windows-defender-antivirus",
"redirect_document_id": true "redirect_document_id": true

28
CONTRIBUTING.md
View File

@ -1,12 +1,12 @@
# Contributing to Windows IT professional documentation # Editing Windows IT professional documentation
Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs. Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
This page covers the basic steps for contributing to our technical documentation. This page covers the basic steps for editing our technical documentation.
## Sign a CLA ## Sign a CLA
All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before contributing to any Microsoft repositories. All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
If you've already contributed to Microsoft repositories in the past, congratulations! If you've already edited within Microsoft repositories in the past, congratulations!
You've already completed this step. You've already completed this step.
## Editing topics ## Editing topics
@ -18,7 +18,7 @@ We've tried to make editing an existing, public file as simple as possible.
**To edit a topic** **To edit a topic**
1. Go to the page on TechNet that you want to update, and then click **Contribute**. 1. Go to the page on TechNet that you want to update, and then click **Edit**.
![GitHub Web, showing the Contribute link](images/contribute-link.png) ![GitHub Web, showing the Contribute link](images/contribute-link.png)
@ -61,13 +61,17 @@ We've tried to make editing an existing, public file as simple as possible.
The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places: The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
- [Windows 10](https://technet.microsoft.com/itpro/windows) - [Windows 10](https://docs.microsoft.com/windows/windows-10)
- [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer) - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
- [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge) - [Surface](https://docs.microsoft.com/surface)
- [Surface](https://technet.microsoft.com/itpro/surface) - [Surface Hub](https://docs.microsoft.com/surface-hub)
- [Surface Hub](https://technet.microsoft.com/itpro/surface-hub) - [HoloLens](https://docs.microsoft.com/hololens)
- [Windows 10 for Education](https://technet.microsoft.com/edu/windows) - [Microsoft Store](https://docs.microsoft.com/microsoft-store)
- [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) - [Windows 10 for Education](https://docs.microsoft.com/education/windows)
- [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
- [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
- [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)
## Making more substantial changes ## Making more substantial changes

5
browsers/edge/docfx.json
View File

@ -14,7 +14,10 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"ms.technology": "microsoft-edge",
"ms.topic": "article",
"ms.author": "lizross"
}, },
"externalReference": [ "externalReference": [
], ],

5
browsers/internet-explorer/docfx.json
View File

@ -14,7 +14,10 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"author": "lizross",
"ms.technology": "internet-explorer",
"ms.topic": "article"
}, },
"externalReference": [ "externalReference": [
], ],

1
browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
View File

@ -5,6 +5,7 @@ description: This topic lists new and updated topics in the Internet Explorer 11
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.prod: ie11 ms.prod: ie11
ms.sitesec: library ms.sitesec: library
author: eross-msft
--- ---

1
browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
View File

@ -1,6 +1,7 @@
--- ---
description: A full-sized view of how document modes are chosen in IE11. description: A full-sized view of how document modes are chosen in IE11.
title: Full-sized flowchart detailing how document modes are chosen in IE11 title: Full-sized flowchart detailing how document modes are chosen in IE11
author: eross-msft
--- ---
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br> Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br>

6
devices/hololens/docfx.json
View File

@ -27,7 +27,11 @@
], ],
"overwrite": [], "overwrite": [],
"externalReference": [], "externalReference": [],
"globalMetadata": {}, "globalMetadata": {
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker"
},
"fileMetadata": {}, "fileMetadata": {},
"template": [ "template": [
null null

8
devices/surface-hub/docfx.json
View File

@ -14,7 +14,13 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.mktglfcycl": "manage",
"author": "jdeckerms",
"ms.sitesec": "library",
"ms.author": "jdecker"
}, },
"externalReference": [ "externalReference": [
], ],

4
devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
View File

@ -4,6 +4,10 @@ description: Troubleshoot common problems, including setup issues, Exchange Acti
keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"] keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
author: TrudyHa author: TrudyHa
localizationpriority: medium localizationpriority: medium
ms.prod: w10
ms.mktglfcycl: support
ms.sitesec: library
ms.pagetype: surfacehub
--- ---
# Configure domain name for Skype for Business # Configure domain name for Skype for Business

5
devices/surface/docfx.json
View File

@ -14,7 +14,10 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"ms.technology": "windows",
"ms.topic": "article",
"ms.author": "jdecker"
}, },
"externalReference": [ "externalReference": [
], ],

5
education/docfx.json
View File

@ -14,7 +14,10 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"ms.author": "celested",
"audience": "windows-education",
"ms.topic": "article"
}, },
"externalReference": [ "externalReference": [
], ],

1
education/windows/edu-deployment-recommendations.md
View File

@ -6,6 +6,7 @@ ms.mktglfcycl: plan
ms.sitesec: library ms.sitesec: library
localizationpriority: high localizationpriority: high
author: CelesteDG author: CelesteDG
ms.prod: W10
--- ---
# Deployment recommendations for school IT administrators # Deployment recommendations for school IT administrators

BIN
images/contribute-link.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.8 KiB

After

Width:  |  Height:  |  Size: 4.1 KiB

BIN
images/preview-changes.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 6.0 KiB

2
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
View File

@ -85,7 +85,7 @@ Before you deploy Office by using App-V, review the following requirements.
<ul> <ul>
<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li> <li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
<li><p>In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li> <li><p>In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office).</p></li> <li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).</p></li>
</ul></td> </ul></td>
</tr> </tr>
<tr class="even"> <tr class="even">

2
mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
View File

@ -85,7 +85,7 @@ Before you deploy Office by using App-V, review the following requirements.
<ul> <ul>
<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li> <li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
<li><p>In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li> <li><p>In App-V 5.1 and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
<li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office).</p></li> <li><p>If you are deploying Microsoft Visio 2016 and Microsoft Project 2016 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#bkmk-deploy-visio-project).</p></li>
</ul></td> </ul></td>
</tr> </tr>
<tr class="even"> <tr class="even">

2
mdop/appv-v5/index.md
View File

@ -41,7 +41,7 @@ View updated product information and known issues for App-V 5.0.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Got a suggestion for App-V? ## Got a suggestion for App-V?

2
mdop/dart-v10/index.md
View File

@ -49,7 +49,7 @@ View updated product information and known issues for DaRT 10.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

4
mdop/dart-v65.md
View File

@ -2,6 +2,10 @@
title: Diagnostics and Recovery Toolset 6.5 title: Diagnostics and Recovery Toolset 6.5
description: Diagnostics and Recovery Toolset 6.5 description: Diagnostics and Recovery Toolset 6.5
author: jamiejdt author: jamiejdt
ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
--- ---
# Diagnostics and Recovery Toolset 6.5 # Diagnostics and Recovery Toolset 6.5

2
mdop/dart-v7/index.md
View File

@ -46,7 +46,7 @@ View updated product information and known issues for DaRT 7.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

2
mdop/dart-v8/index.md
View File

@ -53,7 +53,7 @@ View updated product information and known issues for DaRT 8.0.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

5
mdop/docfx.json
View File

@ -14,7 +14,10 @@
} }
], ],
"globalMetadata": { "globalMetadata": {
"ROBOTS": "INDEX, FOLLOW" "ROBOTS": "INDEX, FOLLOW",
"ms.technology": "mdop",
"ms.topic": "article",
"ms.author": "jamiet"
}, },
"externalReference": [ "externalReference": [
], ],

4
mdop/index.md
View File

@ -3,6 +3,10 @@ title: MDOP Information Experience
description: MDOP Information Experience description: MDOP Information Experience
ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52 ms.assetid: 12b8ab56-3267-450d-bb22-1c7e44cb8e52
author: jamiejdt author: jamiejdt
ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
--- ---
# MDOP Information Experience # MDOP Information Experience

2
mdop/mbam-v1/index.md
View File

@ -42,7 +42,7 @@ View updated product information and known issues for MBAM 1.0.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

2
mdop/mbam-v2/index.md
View File

@ -45,7 +45,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simpl
- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

2
mdop/mbam-v25/index.md
View File

@ -51,7 +51,7 @@ To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlin
- [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) - [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
- [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398) - [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398)

4
mdop/softgrid-application-virtualization.md
View File

@ -2,6 +2,10 @@
title: SoftGrid Application Virtualization title: SoftGrid Application Virtualization
description: SoftGrid Application Virtualization description: SoftGrid Application Virtualization
author: jamiejdt author: jamiejdt
ms.pagetype: mdop
ms.mktglfcycl: manage
ms.sitesec: library
ms.prod: w10
--- ---
# SoftGrid Application Virtualization # SoftGrid Application Virtualization

2
mdop/uev-v1/index.md
View File

@ -42,7 +42,7 @@ View updated product information and known issues for UE-V 1.0.
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
   

2
mdop/uev-v2/index.md
View File

@ -304,7 +304,7 @@ For more information, and for late-breaking news that did not make it into the d
Learn about the latest MDOP information and resources. Learn about the latest MDOP information and resources.
<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) <a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447). Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com) or learn about updates by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
## Got a suggestion for UE-V? ## Got a suggestion for UE-V?

2
mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
View File

@ -17,7 +17,7 @@ There is some planning and preparation to do before you deploy Microsoft User Ex
First, lets look at the tasks youll do to deploy UE-V: First, lets look at the tasks youll do to deploy UE-V:
- [Plan your UE-V Deployment](#planning) - Plan your UE-V Deployment
Before you deploy anything, a good first step is to do a little bit of planning so that you can determine which UE-V features youll deploy. So if you leave this page, make sure you come back and read through the planning information below. Before you deploy anything, a good first step is to do a little bit of planning so that you can determine which UE-V features youll deploy. So if you leave this page, make sure you come back and read through the planning information below.

30
store-for-business/TOC.md Normal file
View File

@ -0,0 +1,30 @@
# [Windows Store for Business](index.md)
## [Sign up and get started](sign-up-windows-store-for-business-overview.md)
###[Windows Store for Business overview](windows-store-for-business-overview.md)
### [Prerequisites for Windows Store for Business](prerequisites-windows-store-for-business.md)
### [Sign up for Windows Store for Business](sign-up-windows-store-for-business.md)
### [Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md)
### [Settings reference: Windows Store for Business](settings-reference-windows-store-for-business.md)
## [Find and acquire apps](find-and-acquire-apps-overview.md)
### [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md)
### [Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)
### [Working with line-of-business apps](working-with-line-of-business-apps.md)
## [Distribute apps to your employees from the Windows Store for Business](distribute-apps-to-your-employees-windows-store-for-business.md)
### [Distribute apps using your private store](distribute-apps-from-your-private-store.md)
### [Assign apps to employees](assign-apps-to-employees.md)
### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
### [Distribute offline apps](distribute-offline-apps.md)
## [Manage apps](manage-apps-windows-store-for-business-overview.md)
### [App inventory managemement for Windows Store for Business](app-inventory-management-windows-store-for-business.md)
### [Manage app orders in Windows Store for Business](manage-orders-windows-store-for-business.md)
### [Manage access to private store](manage-access-to-private-store.md)
### [Manage private store settings](manage-private-store-settings.md)
### [Configure MDM provider](configure-mdm-provider-windows-store-for-business.md)
## [Device Guard signing portal](device-guard-signing-portal.md)
### [Add unsigned app to code integrity policy](add-unsigned-app-to-code-integrity-policy.md)
### [Sign code integrity policy with Device Guard signing](sign-code-integrity-policy-with-device-guard-signing.md)
## [Manage settings in the Windows Store for Business](manage-settings-windows-store-for-business.md)
### [Update Windows Store for Business account settings](update-windows-store-for-business-account-settings.md)
### [Manage user accounts in Windows Store for Business](manage-users-and-groups-windows-store-for-business.md)
## [Troubleshoot Windows Store for Business](troubleshoot-windows-store-for-business.md)

0
windows/manage/acquire-apps-windows-store-for-business.md → store-for-business/acquire-apps-windows-store-for-business.md
View File

0
windows/manage/add-unsigned-app-to-code-integrity-policy.md → store-for-business/add-unsigned-app-to-code-integrity-policy.md
View File

0
windows/manage/app-inventory-management-windows-store-for-business.md → store-for-business/app-inventory-management-windows-store-for-business.md
View File

0
windows/manage/apps-in-windows-store-for-business.md → store-for-business/apps-in-windows-store-for-business.md
View File

0
windows/manage/assign-apps-to-employees.md → store-for-business/assign-apps-to-employees.md
View File

0
windows/manage/configure-mdm-provider-windows-store-for-business.md → store-for-business/configure-mdm-provider-windows-store-for-business.md
View File

0
windows/manage/device-guard-signing-portal.md → store-for-business/device-guard-signing-portal.md
View File

0
windows/manage/distribute-apps-from-your-private-store.md → store-for-business/distribute-apps-from-your-private-store.md
View File

0
windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md → store-for-business/distribute-apps-to-your-employees-windows-store-for-business.md
View File

0
windows/manage/distribute-apps-with-management-tool.md → store-for-business/distribute-apps-with-management-tool.md
View File

0
windows/manage/distribute-offline-apps.md → store-for-business/distribute-offline-apps.md
View File

0
windows/manage/find-and-acquire-apps-overview.md → store-for-business/find-and-acquire-apps-overview.md
View File

0
windows/manage/windows-store-for-business.md → store-for-business/index.md
View File

0
windows/manage/manage-access-to-private-store.md → store-for-business/manage-access-to-private-store.md
View File

0
windows/manage/manage-apps-windows-store-for-business-overview.md → store-for-business/manage-apps-windows-store-for-business-overview.md
View File

0
windows/manage/manage-orders-windows-store-for-business.md → store-for-business/manage-orders-windows-store-for-business.md
View File

0
windows/manage/manage-private-store-settings.md → store-for-business/manage-private-store-settings.md
View File

0
windows/manage/manage-settings-windows-store-for-business.md → store-for-business/manage-settings-windows-store-for-business.md
View File

0
windows/manage/manage-users-and-groups-windows-store-for-business.md → store-for-business/manage-users-and-groups-windows-store-for-business.md
View File

0
windows/manage/prerequisites-windows-store-for-business.md → store-for-business/prerequisites-windows-store-for-business.md
View File

0
windows/manage/roles-and-permissions-windows-store-for-business.md → store-for-business/roles-and-permissions-windows-store-for-business.md
View File

0
windows/manage/settings-reference-windows-store-for-business.md → store-for-business/settings-reference-windows-store-for-business.md
View File

0
windows/manage/sign-code-integrity-policy-with-device-guard-signing.md → store-for-business/sign-code-integrity-policy-with-device-guard-signing.md
View File

0
windows/manage/sign-up-windows-store-for-business-overview.md → store-for-business/sign-up-windows-store-for-business-overview.md
View File

0
windows/manage/sign-up-windows-store-for-business.md → store-for-business/sign-up-windows-store-for-business.md
View File

0
windows/manage/troubleshoot-windows-store-for-business.md → store-for-business/troubleshoot-windows-store-for-business.md
View File

0
windows/manage/update-windows-store-for-business-account-settings.md → store-for-business/update-windows-store-for-business-account-settings.md
View File

0
windows/manage/windows-store-for-business-overview.md → store-for-business/windows-store-for-business-overview.md
View File

0
windows/manage/working-with-line-of-business-apps.md → store-for-business/working-with-line-of-business-apps.md
View File

8
windows/TOC.md
View File

@ -1,8 +0,0 @@
# [Windows 10 and Windows 10 Mobile](index.md)
## [What's new in Windows 10](whats-new/index.md)
## [Plan for Windows 10 deployment](plan/index.md)
## [Deploy Windows 10](deploy/index.md)
## [Configure Windows 10](configure/index.md)
## [Update Windows 10](update/index.md)
## [Keep Windows 10 secure](keep-secure/index.md)
## [Manage Windows 10](manage/index.md)

190
windows/access-protection/TOC.md Normal file
View File

@ -0,0 +1,190 @@
# [Access protection](access-control/access-control.md)
## [Access Control Overview](access-control/access-control.md)
### [Dynamic Access Control Overview](access-control/dynamic-access-control.md)
### [Security identifiers](access-control/security-identifiers.md)
### [Security Principals](access-control/security-principals.md)
### [Local Accounts](access-control/local-accounts.md)
### [Active Directory Accounts](access-control/active-directory-accounts.md)
### [Microsoft Accounts](access-control/microsoft-accounts.md)
### [Service Accounts](access-control/service-accounts.md)
### [Active Directory Security Groups](access-control/active-directory-security-groups.md)
### [Special Identities](access-control/special-identities.md)
## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md)
## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)
### [Credential Guard Requirements](credential-guard/credential-guard-requirements.md)
### [Manage Credential Guard](credential-guard/credential-guard-manage.md)
### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md)
### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md)
### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md)
## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
## [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md)
### [How Smart Card Sign-in Works in Windows](smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md)
#### [Smart Card Architecture](smart-cards/smart-card-architecture.md)
#### [Certificate Requirements and Enumeration](smart-cards/smart-card-certificate-requirements-and-enumeration.md)
#### [Smart Card and Remote Desktop Services](smart-cards/smart-card-and-remote-desktop-services.md)
#### [Smart Cards for Windows Service](smart-cards/smart-card-smart-cards-for-windows-service.md)
#### [Certificate Propagation Service](smart-cards/smart-card-certificate-propagation-service.md)
#### [Smart Card Removal Policy Service](smart-cards/smart-card-removal-policy-service.md)
### [Smart Card Tools and Settings](smart-cards/smart-card-tools-and-settings.md)
#### [Smart Cards Debugging Information](smart-cards/smart-card-debugging-information.md)
#### [Smart Card Group Policy and Registry Settings](smart-cards/smart-card-group-policy-and-registry-settings.md)
#### [Smart Card Events](smart-cards/smart-card-events.md)
### [User Account Control](user-account-control\user-account-control-overview.md)
#### [How User Account Control works](user-account-control\how-user-account-control-works.md)
#### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md)
#### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md)
### [Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-overview.md)
### [Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-overview.md)
#### [Understanding and Evaluating Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md)
##### [Get Started with Virtual Smart Cards: Walkthrough Guide](virtual-smart-cards\virtual-smart-card-get-started.md)
##### [Use Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md)
##### [Deploy Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md)
##### [Evaluate Virtual Smart Card Security](virtual-smart-cards\virtual-smart-card-evaluate-security.md)
#### [Tpmvscmgr](virtual-smart-cards\virtual-smart-card-tpmvscmgr.md)
## [VPN technical guide](vpn\vpn-guide.md)
### [VPN connection types](vpn\vpn-connection-type.md)
### [VPN routing decisions](vpn\vpn-routing.md)
### [VPN authentication options](vpn\vpn-authentication.md)
### [VPN and conditional access](vpn\vpn-conditional-access.md)
### [VPN name resolution](vpn\vpn-name-resolution.md)
### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md)
### [VPN security features](vpn\vpn-security-features.md)
### [VPN profile options](vpn\vpn-profile-options.md)
### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
## [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md)
### [Isolating Windows Store Apps on Your Network](windows-firewall/isolating-apps-on-your-network.md)
### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md)
### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
### [Windows Firewall with Advanced Security Design Guide](windows-firewall/windows-firewall-with-advanced-security-design-guide.md)
#### [Understanding the Windows Firewall with Advanced Security Design Process](windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md)
#### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
##### [Protect Devices from Unwanted Network Traffic](windows-firewall/protect-devices-from-unwanted-network-traffic.md)
##### [Restrict Access to Only Trusted Devices](windows-firewall/restrict-access-to-only-trusted-devices.md)
##### [Require Encryption When Accessing Sensitive Network Resources](windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md)
##### [Restrict Access to Only Specified Users or Computers](windows-firewall/restrict-access-to-only-specified-users-or-devices.md)
#### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
##### [Basic Firewall Policy Design](windows-firewall/basic-firewall-policy-design.md)
##### [Domain Isolation Policy Design](windows-firewall/domain-isolation-policy-design.md)
##### [Server Isolation Policy Design](windows-firewall/server-isolation-policy-design.md)
##### [Certificate-based Isolation Policy Design](windows-firewall/certificate-based-isolation-policy-design.md)
#### [Evaluating Windows Firewall with Advanced Security Design Examples](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
##### [Firewall Policy Design Example](windows-firewall/firewall-policy-design-example.md)
##### [Domain Isolation Policy Design Example](windows-firewall/domain-isolation-policy-design-example.md)
##### [Server Isolation Policy Design Example](windows-firewall/server-isolation-policy-design-example.md)
##### [Certificate-based Isolation Policy Design Example](windows-firewall/certificate-based-isolation-policy-design-example.md)
#### [Designing a Windows Firewall with Advanced Security Strategy](windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md)
##### [Gathering the Information You Need](windows-firewall/gathering-the-information-you-need.md)
###### [Gathering Information about Your Current Network Infrastructure](windows-firewall/gathering-information-about-your-current-network-infrastructure.md)
###### [Gathering Information about Your Active Directory Deployment](windows-firewall/gathering-information-about-your-active-directory-deployment.md)
###### [Gathering Information about Your Computers](windows-firewall/gathering-information-about-your-devices.md)
###### [Gathering Other Relevant Information](windows-firewall/gathering-other-relevant-information.md)
##### [Determining the Trusted State of Your Computers](windows-firewall/determining-the-trusted-state-of-your-devices.md)
#### [Planning Your Windows Firewall with Advanced Security Design](windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md)
##### [Planning Settings for a Basic Firewall Policy](windows-firewall/planning-settings-for-a-basic-firewall-policy.md)
##### [Planning Domain Isolation Zones](windows-firewall/planning-domain-isolation-zones.md)
###### [Exemption List](windows-firewall/exemption-list.md)
###### [Isolated Domain](windows-firewall/isolated-domain.md)
###### [Boundary Zone](windows-firewall/boundary-zone.md)
###### [Encryption Zone](windows-firewall/encryption-zone.md)
##### [Planning Server Isolation Zones](windows-firewall/planning-server-isolation-zones.md)
##### [Planning Certificate-based Authentication](windows-firewall/planning-certificate-based-authentication.md)
###### [Documenting the Zones](windows-firewall/documenting-the-zones.md)
###### [Planning Group Policy Deployment for Your Isolation Zones](windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md)
####### [Planning Isolation Groups for the Zones](windows-firewall/planning-isolation-groups-for-the-zones.md)
####### [Planning Network Access Groups](windows-firewall/planning-network-access-groups.md)
####### [Planning the GPOs](windows-firewall/planning-the-gpos.md)
######## [Firewall GPOs](windows-firewall/firewall-gpos.md)
######### [GPO_DOMISO_Firewall](windows-firewall/gpo-domiso-firewall.md)
######## [Isolated Domain GPOs](windows-firewall/isolated-domain-gpos.md)
######### [GPO_DOMISO_IsolatedDomain_Clients](windows-firewall/gpo-domiso-isolateddomain-clients.md)
######### [GPO_DOMISO_IsolatedDomain_Servers](windows-firewall/gpo-domiso-isolateddomain-servers.md)
######## [Boundary Zone GPOs](windows-firewall/boundary-zone-gpos.md)
######### [GPO_DOMISO_Boundary](windows-firewall/gpo-domiso-boundary.md)
######## [Encryption Zone GPOs](windows-firewall/encryption-zone-gpos.md)
######### [GPO_DOMISO_Encryption](windows-firewall/gpo-domiso-encryption.md)
######## [Server Isolation GPOs](windows-firewall/server-isolation-gpos.md)
####### [Planning GPO Deployment](windows-firewall/planning-gpo-deployment.md)
#### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
#### [Planning to Deploy Windows Firewall with Advanced Security](windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md)
#### [Implementing Your Windows Firewall with Advanced Security Design Plan](windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md)
#### [Checklist: Creating Group Policy Objects](windows-firewall/checklist-creating-group-policy-objects.md)
#### [Checklist: Implementing a Basic Firewall Policy Design](windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md)
#### [Checklist: Configuring Basic Firewall Settings](windows-firewall/checklist-configuring-basic-firewall-settings.md)
#### [Checklist: Creating Inbound Firewall Rules](windows-firewall/checklist-creating-inbound-firewall-rules.md)
#### [Checklist: Creating Outbound Firewall Rules](windows-firewall/checklist-creating-outbound-firewall-rules.md)
#### [Checklist: Implementing a Domain Isolation Policy Design](windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md)
##### [Checklist: Configuring Rules for the Isolated Domain](windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md)
##### [Checklist: Configuring Rules for the Boundary Zone](windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md)
##### [Checklist: Configuring Rules for the Encryption Zone](windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md)
##### [Checklist: Configuring Rules for an Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md)
#### [Checklist: Implementing a Standalone Server Isolation Policy Design](windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md)
##### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
##### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
#### [Checklist: Implementing a Certificate-based Isolation Policy Design](windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md)
#### [Procedures Used in This Guide](windows-firewall/procedures-used-in-this-guide.md)
##### [Add Production Devices to the Membership Group for a Zone](windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md)
##### [Add Test Devices to the Membership Group for a Zone](windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md)
##### [Assign Security Group Filters to the GPO](windows-firewall/assign-security-group-filters-to-the-gpo.md)
##### [Change Rules from Request to Require Mode](windows-firewall/change-rules-from-request-to-require-mode.md)
##### [Configure Authentication Methods](windows-firewall/configure-authentication-methods.md)
##### [Configure Data Protection (Quick Mode) Settings](windows-firewall/configure-data-protection-quick-mode-settings.md)
##### [Configure Group Policy to Autoenroll and Deploy Certificates](windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md)
##### [Configure Key Exchange (Main Mode) Settings](windows-firewall/configure-key-exchange-main-mode-settings.md)
##### [Configure the Rules to Require Encryption](windows-firewall/configure-the-rules-to-require-encryption.md)
##### [Configure the Windows Firewall Log](windows-firewall/configure-the-windows-firewall-log.md)
##### [Configure the Workstation Authentication Certificate Template](windows-firewall/configure-the-workstation-authentication-certificate-template.md)
##### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
##### [Confirm That Certificates Are Deployed Correctly](windows-firewall/confirm-that-certificates-are-deployed-correctly.md)
##### [Copy a GPO to Create a New GPO](windows-firewall/copy-a-gpo-to-create-a-new-gpo.md)
##### [Create a Group Account in Active Directory](windows-firewall/create-a-group-account-in-active-directory.md)
##### [Create a Group Policy Object](windows-firewall/create-a-group-policy-object.md)
##### [Create an Authentication Exemption List Rule](windows-firewall/create-an-authentication-exemption-list-rule.md)
##### [Create an Authentication Request Rule](windows-firewall/create-an-authentication-request-rule.md)
##### [Create an Inbound ICMP Rule](windows-firewall/create-an-inbound-icmp-rule.md)
##### [Create an Inbound Port Rule](windows-firewall/create-an-inbound-port-rule.md)
##### [Create an Inbound Program or Service Rule](windows-firewall/create-an-inbound-program-or-service-rule.md)
##### [Create an Outbound Port Rule](windows-firewall/create-an-outbound-port-rule.md)
##### [Create an Outbound Program or Service Rule](windows-firewall/create-an-outbound-program-or-service-rule.md)
##### [Create Inbound Rules to Support RPC](windows-firewall/create-inbound-rules-to-support-rpc.md)
##### [Create WMI Filters for the GPO](windows-firewall/create-wmi-filters-for-the-gpo.md)
##### [Enable Predefined Inbound Rules](windows-firewall/enable-predefined-inbound-rules.md)
##### [Enable Predefined Outbound Rules](windows-firewall/enable-predefined-outbound-rules.md)
##### [Exempt ICMP from Authentication](windows-firewall/exempt-icmp-from-authentication.md)
##### [Link the GPO to the Domain](windows-firewall/link-the-gpo-to-the-domain.md)
##### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
##### [Open the Group Policy Management Console to IP Security Policies](windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md)
##### [Open the Group Policy Management Console to Windows Firewall](windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md)
##### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
##### [Open Windows Firewall with Advanced Security](windows-firewall/open-windows-firewall-with-advanced-security.md)
##### [Restrict Server Access to Members of a Group Only](windows-firewall/restrict-server-access-to-members-of-a-group-only.md)
##### [Turn on Windows Firewall and Configure Default Behavior](windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md)
##### [Verify That Network Traffic Is Authenticated](windows-firewall/verify-that-network-traffic-is-authenticated.md)
## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
### [How Windows Hello for Business works](hello-for-business/hello-how-it-works.md)
### [Manage Windows Hello for Business in your organization](hello-for-business/hello-manage-in-organization.md)
### [Why a PIN is better than a password](hello-for-business/hello-why-pin-is-better-than-password.md)
### [Prepare people to use Windows Hello](hello-for-business/hello-prepare-people-to-use.md)
### [Windows Hello and password changes](hello-for-business/hello-and-password-changes.md)
### [Windows Hello errors during PIN creation](hello-for-business/hello-errors-during-pin-creation.md)
### [Event ID 300 - Windows Hello successfully created](hello-for-business/hello-event-300.md)
### [Windows Hello biometrics in the enterprise](hello-for-business/hello-biometrics-in-enterprise.md)

4
windows/keep-secure/access-control.md → windows/access-protection/access-control/access-control.md
View File

@ -114,14 +114,14 @@ User rights grant specific privileges and sign-in rights to users and groups in
User rights are different from permissions because user rights apply to user accounts, and permissions are associated with objects. Although user rights can apply to individual user accounts, user rights are best administered on a group account basis. There is no support in the access control user interface to grant user rights. However, user rights assignment can be administered through **Local Security Settings**. User rights are different from permissions because user rights apply to user accounts, and permissions are associated with objects. Although user rights can apply to individual user accounts, user rights are best administered on a group account basis. There is no support in the access control user interface to grant user rights. However, user rights assignment can be administered through **Local Security Settings**.
For more information about user rights, see [User Rights Assignment](user-rights-assignment.md). For more information about user rights, see [User Rights Assignment](/windows/device-security/security-policy-settings/access-user-rights-assignment).
## Object auditing ## Object auditing
With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer. With administrator's rights, you can audit users' successful or failed access to objects. You can select which object access to audit by using the access control user interface, but first you must enable the audit policy by selecting **Audit object access** under **Local Policies** in **Local Security Settings**. You can then view these security-related events in the Security log in Event Viewer.
For more information about auditing, see [Security Auditing Overview](security-auditing-overview.md). For more information about auditing, see [Security Auditing Overview](/windows/device-security/auditing/security-auditing-overview).
## See also ## See also

4
windows/keep-secure/active-directory-accounts.md → windows/access-protection/access-control/active-directory-accounts.md
View File

@ -176,7 +176,7 @@ Because the Guest account can provide anonymous access, it is a security risk. I
When the Guest account is required, an Administrator on the domain controller is required to enable the Guest account. The Guest account can be enabled without requiring a password, or it can be enabled with a strong password. The Administrator also grants restricted rights and permissions for the Guest account. To help prevent unauthorized access: When the Guest account is required, an Administrator on the domain controller is required to enable the Guest account. The Guest account can be enabled without requiring a password, or it can be enabled with a strong password. The Administrator also grants restricted rights and permissions for the Guest account. To help prevent unauthorized access:
- Do not grant the Guest account the [Shut down the system](shut-down-the-system.md) user right. When a computer is shutting down or starting up, it is possible that a Guest user or anyone with local access, such as a malicious user, could gain unauthorized access to the computer. - Do not grant the Guest account the [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system) user right. When a computer is shutting down or starting up, it is possible that a Guest user or anyone with local access, such as a malicious user, could gain unauthorized access to the computer.
- Do not provide the Guest account with the ability to view the event logs. After the Guest account is enabled, it is a best practice to monitor this account frequently to ensure that other users cannot use services and other resources, such as resources that were unintentionally left available by a previous user. - Do not provide the Guest account with the ability to view the event logs. After the Guest account is enabled, it is a best practice to monitor this account frequently to ensure that other users cannot use services and other resources, such as resources that were unintentionally left available by a previous user.
@ -571,7 +571,7 @@ If the administrators in your environment can sign in locally to managed servers
- **Better**. Do not grant administrators membership in the local Administrator group on the computer in order to restrict the administrator from bypassing these protections. - **Better**. Do not grant administrators membership in the local Administrator group on the computer in order to restrict the administrator from bypassing these protections.
- **Ideal**. Restrict workstations from having any network connectivity, except for the domain controllers and servers that the administrator accounts are used to manage. Alternately, use AppLocker application control policies to restrict all applications from running, except for the operating system and approved administrative tools and applications. For more information about AppLocker, see [AppLocker](applocker-overview.md). - **Ideal**. Restrict workstations from having any network connectivity, except for the domain controllers and servers that the administrator accounts are used to manage. Alternately, use AppLocker application control policies to restrict all applications from running, except for the operating system and approved administrative tools and applications. For more information about AppLocker, see [AppLocker](/windows/device-security/applocker/applocker-overview).
The following procedure describes how to block Internet access by creating a Group Policy Object (GPO) that configures an invalid proxy address on administrative workstations. These instructions apply only to computers running Internet Explorer and other Windows components that use these proxy settings. The following procedure describes how to block Internet access by creating a Group Policy Object (GPO) that configures an invalid proxy address on administrative workstations. These instructions apply only to computers running Internet Explorer and other Windows components that use these proxy settings.

102
windows/keep-secure/active-directory-security-groups.md → windows/access-protection/access-control/active-directory-security-groups.md
View File

@ -50,7 +50,7 @@ Security groups can provide an efficient way to assign access to resources on yo
For example, a user who is added to the Backup Operators group in Active Directory has the ability to back up and restore files and directories that are located on each domain controller in the domain. This is possible because, by default, the user rights **Backup files and directories** and **Restore files and directories** are automatically assigned to the Backup Operators group. Therefore, members of this group inherit the user rights that are assigned to that group. For example, a user who is added to the Backup Operators group in Active Directory has the ability to back up and restore files and directories that are located on each domain controller in the domain. This is possible because, by default, the user rights **Backup files and directories** and **Restore files and directories** are automatically assigned to the Backup Operators group. Therefore, members of this group inherit the user rights that are assigned to that group.
You can use Group Policy to assign user rights to security groups to delegate specific tasks. For more information about using Group Policy, see [User Rights Assignment](user-rights-assignment.md). You can use Group Policy to assign user rights to security groups to delegate specific tasks. For more information about using Group Policy, see [User Rights Assignment](/windows/device-security/security-policy-settings/user-rights-assignment).
- Assign permissions to security groups for resources. - Assign permissions to security groups for resources.
@ -650,7 +650,7 @@ This security group has not changed since Windows Server 2008.
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p></td> <td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -672,9 +672,9 @@ Membership can be modified by members of the following groups: the default servi
This security group includes the following changes since Windows Server 2008: This security group includes the following changes since Windows Server 2008:
- Default user rights changes: **Allow log on through Terminal Services** existed in Windows Server 2008, and it was replaced by [Allow log on through Remote Desktop Services](allow-log-on-through-remote-desktop-services.md). - Default user rights changes: **Allow log on through Terminal Services** existed in Windows Server 2008, and it was replaced by [Allow log on through Remote Desktop Services](/windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services).
- [Remove computer from docking station](remove-computer-from-docking-station.md) was removed in Windows Server 2012 R2. - [Remove computer from docking station](/windows/device-security/security-policy-settings/remove-computer-from-docking-station) was removed in Windows Server 2012 R2.
<table> <table>
<colgroup> <colgroup>
@ -722,33 +722,33 @@ This security group includes the following changes since Windows Server 2008:
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Adjust memory quotas for a process](adjust-memory-quotas-for-a-process.md): SeIncreaseQuotaPrivilege</p> <td><p>[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege</p>
<p>[Access this computer from the network](access-this-computer-from-the-network.md): SeNetworkLogonRight</p> <p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p> <p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
<p>[Allow log on through Remote Desktop Services](allow-log-on-through-remote-desktop-services.md): SeRemoteInteractiveLogonRight</p> <p>[Allow log on through Remote Desktop Services](/windows/device-security/security-policy-settings/allow-log-on-through-remote-desktop-services): SeRemoteInteractiveLogonRight</p>
<p>[Back up files and directories](back-up-files-and-directories.md): SeBackupPrivilege</p> <p>[Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
<p>[Change the system time](change-the-system-time.md): SeSystemTimePrivilege</p> <p>[Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege</p>
<p>[Change the time zone](change-the-time-zone.md): SeTimeZonePrivilege</p> <p>[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege</p>
<p>[Create a pagefile](create-a-pagefile.md): SeCreatePagefilePrivilege</p> <p>[Create a pagefile](/windows/device-security/security-policy-settings/create-a-pagefile): SeCreatePagefilePrivilege</p>
<p>[Create global objects](create-global-objects.md): SeCreateGlobalPrivilege</p> <p>[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege</p>
<p>[Create symbolic links](create-symbolic-links.md): SeCreateSymbolicLinkPrivilege</p> <p>[Create symbolic links](/windows/device-security/security-policy-settings/create-symbolic-links): SeCreateSymbolicLinkPrivilege</p>
<p>[Debug programs](debug-programs.md): SeDebugPrivilege</p> <p>[Debug programs](/windows/device-security/security-policy-settings/debug-programs): SeDebugPrivilege</p>
<p>[Enable computer and user accounts to be trusted for delegation](enable-computer-and-user-accounts-to-be-trusted-for-delegation.md): SeEnableDelegationPrivilege</p> <p>[Enable computer and user accounts to be trusted for delegation](/windows/device-security/security-policy-settings/enable-computer-and-user-accounts-to-be-trusted-for-delegation): SeEnableDelegationPrivilege</p>
<p>[Force shutdown from a remote system](force-shutdown-from-a-remote-system.md): SeRemoteShutdownPrivilege</p> <p>[Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege</p>
<p>[Impersonate a client after authentication](impersonate-a-client-after-authentication.md): SeImpersonatePrivilege</p> <p>[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege</p>
<p>[Increase scheduling priority](increase-scheduling-priority.md): SeIncreaseBasePriorityPrivilege</p> <p>[Increase scheduling priority](/windows/device-security/security-policy-settings/increase-scheduling-priority): SeIncreaseBasePriorityPrivilege</p>
<p>[Load and unload device drivers](load-and-unload-device-drivers.md): SeLoadDriverPrivilege</p> <p>[Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege</p>
<p>[Log on as a batch job](log-on-as-a-batch-job.md): SeBatchLogonRight</p> <p>[Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight</p>
<p>[Manage auditing and security log](manage-auditing-and-security-log.md): SeSecurityPrivilege</p> <p>[Manage auditing and security log](/windows/device-security/security-policy-settings/manage-auditing-and-security-log): SeSecurityPrivilege</p>
<p>[Modify firmware environment values](modify-firmware-environment-values.md): SeSystemEnvironmentPrivilege</p> <p>[Modify firmware environment values](/windows/device-security/security-policy-settings/modify-firmware-environment-values): SeSystemEnvironmentPrivilege</p>
<p>[Perform volume maintenance tasks](perform-volume-maintenance-tasks.md): SeManageVolumePrivilege</p> <p>[Perform volume maintenance tasks](/windows/device-security/security-policy-settings/perform-volume-maintenance-tasks): SeManageVolumePrivilege</p>
<p>[Profile system performance](profile-system-performance.md): SeSystemProfilePrivilege</p> <p>[Profile system performance](/windows/device-security/security-policy-settings/profile-system-performance): SeSystemProfilePrivilege</p>
<p>[Profile single process](profile-single-process.md): SeProfileSingleProcessPrivilege</p> <p>[Profile single process](/windows/device-security/security-policy-settings/profile-single-process): SeProfileSingleProcessPrivilege</p>
<p>[Remove computer from docking station](remove-computer-from-docking-station.md): SeUndockPrivilege</p> <p>[Remove computer from docking station](/windows/device-security/security-policy-settings/remove-computer-from-docking-station): SeUndockPrivilege</p>
<p>[Restore files and directories](restore-files-and-directories.md): SeRestorePrivilege</p> <p>[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege</p>
<p>[Shut down the system](shut-down-the-system.md): SeShutdownPrivilege</p> <p>[Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege</p>
<p>[Take ownership of files or other objects](take-ownership-of-files-or-other-objects.md): SeTakeOwnershipPrivilege</p></td> <p>[Take ownership of files or other objects](/windows/device-security/security-policy-settings/take-ownership-of-files-or-other-objects): SeTakeOwnershipPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -870,11 +870,11 @@ This security group has not changed since Windows Server 2008.
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p> <td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
<p>[Back up files and directories](back-up-files-and-directories.md): SeBackupPrivilege</p> <p>[Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege</p>
<p>[Log on as a batch job](log-on-as-a-batch-job.md): SeBatchLogonRight</p> <p>[Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight</p>
<p>[Restore files and directories](restore-files-and-directories.md): SeRestorePrivilege</p> <p>[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege</p>
<p>[Shut down the system](shut-down-the-system.md): SeShutdownPrivilege</p></td> <p>[Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -2330,7 +2330,7 @@ Members of the Performance Log Users group can manage performance counters, logs
- Can use all the features that are available to the Performance Monitor Users group. - Can use all the features that are available to the Performance Monitor Users group.
- Can create and modify Data Collector Sets after the group is assigned the [Log on as a batch job](log-on-as-a-batch-job.md) user right. - Can create and modify Data Collector Sets after the group is assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right.
**Warning**   **Warning**  
If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials. If you are a member of the Performance Log Users group, you must configure Data Collector Sets that you create to run under your credentials.
@ -2339,7 +2339,7 @@ Members of the Performance Log Users group can manage performance counters, logs
- Cannot use the Windows Kernel Trace event provider in Data Collector Sets. - Cannot use the Windows Kernel Trace event provider in Data Collector Sets.
For members of the Performance Log Users group to initiate data logging or modify Data Collector Sets, the group must first be assigned the [Log on as a batch job](log-on-as-a-batch-job.md) user right. To assign this user right, use the Local Security Policy snap-in in Microsoft Management Console. For members of the Performance Log Users group to initiate data logging or modify Data Collector Sets, the group must first be assigned the [Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job) user right. To assign this user right, use the Local Security Policy snap-in in Microsoft Management Console.
**Note**   **Note**  
This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO). This group appears as a SID until the domain controller is made the primary domain controller and it holds the operations master role (also known as flexible single master operations or FSMO).
@ -2401,7 +2401,7 @@ This security group has not changed since Windows Server 2008.
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Log on as a batch job](log-on-as-a-batch-job.md): SeBatchLogonRight</p></td> <td><p>[Log on as a batch job](/windows/device-security/security-policy-settings/log-on-as-a-batch-job): SeBatchLogonRight</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -2548,8 +2548,8 @@ This security group has not changed since Windows Server 2008.
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Access this computer from the network](access-this-computer-from-the-network.md): SeNetworkLogonRight</p> <td><p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p></td> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -2612,9 +2612,9 @@ This security group has not changed since Windows Server 2008. However, in Windo
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p> <td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
<p>[Load and unload device drivers](load-and-unload-device-drivers.md): SeLoadDriverPrivilege</p> <p>[Load and unload device drivers](/windows/device-security/security-policy-settings/load-and-unload-device-drivers): SeLoadDriverPrivilege</p>
<p>[Shut down the system](shut-down-the-system.md): SeShutdownPrivilege</p></td> <p>[Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -3327,13 +3327,13 @@ This security group has not changed since Windows Server 2008.
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p> <td><p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p>
<p>[Back up files and directories](back-up-files-and-directories.md): SeBackupPrivilege</p> <p>[Back up files and directories](/windows/device-security/security-policy-settings/back-up-files-and-directories): SeBackupPrivilege</p>
<p>[Change the system time](change-the-system-time.md): SeSystemTimePrivilege</p> <p>[Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemTimePrivilege</p>
<p>[Change the time zone](change-the-time-zone.md): SeTimeZonePrivilege</p> <p>[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege</p>
<p>[Force shutdown from a remote system](force-shutdown-from-a-remote-system.md): SeRemoteShutdownPrivilege</p> <p>[Force shutdown from a remote system](/windows/device-security/security-policy-settings/force-shutdown-from-a-remote-system): SeRemoteShutdownPrivilege</p>
<p>[Restore files and directories](restore-files-and-directories.md): Restore files and directories SeRestorePrivilege</p> <p>[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): Restore files and directories SeRestorePrivilege</p>
<p>[Shut down the system](shut-down-the-system.md): SeShutdownPrivilege</p></td> <p>[Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system): SeShutdownPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

0
windows/keep-secure/dynamic-access-control.md → windows/access-protection/access-control/dynamic-access-control.md
View File

0
windows/keep-secure/images/adlocalaccounts-proc1-sample1.gif → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample1.gif
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 16 KiB

After

Width:  |  Height:  |  Size: 16 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample2.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 37 KiB

After

Width:  |  Height:  |  Size: 37 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample3.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 31 KiB

After

Width:  |  Height:  |  Size: 31 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample4.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 22 KiB

After

Width:  |  Height:  |  Size: 22 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample5.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample5.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 39 KiB

After

Width:  |  Height:  |  Size: 39 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample6.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample6.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 19 KiB

After

Width:  |  Height:  |  Size: 19 KiB

0
windows/keep-secure/images/adlocalaccounts-proc1-sample7.png → windows/access-protection/access-control/images/adlocalaccounts-proc1-sample7.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 10 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample1.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 44 KiB

After

Width:  |  Height:  |  Size: 44 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample2.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.1 KiB

After

Width:  |  Height:  |  Size: 8.1 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample3.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.6 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample4.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.3 KiB

After

Width:  |  Height:  |  Size: 2.3 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample5.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample5.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.6 KiB

After

Width:  |  Height:  |  Size: 2.6 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample6.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample6.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.5 KiB

After

Width:  |  Height:  |  Size: 8.5 KiB

0
windows/keep-secure/images/adlocalaccounts-proc2-sample7.png → windows/access-protection/access-control/images/adlocalaccounts-proc2-sample7.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
windows/keep-secure/images/adlocalaccounts-proc3-sample1.png → windows/access-protection/access-control/images/adlocalaccounts-proc3-sample1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 25 KiB

After

Width:  |  Height:  |  Size: 25 KiB

0
windows/keep-secure/images/authorizationandaccesscontrolprocess.gif → windows/access-protection/access-control/images/authorizationandaccesscontrolprocess.gif
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 6.5 KiB

After

Width:  |  Height:  |  Size: 6.5 KiB

0
windows/keep-secure/images/corpnet.gif → windows/access-protection/access-control/images/corpnet.gif
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.0 KiB

After

Width:  |  Height:  |  Size: 7.0 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample1.png → windows/access-protection/access-control/images/localaccounts-proc1-sample1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample2.png → windows/access-protection/access-control/images/localaccounts-proc1-sample2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 10 KiB

After

Width:  |  Height:  |  Size: 10 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample3.png → windows/access-protection/access-control/images/localaccounts-proc1-sample3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.5 KiB

After

Width:  |  Height:  |  Size: 3.5 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample4.png → windows/access-protection/access-control/images/localaccounts-proc1-sample4.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 13 KiB

After

Width:  |  Height:  |  Size: 13 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample5.png → windows/access-protection/access-control/images/localaccounts-proc1-sample5.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 28 KiB

After

Width:  |  Height:  |  Size: 28 KiB

0
windows/keep-secure/images/localaccounts-proc1-sample6.png → windows/access-protection/access-control/images/localaccounts-proc1-sample6.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 7.9 KiB

After

Width:  |  Height:  |  Size: 7.9 KiB

0
windows/keep-secure/images/localaccounts-proc2-sample1.png → windows/access-protection/access-control/images/localaccounts-proc2-sample1.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 11 KiB

After

Width:  |  Height:  |  Size: 11 KiB

0
windows/keep-secure/images/localaccounts-proc2-sample2.png → windows/access-protection/access-control/images/localaccounts-proc2-sample2.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.0 KiB

After

Width:  |  Height:  |  Size: 3.0 KiB

0
windows/keep-secure/images/localaccounts-proc2-sample3.png → windows/access-protection/access-control/images/localaccounts-proc2-sample3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 9.8 KiB

After

Width:  |  Height:  |  Size: 9.8 KiB

0
windows/keep-secure/images/security-identifider-architecture.jpg → windows/access-protection/access-control/images/security-identifider-architecture.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.8 KiB

After

Width:  |  Height:  |  Size: 1.8 KiB

12
windows/keep-secure/local-accounts.md → windows/access-protection/access-control/local-accounts.md
View File

@ -123,7 +123,7 @@ By default, the Guest account is the only member of the default Guests group, wh
When an administrator enables the Guest account, it is a best practice to create a strong password for this account. In addition, the administrator on the computer should also grant only limited rights and permissions for the Guest account. For security reasons, the Guest account should not be used over the network and made accessible to other computers. When an administrator enables the Guest account, it is a best practice to create a strong password for this account. In addition, the administrator on the computer should also grant only limited rights and permissions for the Guest account. For security reasons, the Guest account should not be used over the network and made accessible to other computers.
When a computer is shutting down or starting up, it is possible that a guest user or anyone with local access could gain unauthorized access to the computer. To help prevent this risk, do not grant the Guest account the [Shut down the system](shut-down-the-system.md) user right. When a computer is shutting down or starting up, it is possible that a guest user or anyone with local access could gain unauthorized access to the computer. To help prevent this risk, do not grant the Guest account the [Shut down the system](/windows/device-security/security-policy-settings/shut-down-the-system) user right.
In addition, the guest user in the Guest account should not be able to view the event logs. After the Guest account is enabled, it is a best practice to monitor the Guest account frequently to ensure that other users cannot use services and other resources, such as resources that were unintentionally left available by a previous user. In addition, the guest user in the Guest account should not be able to view the event logs. After the Guest account is enabled, it is a best practice to monitor the Guest account frequently to ensure that other users cannot use services and other resources, such as resources that were unintentionally left available by a previous user.
@ -200,7 +200,7 @@ In addition, UAC can require administrators to specifically approve applications
For example, a default feature of UAC is shown when a local account signs in from a remote computer by using Network logon (for example, by using NET.EXE USE). In this instance, it is issued a standard user token with no administrative rights, but with the ability to request or receive elevation. Consequently, local accounts that sign in by using Network logon cannot access administrative shares such as C$, or ADMIN$, or perform any remote administration. For example, a default feature of UAC is shown when a local account signs in from a remote computer by using Network logon (for example, by using NET.EXE USE). In this instance, it is issued a standard user token with no administrative rights, but with the ability to request or receive elevation. Consequently, local accounts that sign in by using Network logon cannot access administrative shares such as C$, or ADMIN$, or perform any remote administration.
For more information about UAC, see [User Account Control](user-account-control-overview.md). For more information about UAC, see [User Account Control](/windows/access-protection/user-account-control/user-account-control-overview).
The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access. The following table shows the Group Policy and registry settings that are used to enforce local account restrictions for remote access.
@ -224,7 +224,7 @@ The following table shows the Group Policy and registry settings that are used t
<tr class="odd"> <tr class="odd">
<td><p>1</p></td> <td><p>1</p></td>
<td><p>Policy name</p></td> <td><p>Policy name</p></td>
<td><p>[User Account Control: Run all administrators in Admin Approval Mode](user-account-control-run-all-administrators-in-admin-approval-mode.md)</p></td> <td><p>[User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)</p></td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p></p></td> <td><p></p></td>
@ -239,7 +239,7 @@ The following table shows the Group Policy and registry settings that are used t
<tr class="even"> <tr class="even">
<td><p></p></td> <td><p></p></td>
<td><p>Policy name</p></td> <td><p>Policy name</p></td>
<td><p>[User Account Control: Run all administrators in Admin Approval Mode](user-account-control-run-all-administrators-in-admin-approval-mode.md)</p></td> <td><p>[User Account Control: Run all administrators in Admin Approval Mode](/windows/device-security/security-policy-settings/user-account-control-run-all-administrators-in-admin-approval-mode)</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p></p></td> <td><p></p></td>
@ -368,7 +368,7 @@ The following table shows the Group Policy settings that are used to deny networ
<tr class="odd"> <tr class="odd">
<td><p>1</p></td> <td><p>1</p></td>
<td><p>Policy name</p></td> <td><p>Policy name</p></td>
<td><p>[Deny access to this computer from the network](deny-access-to-this-computer-from-the-network.md)</p></td> <td><p>[Deny access to this computer from the network](/windows/device-security/security-policy-settings/deny-access-to-this-computer-from-the-network)</p></td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p></p></td> <td><p></p></td>
@ -384,7 +384,7 @@ The following table shows the Group Policy settings that are used to deny networ
<tr class="even"> <tr class="even">
<td><p></p></td> <td><p></p></td>
<td><p>Policy name</p></td> <td><p>Policy name</p></td>
<td><p>[Deny log on through Remote Desktop Services](deny-log-on-through-remote-desktop-services.md)</p></td> <td><p>[Deny log on through Remote Desktop Services](/windows/device-security/security-policy-settings/deny-log-on-through-remote-desktop-services)</p></td>
</tr> </tr>
<tr class="odd"> <tr class="odd">
<td><p></p></td> <td><p></p></td>

4
windows/keep-secure/microsoft-accounts.md → windows/access-protection/access-control/microsoft-accounts.md
View File

@ -118,7 +118,7 @@ Depending on your IT and business models, introducing Microsoft accounts into yo
### <a href="" id="bkmk-restrictuse"></a>Restrict the use of the Microsoft account ### <a href="" id="bkmk-restrictuse"></a>Restrict the use of the Microsoft account
If employees are allowed to join the domain with their personal devices, they might expect to connect to enterprise resources by using their Microsoft accounts. If you want to prevent any use of Microsoft accounts within your enterprise, you can configure the local security policy setting [Accounts: Block Microsoft accounts](accounts-block-microsoft-accounts.md). However, this setting can prevent the users from signing in to their Windows devices with their Microsoft accounts (if they had set them up to do so) when they are joined to the domain. If employees are allowed to join the domain with their personal devices, they might expect to connect to enterprise resources by using their Microsoft accounts. If you want to prevent any use of Microsoft accounts within your enterprise, you can configure the local security policy setting [Accounts: Block Microsoft accounts](/windows/device-security/security-policy-settings/accounts-block-microsoft-accounts). However, this setting can prevent the users from signing in to their Windows devices with their Microsoft accounts (if they had set them up to do so) when they are joined to the domain.
The default for this setting is **Disabled**, which enables users to use their Microsoft accounts on devices that are joined to your domain. Other options in the setting can: The default for this setting is **Disabled**, which enables users to use their Microsoft accounts on devices that are joined to your domain. Other options in the setting can:
@ -151,7 +151,7 @@ Only the owner of the Microsoft account can change the password. Passwords can b
### <a href="" id="bkmk-restrictappinstallationandusage"></a>Restrict app installation and usage ### <a href="" id="bkmk-restrictappinstallationandusage"></a>Restrict app installation and usage
Within your organization, you can set application control policies to regulate app installation and usage for Microsoft accounts. For more information, see [AppLocker](applocker-overview.md) and [Packaged Apps and Packaged App Installer Rules in AppLocker](packaged-apps-and-packaged-app-installer-rules-in-applocker.md). Within your organization, you can set application control policies to regulate app installation and usage for Microsoft accounts. For more information, see [AppLocker](/windows/device-security/applocker/applocker-overview) and [Packaged Apps and Packaged App Installer Rules in AppLocker](/windows/device-security/applocker/packaged-apps-and-packaged-app-installer-rules-in-applocker).
## See also ## See also

0
windows/keep-secure/security-identifiers.md → windows/access-protection/access-control/security-identifiers.md
View File

2
windows/keep-secure/security-principals.md → windows/access-protection/access-control/security-principals.md
View File

@ -83,7 +83,7 @@ Permissions are different from user rights in that permissions are attached to o
On computers, user rights enable administrators to control who has the authority to perform operations that affect an entire computer, rather than a particular object. Administrators assign user rights to individual users or groups as part of the security settings for the computer. Although user rights can be managed centrally through Group Policy, they are applied locally. Users can (and usually do) have different user rights on different computers. On computers, user rights enable administrators to control who has the authority to perform operations that affect an entire computer, rather than a particular object. Administrators assign user rights to individual users or groups as part of the security settings for the computer. Although user rights can be managed centrally through Group Policy, they are applied locally. Users can (and usually do) have different user rights on different computers.
For information about which user rights are available and how they can be implemented, see [User Rights Assignment](user-rights-assignment.md). For information about which user rights are available and how they can be implemented, see [User Rights Assignment](/windows/device-security/security-policy-settings/user-rights-assignment).
### <a href="" id="bkmk-authn"></a> Security context in authentication ### <a href="" id="bkmk-authn"></a> Security context in authentication

0
windows/keep-secure/service-accounts.md → windows/access-protection/access-control/service-accounts.md
View File

54
windows/keep-secure/special-identities.md → windows/access-protection/access-control/special-identities.md
View File

@ -145,9 +145,9 @@ Any user who accesses the system through a sign-in process has the Authenticated
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Access this computer from the network](access-this-computer-from-the-network.md): SeNetworkLogonRight</p> <td><p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Add workstations to domain](add-workstations-to-domain.md): SeMachineAccountPrivilege</p> <p>[Add workstations to domain](/windows/device-security/security-policy-settings/add-workstations-to-domain): SeMachineAccountPrivilege</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p></td> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -375,8 +375,8 @@ This group includes all domain controllers in an Active Directory forest. Domain
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights Assignment</p></td> <td><p>Default User Rights Assignment</p></td>
<td><p>[Access this computer from the network](access-this-computer-from-the-network.md): SeNetworkLogonRight</p> <td><p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Allow log on locally](allow-log-on-locally.md): SeInteractiveLogonRight</p></td> <p>[Allow log on locally](/windows/device-security/security-policy-settings/allow-log-on-locally): SeInteractiveLogonRight</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -418,9 +418,9 @@ Membership is controlled by the operating system.
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Access this computer from the network](access-this-computer-from-the-network.md): SeNetworkLogonRight</p> <td><p>[Access this computer from the network](/windows/device-security/security-policy-settings/access-this-computer-from-the-network): SeNetworkLogonRight</p>
<p>[Act as part of the operating system](act-as-part-of-the-operating-system.md): SeTcbPrivilege</p> <p>[Act as part of the operating system](/windows/device-security/security-policy-settings/act-as-part-of-the-operating-system): SeTcbPrivilege</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p></td> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -496,14 +496,14 @@ The Local Service account is similar to an Authenticated User account. The Local
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default user rights</p></td> <td><p>Default user rights</p></td>
<td><p>[Adjust memory quotas for a process](adjust-memory-quotas-for-a-process.md): SeIncreaseQuotaPrivilege</p> <td><p>[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
<p>[Change the system time](change-the-system-time.md): SeSystemtimePrivilege</p> <p>[Change the system time](/windows/device-security/security-policy-settings/change-the-system-time): SeSystemtimePrivilege</p>
<p>[Change the time zone](change-the-time-zone.md): SeTimeZonePrivilege</p> <p>[Change the time zone](/windows/device-security/security-policy-settings/change-the-time-zone): SeTimeZonePrivilege</p>
<p>[Create global objects](create-global-objects.md): SeCreateGlobalPrivilege</p> <p>[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege</p>
<p>[Generate security audits](generate-security-audits.md): SeAuditPrivilege</p> <p>[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege</p>
<p>[Impersonate a client after authentication](impersonate-a-client-after-authentication.md): SeImpersonatePrivilege</p> <p>[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege</p>
<p>[Replace a process level token](replace-a-process-level-token.md): SeAssignPrimaryTokenPrivilege</p></td> <p>[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -617,13 +617,13 @@ The Network Service account is similar to an Authenticated User account. The Net
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Adjust memory quotas for a process](adjust-memory-quotas-for-a-process.md): SeIncreaseQuotaPrivilege</p> <td><p>[Adjust memory quotas for a process](/windows/device-security/security-policy-settings/adjust-memory-quotas-for-a-process): SeIncreaseQuotaPrivilege</p>
<p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p> <p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
<p>[Create global objects](create-global-objects.md): SeCreateGlobalPrivilege</p> <p>[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege</p>
<p>[Generate security audits](generate-security-audits.md): SeAuditPrivilege</p> <p>[Generate security audits](/windows/device-security/security-policy-settings/generate-security-audits): SeAuditPrivilege</p>
<p>[Impersonate a client after authentication](impersonate-a-client-after-authentication.md): SeImpersonatePrivilege</p> <p>[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege</p>
<p>[Restore files and directories](restore-files-and-directories.md): SeRestorePrivilege</p> <p>[Restore files and directories](/windows/device-security/security-policy-settings/restore-files-and-directories): SeRestorePrivilege</p>
<p>[Replace a process level token](replace-a-process-level-token.md): SeAssignPrimaryTokenPrivilege</p></td> <p>[Replace a process level token](/windows/device-security/security-policy-settings/replace-a-process-level-token): SeAssignPrimaryTokenPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -885,8 +885,8 @@ Any service that accesses the system has the Service identity. This identity gro
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Create global objects](create-global-objects.md): SeCreateGlobalPrivilege</p> <td><p>[Create global objects](/windows/device-security/security-policy-settings/create-global-objects): SeCreateGlobalPrivilege</p>
<p>[Impersonate a client after authentication](impersonate-a-client-after-authentication.md): SeImpersonatePrivilege</p></td> <p>[Impersonate a client after authentication](/windows/device-security/security-policy-settings/impersonate-a-client-after-authentication): SeImpersonatePrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>
@ -996,8 +996,8 @@ Any user accessing the system through Terminal Services has the Terminal Server
</tr> </tr>
<tr class="even"> <tr class="even">
<td><p>Default User Rights</p></td> <td><p>Default User Rights</p></td>
<td><p>[Bypass traverse checking](bypass-traverse-checking.md): SeChangeNotifyPrivilege</p> <td><p>[Bypass traverse checking](/windows/device-security/security-policy-settings/bypass-traverse-checking): SeChangeNotifyPrivilege</p>
<p>[Increase a process working set](increase-a-process-working-set.md): SeIncreaseWorkingSetPrivilege</p></td> <p>[Increase a process working set](/windows/device-security/security-policy-settings/increase-a-process-working-set): SeIncreaseWorkingSetPrivilege</p></td>
</tr> </tr>
</tbody> </tbody>
</table> </table>

17
windows/access-protection/change-history-for-access-protection.md Normal file
View File

@ -0,0 +1,17 @@
---
title: Change history for access protection (Windows 10)
description: This topic lists new and updated topics in the Windows 10 access protection documentation for Windows 10 and Windows 10 Mobile.
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
---
# Change history for access protection
This topic lists new and updated topics in the [Access protection](index.md) documentation.
## March 2017
|New or changed topic |Description |
|---------------------|------------|
|[Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) |Updated to include additional security qualifications starting with Window 10, version 1703.|

Some files were not shown because too many files have changed in this diff Show More