From cd75edb1cb3dde543d07c3dbd92f724d4ff0a526 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Wed, 1 Mar 2017 18:08:41 -0800 Subject: [PATCH 01/13] waas-DO - add GUID generation with PS --- windows/manage/waas-delivery-optimization.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/manage/waas-delivery-optimization.md b/windows/manage/waas-delivery-optimization.md index 8f9e0d54cd..120818bbe1 100644 --- a/windows/manage/waas-delivery-optimization.md +++ b/windows/manage/waas-delivery-optimization.md @@ -99,6 +99,8 @@ Download mode dictates which download sources clients are allowed to use when do By default, peer sharing on clients using the group download mode is limited to the same domain in Windows 10, version 1511, and the same domain and AD DS site in Windows 10, version 1607. By using the Group ID setting, you can optionally create a custom group that contains devices that should participate in Delivery Optimization but do not fall within those domain or AD DS site boundaries, including devices in another domain. Using Group ID, you can further restrict the default group (for example create a sub-group representing an office building), or extend the group beyond the domain, allowing devices in multiple domains in your organization to peer. This setting requires the custom group to be specified as a GUID on each device that participates in the custom group. >[!NOTE] +>To generate a GUID using Powershell, use [```[guid]::NewGuid()```](https://blogs.technet.microsoft.com/heyscriptingguy/2013/07/25/powertip-create-a-new-guid-by-using-powershell/) +> >This configuration is optional and not required for most implementations of Delivery Optimization. ### Max Cache Age From 9aa14dc2b6a4cd5385a62df265a84a4d81508c6e Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:24:52 -0800 Subject: [PATCH 02/13] Update index.md Added localizationpriority in metadata so that this gets picked up by Loc team for next loc handoff. This will fix the broken experience for international customers when we did the redirect --- education/windows/index.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/education/windows/index.md b/education/windows/index.md index f8db1c0562..2be638bb44 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -1,3 +1,4 @@ + --- title: Windows 10 for Education (Windows 10) description: Learn how to use Windows 10 in schools. @@ -6,6 +7,7 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: edu +localizationpriority: high author: CelesteDG --- From d0e314b667ec5add7ee804af698250271a672b13 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:26:58 -0800 Subject: [PATCH 03/13] Update index.md Fixed the extra characters that always get added by GitHub when I edit through the Web UI --- education/windows/index.md | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/education/windows/index.md b/education/windows/index.md index 2be638bb44..554d36336b 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -65,12 +65,8 @@ author: CelesteDG

[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)
If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.

-<<<<<<< HEAD -
-

-======= +

->>>>>>> e04a8c5905ed4bcb1df7b6b60d48146df9095a12
From 4e46d112f5e9a24f566096b9aad4a8eb0164efaa Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:27:55 -0800 Subject: [PATCH 04/13] Update index.md --- education/windows/index.md | 1 - 1 file changed, 1 deletion(-) diff --git a/education/windows/index.md b/education/windows/index.md index 554d36336b..fadd9b2b74 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -1,4 +1,3 @@ - --- title: Windows 10 for Education (Windows 10) description: Learn how to use Windows 10 in schools. From 2fe1369def71c1f3379c0aaed98fffa725f519c5 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:28:59 -0800 Subject: [PATCH 05/13] Update index.md --- education/windows/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/index.md b/education/windows/index.md index fadd9b2b74..8697339d5d 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -58,7 +58,7 @@ author: CelesteDG

Try it out: Windows 10 deployment (for education)
Learn how to upgrade devices running the Windows 7 operating system to Windows 10 Anniversary Update, and how to manage devices, apps, and users in Windows 10 Anniversary Update.

For the best experience, use this guide in tandem with the TechNet Virtual Lab: IT Pro Try-It-Out.

-
+ ### ![Upgrade to Windows 10 for education](images/windows.png) Upgrade From 176a956d6df635d0bf9e319b99e1a3159b744785 Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:31:02 -0800 Subject: [PATCH 06/13] Update index.md --- education/windows/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/education/windows/index.md b/education/windows/index.md index 8697339d5d..1fa7bad868 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -24,7 +24,7 @@ author: CelesteDG

[Windows 10 editions for education customers](windows-editions-for-education-customers.md)
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.

[Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
Find out more about the features and functionality we support in each edition of Windows.

[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
When you've made your decision, find out how to buy Windows for your school.

-
+/

How-to videos

+
### ![Upgrade to Windows 10 for education](images/windows.png) Upgrade @@ -67,7 +67,7 @@ author: CelesteDG

- + ## Windows 8.1 Follow these links to find step-by-step guidance on how to deploy Windows 8.1 in an academic environment. From d695b6b45b9af0fadc259b626c204455edd3593f Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:36:03 -0800 Subject: [PATCH 07/13] Update index.md --- education/windows/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/index.md b/education/windows/index.md index 1fa7bad868..3caf701e82 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -24,7 +24,7 @@ author: CelesteDG

[Windows 10 editions for education customers](windows-editions-for-education-customers.md)
Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education. These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.

[Compare each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
Find out more about the features and functionality we support in each edition of Windows.

[Get Windows 10 Education or Windows 10 Pro Education](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
When you've made your decision, find out how to buy Windows for your school.

-/
+

How-to videos

From 76dd710db2d80be2d04049674529a296a01d991d Mon Sep 17 00:00:00 2001 From: Celeste de Guzman Date: Wed, 8 Mar 2017 16:43:34 -0800 Subject: [PATCH 09/13] Update index.md --- education/windows/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/index.md b/education/windows/index.md index af628fd1e2..bf4146606d 100644 --- a/education/windows/index.md +++ b/education/windows/index.md @@ -59,7 +59,7 @@ author: CelesteDG
- ### ![Upgrade to Windows 10 for education](images/windows.png) Upgrade +### ![Upgrade to Windows 10 for education](images/windows.png) Upgrade

[Upgrade Windows 10 Pro to Pro Education from Windows Store for Business](windows-10-pro-to-pro-edu-upgrade.md)
If you have an education tenant and use Windows 10 Pro in your schools now, find out how you can opt-in to a free upgrade to Windows 10 Pro Education.

From 625c4ba42359a1701f5feef4ba800ff7c369b1a9 Mon Sep 17 00:00:00 2001 From: Dani Halfin Date: Thu, 9 Mar 2017 14:31:30 -0800 Subject: [PATCH 10/13] waas-optimize-udpates fixed typo --- windows/manage/waas-optimize-windows-10-updates.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/waas-optimize-windows-10-updates.md b/windows/manage/waas-optimize-windows-10-updates.md index 773814c884..e8a17a2b8b 100644 --- a/windows/manage/waas-optimize-windows-10-updates.md +++ b/windows/manage/waas-optimize-windows-10-updates.md @@ -61,7 +61,7 @@ For OS updates that support Express, there are two versions of the file payload 1. **Full-file version** - essentially replacing the local versions of the update binaries. 2. **Express version** - containing the deltas needed to patch the existing binaries on the device. -Both the full-file version and the Express version are referenced in the udpate's metadata, which has been downloaded to the client as part of the scan phase. +Both the full-file version and the Express version are referenced in the update's metadata, which has been downloaded to the client as part of the scan phase. **Express download works as follows:** From 31a7c8b11291a6dbc10887c1c07946ad4848f90d Mon Sep 17 00:00:00 2001 From: John Tobin Date: Thu, 9 Mar 2017 14:43:14 -0800 Subject: [PATCH 11/13] minor edits --- ...ive-logon-do-not-display-last-user-name.md | 2 +- ...logon-don't-display-username-at-sign-in.md | 87 +++++++++++++++++++ 2 files changed, 88 insertions(+), 1 deletion(-) create mode 100644 windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md diff --git a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md index d712d65bdd..9d9b695978 100644 --- a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md +++ b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md @@ -20,7 +20,7 @@ Describes the best practices, location, values, and security considerations for This security policy setting determines whether the name of the last user to log on to the device is displayed on the Secure Desktop. -If this policy is enabled, the full name of the last user to successfully log on is not displayed on the Secure Desktop, nor is the user’s logon tile displayed. Additionally, if the **Switch user** feature is used, the full name and logon tile are not displayed. The logon screen requests a qualified domain account name (or local user name) and password. +If this policy is enabled, the full name of the last user to successfully log on is not displayed on the Secure Desktop, nor is the user’s logon tile displayed. Additionally, if the **Switch user** feature is used, the full name and logon tile are not displayed. The logon screen r equests a qualified domain account name (or local user name) and password. If this policy is disabled, the full name of the last user to log on is displayed, and the user’s logon tile is displayed. This behavior is the same when the **Switch user** feature is used. diff --git a/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md b/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md new file mode 100644 index 0000000000..f2f996cdf9 --- /dev/null +++ b/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md @@ -0,0 +1,87 @@ +--- +title: Interactive logon Don't display last signed-in (Windows 10) +description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting. +ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: brianlic-msft +--- + +# Interactive logon: Don't display username at sign-in + +**Applies to** +- Windows 10 + +Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. + +## Reference + +This security policy setting determines whether the username is displayed during sign-in. This policy setting is introduced in Windows 10 version 1703. The setting only affects the **Other user**tile. + +If the policy is enabled and a user signs in as **Other user**, the full name of the user is not displayed during sign-in. In the same context, if users type their email address and password at the sign-in screen and press **Enter**, the displayed “Other user” text remains unchanged, and is no longer replaced by the user’s first and last name, as in previous versions of Windows 10. Additionally, if users enter their domain username and password and click **Submit**, their full name is not shown until the Start screen displays. + +If the policy is disabled and a user signs in as **Other user**, the “Other user” text is replaced by the user’s first and last name during sign-in. + + +### Possible values + +- Enabled +- Disabled +- Not defined + +### Best practices + +Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on user’s full names or domain account names might contradict your overall security policy. + +### Location + +Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options + +### Default values + +| Server type or Group Policy object (GPO) | Default value| +| - | - | +| Default domain policy| Not defined| +| Default domain controller policy| Not defined| +| Stand-alone server default settings | Not defined| +| Domain controller effective default settings | Not definedd| +| Member server effective default settings | Not defined| +| Effective GPO default settings on client computers | Not defined| +  +## Policy management + +This section describes features and tools that are available to help you manage this policy.This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. + +### Restart requirement + +None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy. + +### Policy conflict considerations + +None. + +### Group Policy + +This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. + +## Security considerations + +This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. + +### Vulnerability + +An attacker with access to the console (for example, someone with physical access or someone who can connect to the device through Remote Desktop Session Host) could view the name of the last user who logged on. The attacker could then try to guess the password, use a dictionary, or use a brute-force attack to try to log on. + +### Countermeasure + +Enable the **Interactive logon: Don't display username at sign-in** setting. + +### Potential impact + +Users must always type their user names and passwords when they log on locally or to the domain. The logon tiles of all logged on users are not displayed. + +## Related topics + +- [Security Options](security-options.md) From 64172dcde32fcde2840ad54740479568c5aef9a8 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Thu, 9 Mar 2017 15:00:10 -0800 Subject: [PATCH 12/13] removed file. Updated TOC --- windows/keep-secure/TOC.md | 2 +- ...logon-don't-display-username-at-sign-in.md | 87 ------------------- 2 files changed, 1 insertion(+), 88 deletions(-) delete mode 100644 windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 92fb8a44a9..82fea36b85 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -572,7 +572,7 @@ ###### [Domain member: Maximum machine account password age](domain-member-maximum-machine-account-password-age.md) ###### [Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md) ###### [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md) -###### [Interactive logon: Do not display last user name](interactive-logon-do-not-display-last-user-name.md) +###### [Interactive logon: Don\'t display last signed-in](interactive-logon-do-not-display-last-user-name.md) ###### [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md) ###### [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) ###### [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md) diff --git a/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md b/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md deleted file mode 100644 index f2f996cdf9..0000000000 --- a/windows/keep-secure/interactive-logon-don't-display-username-at-sign-in.md +++ /dev/null @@ -1,87 +0,0 @@ ---- -title: Interactive logon Don't display last signed-in (Windows 10) -description: Describes the best practices, location, values, and security considerations for the Interactive logon Do not display last user name security policy setting. -ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd -ms.prod: w10 -ms.mktglfcycl: deploy -ms.sitesec: library -ms.pagetype: security -author: brianlic-msft ---- - -# Interactive logon: Don't display username at sign-in - -**Applies to** -- Windows 10 - -Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. - -## Reference - -This security policy setting determines whether the username is displayed during sign-in. This policy setting is introduced in Windows 10 version 1703. The setting only affects the **Other user**tile. - -If the policy is enabled and a user signs in as **Other user**, the full name of the user is not displayed during sign-in. In the same context, if users type their email address and password at the sign-in screen and press **Enter**, the displayed “Other user” text remains unchanged, and is no longer replaced by the user’s first and last name, as in previous versions of Windows 10. Additionally, if users enter their domain username and password and click **Submit**, their full name is not shown until the Start screen displays. - -If the policy is disabled and a user signs in as **Other user**, the “Other user” text is replaced by the user’s first and last name during sign-in. - - -### Possible values - -- Enabled -- Disabled -- Not defined - -### Best practices - -Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on user’s full names or domain account names might contradict your overall security policy. - -### Location - -Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options - -### Default values - -| Server type or Group Policy object (GPO) | Default value| -| - | - | -| Default domain policy| Not defined| -| Default domain controller policy| Not defined| -| Stand-alone server default settings | Not defined| -| Domain controller effective default settings | Not definedd| -| Member server effective default settings | Not defined| -| Effective GPO default settings on client computers | Not defined| -  -## Policy management - -This section describes features and tools that are available to help you manage this policy.This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. - -### Restart requirement - -None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy. - -### Policy conflict considerations - -None. - -### Group Policy - -This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. - -## Security considerations - -This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. - -### Vulnerability - -An attacker with access to the console (for example, someone with physical access or someone who can connect to the device through Remote Desktop Session Host) could view the name of the last user who logged on. The attacker could then try to guess the password, use a dictionary, or use a brute-force attack to try to log on. - -### Countermeasure - -Enable the **Interactive logon: Don't display username at sign-in** setting. - -### Potential impact - -Users must always type their user names and passwords when they log on locally or to the domain. The logon tiles of all logged on users are not displayed. - -## Related topics - -- [Security Options](security-options.md) From fed964f2d139ce05cc3a6fe0fcbbd15dadb637d3 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Thu, 9 Mar 2017 15:08:46 -0800 Subject: [PATCH 13/13] Fixed typo --- .../interactive-logon-do-not-display-last-user-name.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md index 9d9b695978..d712d65bdd 100644 --- a/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md +++ b/windows/keep-secure/interactive-logon-do-not-display-last-user-name.md @@ -20,7 +20,7 @@ Describes the best practices, location, values, and security considerations for This security policy setting determines whether the name of the last user to log on to the device is displayed on the Secure Desktop. -If this policy is enabled, the full name of the last user to successfully log on is not displayed on the Secure Desktop, nor is the user’s logon tile displayed. Additionally, if the **Switch user** feature is used, the full name and logon tile are not displayed. The logon screen r equests a qualified domain account name (or local user name) and password. +If this policy is enabled, the full name of the last user to successfully log on is not displayed on the Secure Desktop, nor is the user’s logon tile displayed. Additionally, if the **Switch user** feature is used, the full name and logon tile are not displayed. The logon screen requests a qualified domain account name (or local user name) and password. If this policy is disabled, the full name of the last user to log on is displayed, and the user’s logon tile is displayed. This behavior is the same when the **Switch user** feature is used.