Merge remote-tracking branch 'refs/remotes/origin/jdrs' into rs1

2025-05-15 14:57:23 +00:00 · 2016-06-07 13:01:28 -07:00 · 2016-06-07 13:01:28 -07:00 · e2740c1afd
commit e2740c1afd
parent f3b7e39451 4b8012d1cd
18 changed files with 363 additions and 26 deletions
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@ -17,6 +17,7 @@
 ### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 ### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
 ## [Lock down Windows 10](lock-down-windows-10.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
 ### [Set up a device for anyone to use (kiosk mode)](set-up-a-device-for-anyone-to-use.md)
 #### [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md)
 #### [Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise](set-up-a-kiosk-for-windows-10-for-mobile-edition.md)
--- a/windows/manage/configure-windows-10-taskbar.md
+++ b/windows/manage/configure-windows-10-taskbar.md
@ -64,7 +64,7 @@ The easiest way to find this data for an application is to:
    <defaultlayout:TaskbarLayout>
      <taskbar:TaskbarPinList>
        <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-        <taskbar:DesktopApp ="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
      </taskbar:TaskbarPinList>
    </defaultlayout:TaskbarLayout>
 </CustomTaskbarLayoutCollection>
@ -88,7 +88,7 @@ The easiest way to find this data for an application is to:
      <defaultlayout:TaskbarLayout>
        <taskbar:TaskbarPinList>
          <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-          <taskbar:DesktopApp ="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+          <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
        </taskbar:TaskbarPinList>
      </defaultlayout:TaskbarLayout>
    </CustomTaskbarLayoutCollection>
@ -171,27 +171,39 @@ The following example shows you how to configure taskbars by country or region.
    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
    Version="1">
-   <CustomTaskbarLayoutCollection>
+  <CustomTaskbarLayoutCollection PinListPlacement="Replace">
-    <defaultlayout:TaskbarLayout>
+    <defaultlayout:TaskbarLayout region="US|UK">
-      <taskbar:TaskbarPinList region="US|UK">
+      <taskbar:TaskbarPinList >
        <taskbar:UWA AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
-     </taskbar:TaskbarPinList>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
-    <taskbar:TaskbarPinList>
+        <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
-      <taskbar:DesktopApp ="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
-      <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
+        <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
-    </taskbar:TaskbarPinList>
+      </taskbar:TaskbarPinList>
-    <taskbar:TaskbarPinList region="DE|FR">
+    </defaultlayout:TaskbarLayout>
-      <taskbar:UWA AppUserModelID="Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel" />
+    <defaultlayout:TaskbarLayout region="DE|FR">
-    </taskbar:TaskbarPinList>
+      <taskbar:TaskbarPinList>
-    <taskbar:TaskbarPinList>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
-      <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
+        <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
-      <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
+        <taskbar:UWA AppUserModelID="Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel" />
-    </taskbar:TaskbarPinList>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
-  </defaultlayout:TaskbarLayout>
+        <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
- </CustomTaskbarLayoutCollection>
+      </taskbar:TaskbarPinList>
    </defaultlayout:TaskbarLayout>
    <defaultlayout:TaskbarLayout>
      <taskbar:TaskbarPinList>
        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk" />
        <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
        <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk"/>
        <taskbar:UWA AppUserModelID="Microsoft.Reader_8wekyb3d8bbwe!Microsoft.Reader" />
      </taskbar:TaskbarPinList>
    </defaultlayout:TaskbarLayout>
  </CustomTaskbarLayoutCollection>
 </LayoutModificationTemplate>
 ```
 When the preceding example XML is applied, the resulting taskbar for computers in the US or UK:
--- a/windows/manage/images/choose-package.png
+++ b/windows/manage/images/choose-package.png
--- a/windows/manage/images/connect-aad.png
+++ b/windows/manage/images/connect-aad.png
--- a/windows/manage/images/express-settings.png
+++ b/windows/manage/images/express-settings.png
--- a/windows/manage/images/icd-adv-shared-pc.PNG
+++ b/windows/manage/images/icd-adv-shared-pc.PNG
--- a/windows/manage/images/icd-school.PNG
+++ b/windows/manage/images/icd-school.PNG
--- a/windows/manage/images/icd-simple.PNG
+++ b/windows/manage/images/icd-simple.PNG
--- a/windows/manage/images/license-terms.png
+++ b/windows/manage/images/license-terms.png
--- a/windows/manage/images/oobe.jpg
+++ b/windows/manage/images/oobe.jpg
--- a/windows/manage/images/prov.jpg
+++ b/windows/manage/images/prov.jpg
--- a/windows/manage/images/setupmsg.jpg
+++ b/windows/manage/images/setupmsg.jpg
--- a/windows/manage/images/sign-in-prov.png
+++ b/windows/manage/images/sign-in-prov.png
--- a/windows/manage/images/trust-package.png
+++ b/windows/manage/images/trust-package.png
--- a/windows/manage/images/who-owns-pc.png
+++ b/windows/manage/images/who-owns-pc.png
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@ -12,12 +12,6 @@ author: jdeckerMS
 # Lock down Windows 10
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
 Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.
 ## In this section
@ -35,6 +29,7 @@ Enterprises often need to manage how people use corporate devices. Windows 10 p
 </tr>
 </thead>
 <tbody>
 <tr><td align="left"><p>[Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)</p></td><td align="left"><p>tbd</p></td></tr>
 <tr class="odd">
 <td align="left"><p>[Set up a device for anyone to use (kiosk mode)](set-up-a-device-for-anyone-to-use.md)</p></td>
 <td align="left"><p>You can configure a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select.</p></td>
--- a/windows/manage/set-up-shared-or-guest-pc.md
+++ b/windows/manage/set-up-shared-or-guest-pc.md
@ -0,0 +1,329 @@
 ---
 title: Set up a shared or guest PC with Windows 10 (Windows 10)
 description: tbd
 keywords: ["shared pc mode"]
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
 ---
 # Set up a shared or guest PC with Windows 10
 **Applies to**
 -   Windows 10
 Windows 10, Version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise  and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise.
 > **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/en-us/edu/windows/use-set-up-school-pcs-app).
 A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. After setup, the device is ready for multiple users. Users only have non-administrator rights, and they can’t block other users from accessing the device. With a standard Windows PC, accounts would have to be manually cleaned by an administrator (both signed out and deleted). In shared PC mode, accounts that sign in to the PC are either deleted when the user signs out or are deleted when available disk space reaches a set threshold, depending on how you configure the settings for shared PC mode. 
 You can put a PC in shared PC mode by applying a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294.aspx). 
 ![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
 ## Create a provisioning package for shared use
 Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
 1.  Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). 
 2. On the **Start page**, select **Advanced provisioning**.
 3. Enter a name and (optionally) a description for the project, and click **Next**.
 4. Select **All Windows desktop editions**, and click **Next**.
 5. Click **Finish**. Your project opens in Windows ICD.
 6. Go to **Runtime settings** > **SharedPC**. The following table describes the settings you can configure for **SharedPC**.
 Setting | Value |
 :---|:---|
 EnableSharedPCMode | Set as **True**. The remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**.</br></br>If you do not set **EnableSharedPCMode** as **True**, you can create a provisioning package using the remaining settings in **SharedPC** but  none of the other settings will be applied.  |
 AccountManagement: AccountModel | For a shared or guest PC, choose between **Only guest** and **Domain-joined and guest**.<br/>  - **Only guest** allows anyone to use the PC as a local standard (non-admin) account. When the account is signed out, it is deleted immediately. <br/>  - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.<br/>-   **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account.   |
 AccountManagement: DeletionPolicy | - **Delete immediately** will delete all accounts on sign-out. <br/>- **Delete at disk space threshold** will start deleting Active Directory and Azure AD accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed.  |
 AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching.   |
 AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion.   |
 AccountManagement: EnableAccountManager | Set as **True** if you want to set any other account management policies. |
 Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value.   |
 Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. When **SetEduPolicies** is **True**, the following additional policies are applied:<br/>- Local storage locations are restricted. Users can only save files to the cloud. <br/>- Custom Start and taskbar layouts are set.\* <br/>- A custom sign-in screen background image is set.\*<br/><br/>\*Only applies to Windows 10 Pro for Education, Enterprise, and Education  |
 Customization: SetPowerPolicies |  When set as **True**:<br/>- Prevents users from changing power settings<br/>- Turns off hibernate<br/>- Enables wake timers for Windows Update<br/>- Turns off all state transitions to sleep  |
 Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep.     |
 Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.     |
  <br/>
 ## Apply the provisioning package
 You can apply the provisioning package to a PC during initial setup or to a PC that has already been set up.
 **During initial setup**
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
    ![The first screen to set up a new PC](images/oobe.jpg)
 2. Insert the USB drive and press the Windows key five times. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
    ![Set up device?](images/setupmsg.jpg)
 3. The next screen asks you to select a provisioning source. Select **Removable Media** and tap **Next**.
    ![Provision this device](images/prov.jpg)
 4. Select the provisioning package (\*.ppkg) that you want to apply, and tap **Next**.
    ![Choose a package](images/choose-package.png)
 5. Select **Yes, add it**.
    ![Do you trust this package?](images/trust-package.png)
 6. Read and accept the Microsoft Software License Terms.  
    ![Sign in](images/license-terms.png)
 7. Select **Use Express settings**.
    ![Get going fast](images/express-settings.png)
 8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
    ![Who owns this PC?](images/who-owns-pc.png)
 9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
    ![Connect to Azure AD](images/connect-aad.png)
 10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
    ![Sign in](images/sign-in-prov.png)
 **After setup**
 On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work access** &gt; **Add or remove a management package** &gt; **Add a package**, and selects the package to install. 
 ![add a package option](images/package.png)
 > **Note:** If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
 ## Guidance for accounts on shared PCs
 * We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
 * When a PC is set up in shared PC mode, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account managment happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Start without an account** will also be deleted automatically at sign out.
 * On a Windows PC joined to Azure Active Directory:
    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
 * Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. However, any new local accounts created by the **Start without an account** selection on the sign-in screen (if enabled) will automatically be deleted at sign-out.
 * If admin accounts are necessary on the PC
    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
    * Create admin accounts before setting up shared PC mode, or 
    * Create exempt accounts before signing out.
 * The account management service supports accounts that are exempt from deletion.
    * An account can be marked exempt from deletion by adding the account SID to the `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\` registry key.
    * To add the account SID to the registry key using PowerShell:
        ```
        $adminName = "LocalAdmin"
        $adminPass = 'Pa$$word123'
        iex "net user /add $adminName $adminPass"
        $user = New-Object System.Security.Principal.NTAccount($adminName) 
        $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
        $sid = $sid.Value;
        New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
        ``` 
 ## Policies set by shared PC mode
 > **Important**: It is not recommended to set additional policies on PCs configured for **Shared PC Mode**.	The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong> > <strong>Control Panel</strong> > <strong>Personalization</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr><td><p>Prevent enabling lock screen slide show</p></td><td><p>Enabled</p></td>
 </tr> 
 <tr><td><p>Prevent changing lock screen and logon image</p></td><td><p>Enabled</p></td>
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Button Settings</strong></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr><td><p>Select the Power button action (plugged in)</p></td><td><p>Sleep</p></td> 
 </tr> 
 <tr><td><p>Select the Power button action (on battery)</p></td><td><p>Sleep</p></td> 
 </tr> 
 <tr><td><p>Select the Sleep button action (plugged in)</p></td><td><p>Sleep</p></td> 
 </tr> 
 <tr><td><p>Select the lid switch action (plugged in)</p></td><td><p>Sleep</p></td>
 </tr> 
 <tr><td><p>Select the lid switch action (on battery)</p></td><td><p>Sleep</p></td>
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong> > <strong>System</strong> > <strong>Power Management</strong> > <strong>Sleep Settings</strong></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr><td><p>Require a password when a computer wakes (plugged in)</p></td><td><p>Enabled</p></td>
 </tr> 
 <tr><td><p>Require a password when a computer wakes (on battery)</p></td><td><p>Enabled</p></td>
 </tr>
 <tr><td><p>Specify the system sleep timeout (plugged in)</p></td><td><p>1 hour</p></td>
 </tr> 
 <tr><td><p>Specify the system sleep timeout (on battery)</p></td><td><p>1 hour</p></td>
 </tr> 
 <tr> <td> <p> Turn off hybrid sleep (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
 </tr> 
 <tr> <td> <p> Turn off hybrid sleep (on battery) </p> </td> <td> <p> Enabled </p> </td>  
 </tr> 
 <tr> <td> <p> Specify the unattended sleep timeout (plugged in) </p> </td> <td> <p> 1 hour </p> </td>  
 </tr> 
 <tr> <td> <p> Specify the unattended sleep timeout (on battery) </p> </td> <td> <p> 1 hour </p> </td> 
 </tr> 
 <tr> <td> <p> Allow standby states (S1-S3) when sleeping (plugged in) </p> </td> <td> <p> Enabled </p> </td>  
 </tr> 
 <tr> <td> <p> Allow standby states (S1-S3) when sleeping (on battery) </p> </td> <td> <p> Enabled </p> </td> 
 </tr> 
 <tr> <td> <p> Specify the system hibernate timeout (plugged in) </p> </td> <td> <p> Enabled, 0 </p> </td> 
 </tr> 
 <tr> <td> <p> Specify the system hibernate timeout (on battery) </p> </td> <td> <p> Enabled, 0 </p> </td> 
 </tr> </table><bbr/>
 <table style="width:100%" border="1"> 
 <caption <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Power Management</strong>  >  <strong>Video and Display Settings</strong>  ></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Turn off the display (plugged in) </p> </td> <td> <p> 1 hour </p> </td> 
 </tr>
 <tr> <td> <p> Turn off the display (on battery </p> </td> <td> <p> 1 hour </p> </td>  
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption> <strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>Logon</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Show first sign-in animation </p> </td> <td> <p> Disabled </p> </td>  
 </tr> 
 <tr> <td> <p> Hide entry points for Fast User Switching </p> </td> <td> <p> Enabled </p> </td> 
 </tr> 
 <tr> <td> <p> Turn on convenience PIN sign-in </p> </td> <td> <p> Disabled </p> </td>  
 </tr> 
 <tr> <td> <p> Turn off picture password sign-in </p> </td> <td> <p> Enabled </p> </td>  
 </tr> 
 <tr> <td> <p> Turn off app notification on the lock screen </p> </td> <td> <p> Enabled </p> </td>  
 </tr> 
 <tr> <td> <p> Allow users to select when a password is required when resuming from connected standby </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> Block user from showing account details on sign-in </p> </td> <td> <p> Enabled </p> </td>  
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong>  >  <strong>System</strong>  >  <strong>User Profiles</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Turn off the advertising ID </p> </td> <td> <p> Enabled </p> </td>  
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption> <strong>Admin Templates</strong>  >  <strong>Windows Components </strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Do not show Windows Tips </p> </td> <td> <p> Enabled </p> </td> 
 </tr> 
 <tr> <td> <p> Turn off Microsoft consumer experiences </p> </td> <td> <p> Enabled </p> </td> 
 </tr> 
 <tr> <td> <p> Microsoft Passport for Work </p> </td> <td> <p> Disabled </p> </td>  
 </tr> 
 <tr> <td> <p> Prevent the usage of OneDrive for file storage </p> </td> <td> <p> Enabled </p> </td>  
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Biometrics</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Allow the use of biometrics </p> </td> <td> <p> Disabled </p> </td>  
 </tr> 
 <tr> <td> <p> Allow users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> Allow domain users to log on using biometrics </p> </td> <td> <p> Disabled </p> </td> 
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Data Collection and Preview Builds</strong></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Toggle user control over Insider builds </p> </td> <td> <p> Disabled </p> </td>  
 </tr> 
 <tr> <td> <p> Disable pre-release features or settings </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> Do not show feedback notifications </p> </td> <td> <p> Enabled </p> </td> 
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>File Explorer</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Show lock in the user tile menu </p> </td> <td> <p> Disabled </p> </td>  
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Maintenance Scheduler</strong></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Automatic Maintenance Activation Boundary </p> </td> <td> <p> 12am </p> </td>  
 </tr> 
 <tr> <td> <p> Automatic Maintenance Random Delay </p> </td> <td> <p> Enabled, 2 hours </p> </td> 
 </tr> 
 <tr> <td> <p> Automatic Maintenance WakeUp Policy </p> </td> <td> <p> Enabled </p> </td> 
 </tr> </table><br/>
 <table style="width:100%" border="1">
 <caption> <strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Microsoft Edge</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Open a new tab with an empty tab </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> Configure corporate home pages </p> </td> <td> <p> Enabled, about:blank </p> </td> 
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Admin Templates</strong>  >  <strong>Windows Components</strong>  >  <strong>Search</strong></caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Allow Cortana </p> </td> <td> <p> Disabled </p> </td> 
 </tr> </table><br/>
 <table style="width:100%" border="1"> 
 <caption><strong>Windows Settings</strong>  >  <strong>Security Settings</strong>  >  <strong>Local Policies</strong>  >  <strong>Security Options</strong> </caption>
 <tr><th><p>Policy name</p></th><th><p>Value</p></th> 
 </tr> 
 <tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled </p>   </td>
 </tr> 
 <tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> Shutdown: Allow system to be shut down without having to log on </p> </td> <td> <p> Disabled </p> </td> 
 </tr> 
 <tr> <td> <p> User Account Control: Behavior of the elevation prompt for standard users </p> </td> <td> <p> Auto deny </p> </td>  
 </tr> 
 </table> </br></br>
 ## Related topics
 [Set up a device for anyone to use (kiosk)](set-up-a-device-for-anyone-to-use.md)
--- a/windows/whats-new/windows-spotlight.md
+++ b/windows/whats-new/windows-spotlight.md
@ -16,7 +16,7 @@ author: jdeckerMS
 -   Windows 10
-Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen. Windows Spotlight is now available in Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education. For managed devices running Windows 10 Enterprise and Windows 10 Education, enterprise administrators can configure a mobile device management (MDM) or Group Policy setting to prevent users from using the Windows Spotlight background.
+Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen. Windows Spotlight is available in all desktop editions of Windows 10. For managed devices running Windows 10 Enterprise and Windows 10 Education, enterprise administrators can configure a mobile device management (MDM) or Group Policy setting to prevent users from using the Windows Spotlight background.
 ## What does Windows Spotlight include?