From f25a07096753141d428379190f0ad20793f23fb1 Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 28 Sep 2016 08:51:38 -0700 Subject: [PATCH 01/10] moved font streaming note to bottom of section --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 83ea150608..42d9d21bc2 100644 --- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -270,11 +270,11 @@ Fonts that are included in Windows but that are not stored on the local device c If you're running Windows 10, version 1607 or Windows Server 2016, disable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Network** > **Fonts** > **Enable Font Providers**. +If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1. + > [!NOTE] > After you apply this policy, you must restart the device for it to take effect. -If you're running Windows 10, version 1507 or Windows 10, version 1511, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1. - ### 6. Insider Preview builds From ba1f3692b5ecf9aa794e34e3fddb4cc918a070b3 Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Wed, 28 Sep 2016 12:53:39 -0700 Subject: [PATCH 02/10] fix typo --- windows/manage/mandatory-user-profile.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/mandatory-user-profile.md b/windows/manage/mandatory-user-profile.md index 5a19dddc3e..698093e9a1 100644 --- a/windows/manage/mandatory-user-profile.md +++ b/windows/manage/mandatory-user-profile.md @@ -18,7 +18,7 @@ author: jdeckerMS > [!NOTE] > When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. -A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. +A mandatory user profile is a roaming user profile that has been pre-configured by an administrator to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles. From 8fa804acfd061cfcf5604153e02d2eb83374544f Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 28 Sep 2016 13:17:14 -0700 Subject: [PATCH 03/10] fixed typos --- .../keep-secure/change-history-for-keep-windows-10-secure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md index 6dc8ea8b8c..db02131f0c 100644 --- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md +++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md @@ -20,7 +20,7 @@ This topic lists new and updated topics in the [Keep Windows 10 secure](index.md |[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. | |[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |Updated the networking table to clarify details around Enterprise Cloud Resources and Enterprise Proxy Servers. | | [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs | -| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate | +| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq example and added a new Windows PowerShell example for creating a self-signed certificate | ## August 2016 |New or changed topic | Description | From 06c944213eabbe03ff1c1cc9b8d9bd48c030d85b Mon Sep 17 00:00:00 2001 From: Brian Lich Date: Wed, 28 Sep 2016 13:54:06 -0700 Subject: [PATCH 04/10] Fixing issue #44 --- windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md index 637b6aaaca..546035f735 100644 --- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md +++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md @@ -92,9 +92,10 @@ By default MDT stores the log files locally on the client. In order to capture a 1. On MDT01, log on as **CONTOSO\\Administrator**. 2. Create and share the **E:\\Logs** folder by running the following commands in an elevated Windows PowerShell prompt: + ``` syntax New-Item -Path E:\Logs -ItemType directory - New-SmbShare ?Name Logs$ ?Path E:\Logs -ChangeAccess EVERYONE + New-SmbShare -Name Logs$ -Path E:\Logs -ChangeAccess EVERYONE icacls E:\Logs /grant '"MDT_BA":(OI)(CI)(M)' ``` From 7392f60a1f5ad97375ff776c5bd7f922df449e55 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Wed, 28 Sep 2016 15:28:02 -0700 Subject: [PATCH 05/10] Fixed a confusing typo in the procedure --- windows/keep-secure/remote-credential-guard.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/remote-credential-guard.md b/windows/keep-secure/remote-credential-guard.md index 575cb5f7f2..1c86e844b2 100644 --- a/windows/keep-secure/remote-credential-guard.md +++ b/windows/keep-secure/remote-credential-guard.md @@ -35,7 +35,6 @@ The Remote Desktop client and server must meet the following requirements in ord - They must be running at least Windows 10, version 1607 or Windows Server 2016. - The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Remote Credential Guard. - ## Enable Remote Credential Guard You must enable Remote Credential Guard on the target device by using the registry. @@ -61,11 +60,12 @@ You can use Remote Credential Guard on the client device by setting a Group Poli 1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**. 2. Double-click **Restrict delegation of credentials to remote servers**. 3. In the **Use the following restricted mode** box: - - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Require Remote Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used. + - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Prefer Remote Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used. > **Note:** Neither Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server. - - If you want to allow Remote Credential Guard, choose **Prefer Remote Credential Guard**. + - If you want to require Remote Credential Guard, choose **Require Remote Credential Guard**. With this setting, a Remote Desktop connection will succeed only if the remote computer meets the [Hardware and software requirements](#hardware-and-software-requirements) listed earlier in this topic. + 4. Click **OK**. ![Remote Credential Guard Group Policy](images/remote-credential-guard-gp.png) From 4e6fae41942117dff56429d1c9ead1a9027f7fad Mon Sep 17 00:00:00 2001 From: Justinha Date: Wed, 28 Sep 2016 16:17:37 -0700 Subject: [PATCH 06/10] added new topics to change history for Deploy node --- windows/deploy/change-history-for-deploy-windows-10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md index fb3f4478ec..45bd679722 100644 --- a/windows/deploy/change-history-for-deploy-windows-10.md +++ b/windows/deploy/change-history-for-deploy-windows-10.md @@ -15,6 +15,9 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc | New or changed topic | Description | |----------------------|-------------| | [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New | +| [Get started with Upgrade Analytics](upgrade-analytics-get-started) | Updated with prerequisites for site discovery | +| [Resolve application and driver issues](upgrade-analytics-resolve-issues.md) | Updated with app status info for Ready For Windows | +| [Review site discovery](upgrade-analytics-review-site-discovery.md) | New | ## RELEASE: Windows 10, version 1607 From 342673bff24e1f54e40eef43f99c5fc7441d274f Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Wed, 28 Sep 2016 18:33:51 -0700 Subject: [PATCH 07/10] sm chg to procedure text --- windows/keep-secure/remote-credential-guard.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/remote-credential-guard.md b/windows/keep-secure/remote-credential-guard.md index 1c86e844b2..2a813caee1 100644 --- a/windows/keep-secure/remote-credential-guard.md +++ b/windows/keep-secure/remote-credential-guard.md @@ -59,7 +59,7 @@ You can use Remote Credential Guard on the client device by setting a Group Poli 1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**. 2. Double-click **Restrict delegation of credentials to remote servers**. -3. In the **Use the following restricted mode** box: +3. Under **Use the following restricted mode**: - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Prefer Remote Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used. > **Note:** Neither Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server. From 4090a0be6083266dfcbfca2ef217e274e92b5e2b Mon Sep 17 00:00:00 2001 From: jdeckerMS Date: Thu, 29 Sep 2016 09:38:24 -0700 Subject: [PATCH 08/10] fix link --- windows/deploy/change-history-for-deploy-windows-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md index 45bd679722..d09519574f 100644 --- a/windows/deploy/change-history-for-deploy-windows-10.md +++ b/windows/deploy/change-history-for-deploy-windows-10.md @@ -15,7 +15,7 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc | New or changed topic | Description | |----------------------|-------------| | [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New | -| [Get started with Upgrade Analytics](upgrade-analytics-get-started) | Updated with prerequisites for site discovery | +| [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) | Updated with prerequisites for site discovery | | [Resolve application and driver issues](upgrade-analytics-resolve-issues.md) | Updated with app status info for Ready For Windows | | [Review site discovery](upgrade-analytics-review-site-discovery.md) | New | From 061c2dbaad9b2de831b8fdbb472bf4a6b46f1cc2 Mon Sep 17 00:00:00 2001 From: JanKeller1 Date: Thu, 29 Sep 2016 11:39:32 -0700 Subject: [PATCH 09/10] Fixed a link to Device Guard intro content --- windows/whats-new/whats-new-windows-10-version-1507-and-1511.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md index 4dcad74254..b676817d41 100644 --- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md +++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md @@ -197,7 +197,7 @@ Event ID 6416 has been added to track when an external device is detected throug The following sections describe the new and changed functionality in the TPM for Windows 10: - [Device health attestation](#bkmk-dha) - [Microsoft Passport](microsoft-passport.md) support -- [Device Guard](device-guard-overview.md) support +- [Device Guard](../keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md) support - [Credential Guard](../keep-secure/credential-guard.md) support ### Device health attestation From 1e396d313def634961d8f903d4f13280784c24b6 Mon Sep 17 00:00:00 2001 From: jamiejdt Date: Thu, 29 Sep 2016 15:38:54 -0700 Subject: [PATCH 10/10] Update text on delay setting options --- ...g-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md index da5caca883..75c4d4f4b9 100644 --- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md +++ b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md @@ -70,7 +70,7 @@ If upon installation the user or administrator choses to participate in the Cust ### Monitor Application Settings -The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. +The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is run at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory. @@ -96,7 +96,7 @@ The **Monitor Application Settings** task is used to synchronize settings for Wi ### Sync Controller Application The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory. - +**Note:** As per the **Monitor Application Settings** task, this task is run at logon but is delayed by 30 seconds to not affect the logon detrimentally.
@@ -305,7 +305,7 @@ The following additional information applies to UE-V scheduled tasks: - ll task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default. -- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V 2 default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute.  You can also increase the 30 min default to a higher amount if necessary. +- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V 2 default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute.  You can also increase the 30 min default to a higher amount if necessary. If users complain that settings do not synchronize fast enough on logon, then you can remove the delay setting for the scheduled task. (You can find the delay setting in the **Edit Trigger** dialogue box) - You do not need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (i.e. Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.