deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 18:33:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'refs/remotes/origin/master' into vs-7332923

Browse Source
This commit is contained in:
LizRoss
2016-04-28 10:51:04 -07:00
parent a264cd42f5 33314f5bde
commit eea6156a35
9 changed files with 193 additions and 638 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
View File

@ -16,9 +16,9 @@ title: Collect data using Enterprise Site Discovery
- Windows 8.1 Update
- Windows 7 with Service Pack 1 (SP1)
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7. This inventory information helps you build a list of websites used by your company so you can make more informed decisions about your IE deployments, including figuring out which sites might be at risk or require overhauls during future upgrades.
## Requirements
## Before you begin
Before you start, you need to make sure you have the following:
- Latest cumulative security update (for all supported versions of Internet Explorer):
@ -43,7 +43,7 @@ Before you start, you need to make sure you have the following:
You must use System Center 2012 R2 Configuration Manager or later for these samples to work.
Both the PowerShell script and .mof file need to be copied to the same location on the client computer, before you run the scripts.
Both the PowerShell script and the Managed Object Format (.MOF) file need to be copied to the same location on the client device, before you run the scripts.
## What data is collected?
Data is collected on the configuration characteristics of IE and the sites it browses, as shown here.
@ -67,7 +67,7 @@ Data is collected on the configuration characteristics of IE and the sites it br
The data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Where is the data stored and how do I collect it?
The data is stored locally, in an industry-standard WMI class, Managed Object Format (.MOF) file or in an XML file, depending on your configuration. This file remains on the client computer until its collected. To collect the files, we recommend:
The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until its collected. To collect the files, we recommend:
- **WMI file**. Use Microsoft Configuration Manager or any agent that can read the contents of a WMI class on your computer.
@ -80,48 +80,55 @@ On average, a website generates about 250bytes of data for each visit, causing o
<p>**Important**<br>The data collection process is silent, so theres no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
## Getting ready to use Enterprise Site Discovery
Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
<p>**Important**<br>You must run this script if youre using WMI as your data output. It's not necessary if you're using XML as your data output.
![](images/wedge.gif) **To set up Enterprise Site Discovery**
![](images/wedge.gif) **To set up Enterprise Site Discovery**
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
### Optional: Set up your firewall for WMI data
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
### WMI only: Set up your firewall for WMI data
If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If youre sure, you can skip this section; otherwise, follow these steps:
![](images/wedge.gif) **To set up your firewall**
![](images/wedge.gif) **To set up your firewall**
1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
1. In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
2. In the left pane, click **Allow an app or feature through Windows Firewall** and scroll down to check the box for **Windows Management Instrumentation (WMI)**.
3. Restart your computer to start collecting your WMI data.
3. Restart your computer to start collecting your WMI data.
## Setting up Enterprise Site Discovery using PowerShell
After you finish the initial setup for Site Discovery using PowerShell, you have the option to continue with PowerShell or to switch to Group Policy.
## Use PowerShell to finish setting up Enterprise Site Discovery
You can determine which zones or domains are used for data collection, using PowerShell. If you dont want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
<p>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
### Setting up zones or domains for data collection
You can determine which zones or domains are used for data collection, using PowerShell.
- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
- **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
- **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
![](images/wedge.gif) **To set up data collection using a domain allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
<p>**Important**<br>Wildcards, like \*.microsoft.com, arent supported.
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
**Important**<br>Wildcards, like \*.microsoft.com, arent supported.
![](images/wedge.gif) **To set up data collection using a zone allow list**
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
<p>**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
## Setting up Enterprise Site Discovery using Group Policy
If you dont want to continue using PowerShell, you can switch to Group Policy after the initial Site Discovery setup.
## Use Group Policy to finish setting up Enterprise Site Discovery
You can use Group Policy to finish setting up Enterprise Site Discovery. If you dont want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
<p>**Note**<br> All of the Group Policy settings can be used individually or as a group.
![](images/wedge.gif) **To set up Enterprise Site Discovery using Group Policy**
@ -136,7 +143,6 @@ If you dont want to continue using PowerShell, you can switch to Group Policy
|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
### Combining WMI and XML Group Policy settings
You can use both the WMI and XML settings individually or together, based on:
![](images/wedge.gif) **To turn off Enterprise Site Discovery**
@ -163,12 +169,17 @@ You can use both the WMI and XML settings individually or together, based on:
<li><b>Turn on Site Discovery XML output:</b> XML file path</li>
</ul>
## Use Configuration Manager to collect your data
After youve collected your data, youll need to get the local files off of your employees computers. To do this, use the hardware inventory process in Configuration Manager, in one of the following ways.
After youve collected your data, youll need to get the local files off of your employees computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
### Collect your hardware inventory using the MOF Editor while connecting to a computer
You can collect your hardware inventory using the MOF Editor, while youre connected to your client computers.
- Collect your hardware inventory using the MOF Editor, while connecting to a client device.<p>
-OR-
- Collect your hardware inventory using the MOF Editor with a .MOF import file.<p>
-OR-
- Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
### Collect your hardware inventory using the MOF Editor while connected to a client device
You can collect your hardware inventory using the MOF Editor, while youre connected to your client devices.
![](images/wedge.gif) **To collect your inventory**
@ -193,8 +204,8 @@ You can collect your hardware inventory using the MOF Editor, while youre con
5. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the MOF Editor with a MOF import file
You can collect your hardware inventory using the MOF Editor and a MOF import file.
### Collect your hardware inventory using the MOF Editor with a .MOF import file
You can collect your hardware inventory using the MOF Editor and a .MOF import file.
![](images/wedge.gif) **To collect your inventory**
@ -207,8 +218,8 @@ You can collect your hardware inventory using the MOF Editor and a MOF import fi
4. Click **OK** to close the default windows.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Collect your hardware inventory using the SMS\DEF.MOF file
You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file.
### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you arent using this version of Configuration Manager, you wont want to use this option.
![](images/wedge.gif) **To collect your inventory**
@ -281,7 +292,7 @@ You can collect your hardware inventory using the using the Systems Management S
3. Save the file and close it to the same location.<br>
Your environment is now ready to collect your hardware inventory and review the sample reports.
### Viewing the sample reports
## View the sample reports with your collected data
The sample reports, **SCCM Report Sample ActiveX.rdl** and **SCCM Report Sample Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
### SCCM Report Sample ActiveX.rdl
@ -336,7 +347,7 @@ Each site is validated and if successful, added to the global site list when you
3. Click **OK** to close the **Bulk add sites to the list** menu.
## Turn off data collection on your client computers
## Turn off data collection on your client devices
After youve collected your data, youll need to turn Enterprise Site Discovery off.
![](images/wedge.gif) **To stop collecting data, using PowerShell**

478
mdop/appv-v5/about-client-configuration-settings51.md
View File

@ -15,444 +15,46 @@ The Microsoft Application Virtualization (App-V) 5.1 client stores its configura
The following table displays information about the App-V 5.1 client configuration settings:
<table style="width:100%;">
<colgroup>
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
<col width="16%" />
</colgroup>
<thead>
<tr class="header">
<th align="left">Setting Name</th>
<th align="left">Setup Flag</th>
<th align="left">Description</th>
<th align="left">Setting Options</th>
<th align="left">Registry Key Value</th>
<th align="left">Disabled Policy State Keys and Values</th>
</tr>
</thead>
<tbody>
<tr class="odd">
<td align="left"><p>PackageInstallationRoot</p></td>
<td align="left"><p>PACKAGEINSTALLATIONROOT</p></td>
<td align="left"><p>Specifies directory where all new applications and updates will be installed.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Streaming\PackageInstallationRoot</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>PackageSourceRoot</p></td>
<td align="left"><p>PACKAGESOURCEROOT</p></td>
<td align="left"><p>Overrides source location for downloading package content.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Streaming\PackageSourceRoot</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>AllowHighCostLaunch</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).</p></td>
<td align="left"><p>True (enabled); False (Disabled state)</p></td>
<td align="left"><p>Streaming\AllowHighCostLaunch</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="even">
<td align="left"><p>ReestablishmentRetries</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the number of times to retry a dropped session.</p></td>
<td align="left"><p>Integer (0-99)</p></td>
<td align="left"><p>Streaming\ReestablishmentRetries</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>ReestablishmentInterval</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the number of seconds between attempts to reestablish a dropped session.</p></td>
<td align="left"><p>Integer (0-3600)</p></td>
<td align="left"><p>Streaming\ReestablishmentInterval</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>AutoLoad</p></td>
<td align="left"><p>AUTOLOAD</p></td>
<td align="left"><p>Specifies how new packages should be loaded automatically by App-V on a specific computer.</p></td>
<td align="left"><p>(0x0) None; (0x1) Previously used; (0x2) All</p></td>
<td align="left"><p>Streaming\AutoLoad</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>LocationProvider</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Streaming\LocationProvider</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>CertFilterForClientSsl</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the path to a valid certificate in the certificate store.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Streaming\CertFilterForClientSsl</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>VerifyCertificateRevocationList</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Verifies Server certificate revocation status before steaming using HTTPS.</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Streaming\VerifyCertificateRevocationList</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="even">
<td align="left"><p>SharedContentStoreMode</p></td>
<td align="left"><p>SHAREDCONTENTSTOREMODE</p></td>
<td align="left"><p>Specifies that streamed package contents will be not be saved to the local hard disk.</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Streaming\SharedContentStoreMode</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="odd">
<td align="left"><p>Name</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>PUBLISHINGSERVERNAME</p></td>
<td align="left"><p>Displays the name of publishing server.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\FriendlyName</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>URL</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>PUBLISHINGSERVERURL</p></td>
<td align="left"><p>Displays the URL of publishing server.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\URL</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>GlobalRefreshEnabled</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>GLOBALREFRESHENABLED</p></td>
<td align="left"><p>Enables global publishing refresh (Boolean)</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\GlobalEnabled</p></td>
<td align="left"><p>False</p></td>
</tr>
<tr class="even">
<td align="left"><p>GlobalRefreshOnLogon</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>GLOBALREFRESHONLOGON</p></td>
<td align="left"><p>Triggers a global publishing refresh on logon. ( Boolean)</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\GlobalLogonRefresh</p></td>
<td align="left"><p>False</p></td>
</tr>
<tr class="odd">
<td align="left"><p>GlobalRefreshInterval</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>GLOBALREFRESHINTERVAL  </p></td>
<td align="left"><p>Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.</p></td>
<td align="left"><p>Integer (0-744</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="even">
<td align="left"><p>GlobalRefreshIntervalUnit</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>GLOBALREFRESHINTERVALUNI</p></td>
<td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
<td align="left"><p>0 for hour, 1 for day</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit</p></td>
<td align="left"><p>1</p></td>
</tr>
<tr class="odd">
<td align="left"><p>UserRefreshEnabled</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>USERREFRESHENABLED </p></td>
<td align="left"><p>Enables user publishing refresh (Boolean)</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\UserEnabled</p></td>
<td align="left"><p>False</p></td>
</tr>
<tr class="even">
<td align="left"><p>UserRefreshOnLogon</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>USERREFRESHONLOGON</p></td>
<td align="left"><p>Triggers a user publishing refresh onlogon. ( Boolean)</p>
<p>Word count (with spaces): 60</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\UserLogonRefresh</p></td>
<td align="left"><p>False</p></td>
</tr>
<tr class="odd">
<td align="left"><p>UserRefreshInterval</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>USERREFRESHINTERVAL     </p></td>
<td align="left"><p>Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.</p>
<p>Word count (with spaces): 85</p></td>
<td align="left"><p>Integer (0-744 Hours)</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshInterval</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="even">
<td align="left"><p>UserRefreshIntervalUnit</p>
<div class="alert">
<strong>Note</strong>  
<p>This setting cannot be modified using the <strong>set-AppvclientConfiguration</strong> cmdLet. You must use the <strong>Set-AppvPublishingServer</strong> cmdlet.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>USERREFRESHINTERVALUNIT  </p></td>
<td align="left"><p>Specifies the interval unit (Hour 0-23, Day 0-31). </p></td>
<td align="left"><p>0 for hour, 1 for day</p></td>
<td align="left"><p>Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit</p></td>
<td align="left"><p>1</p></td>
</tr>
<tr class="odd">
<td align="left"><p>MigrationMode</p></td>
<td align="left"><p>MIGRATIONMODE</p></td>
<td align="left"><p>Migration mode allows the App-V client to modify shortcuts and FTAs for packages created using a previous version of App-V.</p></td>
<td align="left"><p>True(enabled state); False (disabled state)</p></td>
<td align="left"><p>Coexistence\MigrationMode</p></td>
<td align="left"><p></p></td>
</tr>
<tr class="even">
<td align="left"><p>CEIPOPTIN</p></td>
<td align="left"><p>CEIPOPTIN</p></td>
<td align="left"><p>Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application.</p></td>
<td align="left"><p>0 for disabled; 1 for enabled</p></td>
<td align="left"><p>SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable</p></td>
<td align="left"><p>0</p></td>
</tr>
<tr class="odd">
<td align="left"><p>EnablePackageScripts</p></td>
<td align="left"><p>ENABLEPACKAGESCRIPTS</p></td>
<td align="left"><p>Enables scripts defined in the package manifest of configuration files that should run.</p></td>
<td align="left"><p>True(enabled); False(Disabled state)</p></td>
<td align="left"><p>\Scripting\EnablePackageScripts</p></td>
<td align="left"><p></p></td>
</tr>
<tr class="even">
<td align="left"><p>RoamingFileExclusions</p></td>
<td align="left"><p>ROAMINGFILEEXCLUSIONS</p></td>
<td align="left"><p>Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures'</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
</tr>
<tr class="odd">
<td align="left"><p>RoamingRegistryExclusions</p></td>
<td align="left"><p>ROAMINGREGISTRYEXCLUSIONS</p></td>
<td align="left"><p>Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Integration\RoamingReglstryExclusions</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>IntegrationRootUser</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Integration\IntegrationRootUser</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>IntegrationRootGlobal</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Integration\IntegrationRootGlobal</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>VirtualizableExtensions</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.</p>
<p>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the <strong>RunVirtual</strong> command line parameter will be added, and the application will run virtually.</p>
<p>For more information about the <strong>RunVirtual</strong> parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md).</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Integration\VirtualizableExtensions</p></td>
<td align="left"><p>Policy value not written</p></td>
</tr>
<tr class="odd">
<td align="left"><p>ReportingEnabled</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Enables the client to return information to a reporting server.</p></td>
<td align="left"><p>True (enabled); False (Disabled state)</p></td>
<td align="left"><p>Reporting\EnableReporting</p></td>
<td align="left"><p>False</p></td>
</tr>
<tr class="even">
<td align="left"><p>ReportingServerURL</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the location on the reporting server where client information is saved.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Reporting\ReportingServer</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>ReportingDataCacheLimit</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.</p></td>
<td align="left"><p>Integer [0-1024]</p></td>
<td align="left"><p>Reporting\DataCacheLimit</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>ReportingDataBlockSize</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.</p></td>
<td align="left"><p>Integer [1024 - Unlimited]</p></td>
<td align="left"><p>Reporting\DataBlockSize</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>ReportingStartTime</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the <strong>ReportingStartTime</strong> will start on the current day at 10 P.M.or 22.</p>
<div class="alert">
<strong>Note</strong>  
<p>You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>Integer (0 23)</p></td>
<td align="left"><p>Reporting\ StartTime</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>ReportingInterval</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the retry interval that the client will use to resend data to the reporting server.</p></td>
<td align="left"><p>Integer</p></td>
<td align="left"><p>Reporting\RetryInterval</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="odd">
<td align="left"><p>ReportingRandomDelay</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and <strong>ReportingRandomDelay</strong> and will wait the specified duration before sending data. This can help to prevent collisions on the server.</p></td>
<td align="left"><p>Integer [0 - ReportingRandomDelay]</p></td>
<td align="left"><p>Reporting\RandomDelay</p></td>
<td align="left"><p>Policy value not written (same as Not Configured)</p></td>
</tr>
<tr class="even">
<td align="left"><p>EnableDynamicVirtualization</p>
<div class="alert">
<strong>Important</strong>  
<p>This setting is available only with App-V 5.0 SP2 or later.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.</p></td>
<td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
<td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization</p></td>
<td align="left"><p></p></td>
</tr>
<tr class="odd">
<td align="left"><p>EnablePublishingRefreshUI</p>
<div class="alert">
<strong>Important</strong>  
<p>This setting is available only with App-V 5.0 SP2.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client.</p></td>
<td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
<td align="left"><p>HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing</p></td>
<td align="left"><p></p></td>
</tr>
<tr class="even">
<td align="left"><p>HideUI</p>
<div class="alert">
<strong>Important</strong>  
<p>This setting is available only with App-V 5.0 SP2.</p>
</div>
<div>
 
</div></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Hides the publishing refresh progress bar.</p></td>
<td align="left"><p>1 (Enabled), 0 (Disabled)</p></td>
<td align="left"><p></p></td>
<td align="left"><p></p></td>
</tr>
<tr class="odd">
<td align="left"><p>ProcessesUsingVirtualComponents</p></td>
<td align="left"><p>Not available.</p></td>
<td align="left"><p>Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.</p></td>
<td align="left"><p>String</p></td>
<td align="left"><p>Virtualization\ProcessesUsingVirtualComponents</p></td>
<td align="left"><p>Empty string.</p></td>
</tr>
</tbody>
</table>
 
|Setting name | Setup Flag | Description | Setting Options | Registry Key Value | Disabled Policy State Keys and Values |
|-------------|------------|-------------|-----------------|--------------------|--------------------------------------|
| PackageInstallationRoot | PACKAGEINSTALLATIONROOT | Specifies directory where all new applications and updates will be installed. | String | Streaming\PackageInstallationRoot | Policy value not written (same as Not Configured) |
| PackageSourceRoot | PACKAGESOURCEROOT | Overrides source location for downloading package content. | String | Streaming\PackageSourceRoot | Policy value not written (same as Not Configured) |
| AllowHighCostLaunch | Not available. |This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G). | True (enabled); False (Disabled state) | Streaming\AllowHighCostLaunch | 0 |
| ReestablishmentRetries | Not available. | Specifies the number of times to retry a dropped session. | Integer (0-99) | Streaming\ReestablishmentRetries | Policy value not written (same as Not Configured) |
| ReestablishmentInterval | Not available. | Specifies the number of seconds between attempts to reestablish a dropped session. | Integer (0-3600) | Streaming\ReestablishmentInterval | Policy value not written (same as Not Configured) |
| LocationProvider | Not available. | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface. | String | Streaming\LocationProvider | Policy value not written (same as Not Configured) |
| CertFilterForClientSsl | Not available. | Specifies the path to a valid certificate in the certificate store. | String | Streaming\CertFilterForClientSsl | Policy value not written (same as Not Configured) |
| VerifyCertificateRevocationList | Not available. | Verifies Server certificate revocation status before steaming using HTTPS. | True(enabled); False(Disabled state) | Streaming\VerifyCertificateRevocationList | 0 |
| SharedContentStoreMode | SHAREDCONTENTSTOREMODE | Specifies that streamed package contents will be not be saved to the local hard disk. | True(enabled); False(Disabled state) | Streaming\SharedContentStoreMode | 0 |
| Name<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERNAME | Displays the name of publishing server. | String | Publishing\Servers\{serverId}\FriendlyName | Policy value not written (same as Not Configured) |
| URL<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | PUBLISHINGSERVERURL | Displays the URL of publishing server. | String | Publishing\Servers\{serverId}\URL | Policy value not written (same as Not Configured) |
| GlobalRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHENABLED | Enables global publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalEnabled | False |
| GlobalRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHONLOGON | Triggers a global publishing refresh on logon. ( Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\GlobalLogonRefresh | False |
| GlobalRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVAL | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0. | Integer (0-744) | Publishing\Servers\{serverId}\GlobalPeriodicRefreshInterval | 0 |
| GlobalRefreshIntervalUnit <br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | GLOBALREFRESHINTERVALUNI | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\GlobalPeriodicRefreshIntervalUnit | 1 |
| UserRefreshEnabled<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHENABLED | Enables user publishing refresh (Boolean) | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserEnabled | False |
| UserRefreshOnLogon<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHONLOGON | Triggers a user publishing refresh onlogon. ( Boolean)<br>Word count (with spaces): 60 | True(enabled); False(Disabled state) | Publishing\Servers\{serverId}\UserLogonRefresh | False |
| UserRefreshInterval<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVAL | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0. | Word count (with spaces): 85<br>Integer (0-744 Hours) | Publishing\Servers\{serverId}\UserPeriodicRefreshInterval | 0 |
| UserRefreshIntervalUnit<br>**Note** This setting cannot be modified using the **set-AppvclientConfiguration** cmdLet. You must use the **Set-AppvPublishingServer** cmdlet. | USERREFRESHINTERVALUNIT | Specifies the interval unit (Hour 0-23, Day 0-31). | 0 for hour, 1 for day | Publishing\Servers\{serverId}\UserPeriodicRefreshIntervalUnit | 1 |
| MigrationMode | MIGRATIONMODE | Migration mode allows the App-V client to modify shortcuts and FTAs for packages created using a previous version of App-V. | True(enabled state); False (disabled state) | Coexistence\MigrationMode | |
| CEIPOPTIN | CEIPOPTIN | Allows the computer running the App-V 5.1 Client to collect and return certain usage information to help allow us to further improve the application. | 0 for disabled; 1 for enabled | SOFTWARE/Microsoft/AppV/CEIP/CEIPEnable | 0 |
| EnablePackageScripts | ENABLEPACKAGESCRIPTS | Enables scripts defined in the package manifest of configuration files that should run. | True(enabled); False(Disabled state) | \Scripting\EnablePackageScripts | |
| RoamingFileExclusions | ROAMINGFILEEXCLUSIONS | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage:  /ROAMINGFILEEXCLUSIONS='desktop;my pictures' | | | |
| RoamingRegistryExclusions | ROAMINGREGISTRYEXCLUSIONS | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients | String | Integration\RoamingReglstryExclusions | Policy value not written (same as Not Configured) |
| IntegrationRootUser | Not available. | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\Microsoft\AppV\Client\Integration.| String | Integration\IntegrationRootUser | Policy value not written (same as Not Configured) |
|IntegrationRootGlobal | Not available.| Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\Microsoft\AppV\Client\Integration | String | Integration\IntegrationRootGlobal | Policy value not written (same as Not Configured) |
| VirtualizableExtensions | Not available. | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment.<br>When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually.<br>For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](running-a-locally-installed-application-inside-a-virtual-environment-with-virtualized-applications51.md). | String | Integration\VirtualizableExtensions | Policy value not written |
| ReportingEnabled | Not available. | Enables the client to return information to a reporting server. | True (enabled); False (Disabled state) | Reporting\EnableReporting | False |
| ReportingServerURL | Not available. | Specifies the location on the reporting server where client information is saved. | String | Reporting\ReportingServer | Policy value not written (same as Not Configured) |
| ReportingDataCacheLimit | Not available. | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024. | Integer [0-1024] | Reporting\DataCacheLimit | Policy value not written (same as Not Configured) |
| ReportingDataBlockSize| Not available. | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited. | Integer [1024 - Unlimited] | Reporting\DataBlockSize | Policy value not written (same as Not Configured) |
| ReportingStartTime | Not available. | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V 5.1 client are least likely to be offline. | Integer (0 23) | Reporting\ StartTime | Policy value not written (same as Not Configured) |
| ReportingInterval | Not available. | Specifies the retry interval that the client will use to resend data to the reporting server. | Integer | Reporting\RetryInterval | Policy value not written (same as Not Configured) |
| ReportingRandomDelay | Not available. | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server. | Integer [0 - ReportingRandomDelay] | Reporting\RandomDelay | Policy value not written (same as Not Configured) |
| EnableDynamicVirtualization<br>**Important** This setting is available only with App-V 5.0 SP2 or later. | Not available. | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Virtualization | |
| EnablePublishingRefreshUI<br>**Important** This setting is available only with App-V 5.0 SP2. | Not available. | Enables the publishing refresh progress bar for the computer running the App-V 5.1 Client. | 1 (Enabled), 0 (Disabled) | HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing | |
| HideUI<br>**Important**  This setting is available only with App-V 5.0 SP2.| Not available. | Hides the publishing refresh progress bar. | 1 (Enabled), 0 (Disabled) | | |
| ProcessesUsingVirtualComponents | Not available. | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization. | String | Virtualization\ProcessesUsingVirtualComponents | Empty string. |
## Got a suggestion for App-V?

182
mdop/appv-v5/creating-and-managing-app-v-51-virtualized-applications.md
View File

@ -11,7 +11,7 @@ author: jamiejdt
After you have properly deployed the Microsoft Application Virtualization (App-V) 5.1 sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
**Note**  
For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx) (http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
For more information about configuring the App-V 5.1 sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
 
@ -146,125 +146,67 @@ Copy on write (CoW) file extensions allow App-V 5.1 to dynamically write to spec
The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V 5.1 client. All other files and directories can be modified.
.acm
.asa
.asp
.aspx
.ax
.bat
.cer
.chm
.clb
.cmd
.cnt
.cnv
.com
.cpl
.cpx
.crt
.dll
.drv
.exe
.fon
.grp
.hlp
.hta
.ime
.inf
.ins
.isp
.its
.js
.jse
.lnk
.msc
.msi
.msp
.mst
.mui
.nls
.ocx
.pal
.pcd
.pif
.reg
.scf
.scr
.sct
.shb
.shs
.sys
.tlb
.tsp
.url
.vb
.vbe
.vbs
.vsmacros
.ws
.esc
.wsf
.wsh
 
| File type |
| --------- |
| .acm |
| .asa |
| .asp |
| .aspx |
| .ax |
| .bat |
| .cer |
| .chm |
| .clb |
| .cmd |
| .cnt |
| .cnv |
| .com |
| .cpl |
| .cpx |
| .crt |
| .dll |
| .drv |
| .exe |
| .fon |
| .grp |
| .hlp |
| .hta |
| .ime |
| .inf |
| .ins |
| .isp |
| .its |
| .js |
| .jse |
| .lnk |
| .msc |
| .msi |
| .msp |
| .mst |
| .mui |
| .nls |
| .ocx |
| .pal |
| .pcd |
| .pif |
| .reg |
| .scf |
| .scr |
| .sct |
| .shb |
| .shs |
| .sys |
| .tlb |
| .tsp |
| .url |
| .vb |
| .vbe |
| .vbs |
| .vsmacros |
| .ws |
| .esc |
| .wsf |
| .wsh |
## Modifying an existing virtual application package

36
mdop/mbam-v25/create-or-edit-the-sms-defmof-file-mbam-25.md
View File

@ -27,8 +27,8 @@ In the following sections, complete the instructions that correspond to the vers
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("BitLocker Encryption Details"),
SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -66,8 +66,8 @@ In the following sections, complete the instructions that correspond to the vers
String EnforcePolicyDate;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0")]
@ -110,8 +110,8 @@ In the following sections, complete the instructions that correspond to the vers
};
//Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Operating System Ex"),
SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -124,8 +124,8 @@ In the following sections, complete the instructions that correspond to the vers
};
//Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Computer System Ex"),
SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]
@ -193,8 +193,8 @@ In the following sections, complete the instructions that correspond to the vers
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("BitLocker Encryption Details"),
SMS_Class_ID ("MICROSOFT|BITLOCKER_DETAILS|1.0")]
@ -232,8 +232,8 @@ In the following sections, complete the instructions that correspond to the vers
String EnforcePolicyDate;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -278,8 +278,8 @@ In the following sections, complete the instructions that correspond to the vers
string EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
[ SMS_Report(TRUE),
SMS_Group_Name("BitLocker Policy"),
SMS_Class_ID("MICROSOFT|MBAM_POLICY|1.0"),
@ -325,8 +325,8 @@ In the following sections, complete the instructions that correspond to the vers
};
//Read Win32_OperatingSystem.SKU WMI property in a new class - because SKU is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Operating System Ex"),
SMS_Class_ID ("MICROSOFT|OPERATING_SYSTEM_EXT|1.0") ]
@ -339,8 +339,8 @@ In the following sections, complete the instructions that correspond to the vers
};
//Read Win32_ComputerSystem.PCSystemType WMI property in a new class - because PCSystemType is not available before Vista.
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2\\SMS")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[ SMS_Report (TRUE),
SMS_Group_Name ("Computer System Ex"),
SMS_Class_ID ("MICROSOFT|COMPUTER_SYSTEM_EXT|1.0") ]

36
mdop/mbam-v25/edit-the-configurationmof-file-mbam-25.md
View File

@ -25,8 +25,8 @@ To enable the client computers to report BitLocker compliance details through th
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_BitLockerEncryptionDetails
{
@ -62,8 +62,8 @@ To enable the client computers to report BitLocker compliance details through th
String EnforcePolicyDate;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy
{
@ -124,8 +124,8 @@ To enable the client computers to report BitLocker compliance details through th
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_OperatingSystemExtended
@ -136,8 +136,8 @@ To enable the client computers to report BitLocker compliance details through th
uint32 SKU;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_ComputerSystemExtended
@ -168,8 +168,8 @@ To enable the client computers to report BitLocker compliance details through th
// Microsoft BitLocker Administration and Monitoring
//===================================================
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32_BitLockerEncryptionDetails", NOFAIL)
[Union, ViewSources{"select DeviceId, BitlockerPersistentVolumeId, BitLockerManagementPersistentVolumeId, BitLockerManagementVolumeType, DriveLetter, Compliant, ReasonsForNonCompliance, KeyProtectorTypes, EncryptionMethod, ConversionStatus, ProtectionStatus, IsAutoUnlockEnabled, NoncomplianceDetectedDate, EnforcePolicyDate from Mbam_Volume"}, ViewSpaces{"\\\\.\\root\\microsoft\\mbam"}, dynamic, Provider("MS_VIEW_INSTANCE_PROVIDER")]
class Win32_BitLockerEncryptionDetails
{
@ -205,8 +205,8 @@ To enable the client computers to report BitLocker compliance details through th
String EnforcePolicyDate;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy
{
@ -267,8 +267,8 @@ To enable the client computers to report BitLocker compliance details through th
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("Win32Reg_MBAMPolicy_64", NOFAIL)
[DYNPROPS]
Class Win32Reg_MBAMPolicy_64
{
@ -329,8 +329,8 @@ To enable the client computers to report BitLocker compliance details through th
EncodedComputerName;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_OperatingSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,OperatingSystemSKU from Win32_OperatingSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_OperatingSystemExtended
@ -341,8 +341,8 @@ To enable the client computers to report BitLocker compliance details through th
uint32 SKU;
};
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
#pragma namespace ("\\\\.\\root\\cimv2")
#pragma deleteclass("CCM_ComputerSystemExtended", NOFAIL)
[Union, ViewSources{"select Name,PCSystemType from Win32_ComputerSystem"}, ViewSpaces{"\\\\.\\root\\cimv2"},
dynamic,Provider("MS_VIEW_INSTANCE_PROVIDER")]
class CCM_ComputerSystemExtended

6
windows/keep-secure/audit-removable-storage.md
View File

@ -1,6 +1,6 @@
---
title: Audit Removable Storage (Windows 10)
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines .
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
ms.prod: W10
ms.mktglfcycl: deploy
@ -15,9 +15,9 @@ author: brianlic-msft
- Windows 10
This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines .
This topic for the IT professional describes the Advanced Security Audit policy setting, **Audit Removable Storage**, which determines when there is a read or a write to a removable drive.
Event volume:
Event volume: Low
Default: Not configured

2
windows/keep-secure/index.md
View File

@ -62,7 +62,7 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
</tr>
<tr class="odd">
<td align="left"><p>[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)</p></td>
<td align="left"><p>With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
<td align="left"><p>With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.</p></td>
</tr>
<tr class="even">
<td align="left"><p>[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)</p></td>

2
windows/keep-secure/protect-enterprise-data-using-edp.md
View File

@ -17,7 +17,7 @@ author: eross-msft
<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures to their personal email account, copies and pastes product info to a public Yammer group or tweet, or saves an in-progress sales report to their public cloud storage.
With the increase of employee-owned devices in the enterprise, theres also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprises control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside EDP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.

2
windows/manage/windows-10-start-layout-options-and-policies.md
View File

@ -57,7 +57,7 @@ The following table lists the different parts of Start and any applicable policy
<p>-and-</p>
<p>Dynamically inserted app tile</p></td>
<td align="left"><p>MDM: <strong>Allow Windows Consumer Features</strong></p>
<p>Group Policy: <strong>Computer Configuration</strong>\<strong>Administrative Templates</strong>\<strong>Windows Components</strong>\<strong>Cloud Content</strong>\<strong>Turn off Microsoft consumer experiences</strong></p>
<p>Group Policy: <strong>Computer Configuration</strong>\\<strong>Administrative Templates</strong>\\<strong>Windows Components</strong>\\<strong>Cloud Content</strong>\\<strong>Turn off Microsoft consumer experiences</strong></p>
<div class="alert">
<strong>Note</strong>  
<p>This policy also enables or disables notifications for a user's Microsoft account and app tiles from Microsoft dynamically inserted in the default Start menu.</p>