diff --git a/windows/security/docfx.json b/windows/security/docfx.json index dc952e8060..03b5fbffd6 100644 --- a/windows/security/docfx.json +++ b/windows/security/docfx.json @@ -110,7 +110,6 @@ "✅ Windows Server 2016" ] }, - }, "ms.reviewer":{ "identity-protection/hello-for-business/*.md": "erikdau", "identity-protection/credential-guard/*.md": "zwhittington", diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md index 35a5ec849f..a2c64c37a0 100644 --- a/windows/security/identity-protection/access-control/local-accounts.md +++ b/windows/security/identity-protection/access-control/local-accounts.md @@ -62,7 +62,7 @@ Group Policy can be used to control the use of the local Administrators group au > [!IMPORTANT] > -> - Blank passwords are not allowed in the versions designated in the **Applies To** list at the beginning of this topic. +> - Blank passwords are not allowed. > > - Even when the Administrator account has been disabled, it can still be used to gain access to a computer by using safe mode. In the Recovery Console or in safe mode, the Administrator account is automatically enabled. When normal operations are resumed, it is disabled. diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md index b736e1c5a4..365f168f07 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md +++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md @@ -9,7 +9,7 @@ ms.reviewer: ardenw This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in. -The content in this topic applies to the versions of Windows that are designated in the **Applies To** list at the beginning of this topic. In these versions, smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process. +Smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process. Smart card support is required to enable many Remote Desktop Services scenarios. These include: @@ -83,7 +83,8 @@ Where <*CertFile*> is the root certificate of the KDC certificate issuer. For information about this option for the command-line tool, see [-addstore](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc732443(v=ws.11)#BKMK_addstore). -> **Note**  If you use the credential SSP on computers running the supported versions of the operating system that are designated in the **Applies To** list at the beginning of this topic: To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller. +> [!NOTE] +> To sign in with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel cannot be established without the root certification of the domain controller. Sign-in to Remote Desktop Services across a domain works only if the UPN in the certificate uses the following form: <*ClientName*>@<*DomainDNSName*> diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md index 2359e2a96b..5a810263fc 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md +++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md @@ -308,8 +308,6 @@ Figure 4 shows the Cryptography architecture that is used by the Windows operat ### Base CSP and smart card KSP properties in Windows -The following properties are supported in versions of Windows designated in the **Applies To** list at the beginning of this topic. - > **Note**  The API definitions are located in WinCrypt.h and WinSCard.h. | **Property** | **Description** | diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md index ba41b7a493..e52b7eeabd 100644 --- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md +++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md @@ -69,7 +69,7 @@ The following table lists the certificate support in older Windows operating sys Most issues during authentication occur because of session behavior changes. When changes occur, the Local Security Authority (LSA) does not reacquire the session context; it relies instead on the Cryptographic Service Provider to handle the session change. -In the supported versions of Windows designated in the **Applies To** list at the beginning of this topic, client certificates that do not contain a UPN in the **subjectAltName** (SAN) field of the certificate can be enabled for sign-in, which supports a wider variety of certificates and supports multiple sign-in certificates on the same card. +Client certificates that do not contain a UPN in the **subjectAltName** (SAN) field of the certificate can be enabled for sign-in, which supports a wider variety of certificates and supports multiple sign-in certificates on the same card. Support for multiple certificates on the same card is enabled by default. New certificate types must be enabled through Group Policy. diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md index ae5e2174e2..834f56a321 100644 --- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md +++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md @@ -7,8 +7,6 @@ ms.topic: how-to # How to configure Diffie Hellman protocol over IKEv2 VPN connections ->Applies To: Windows Server (General Availability Channel), Windows Server 2016, Windows 10, Windows 11 - In IKEv2 VPN connections, the default configuration for Diffie Hellman group is Group 2, which is not secure for IKE exchanges. To secure the connections, update the configuration of VPN servers and clients by running VPN cmdlets.