Merge branch 'carmenf_basic_10_13_23' of https://github.com/cmknox/windows-docs-pr into carmenf_basic_10_13_23

windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -19,9 +19,11 @@ The enrollment into Intune is triggered by a group policy created on your local
 - The Active Directory joined device must be running a [supported version of Windows](/windows/release-health/supported-versions-windows-client).
 - The enterprise has configured a Mobile Device Management (MDM) service.
 - The on-premises Active Directory must be [integrated with Azure AD (via Azure AD Connect)](/azure/architecture/reference-architectures/identity/azure-ad).
+- Service connection point (SCP) configuration. For more information see [configuring the SCP using Microsoft Entra Connect](/azure/active-directory/devices/how-to-hybrid-join). For environments not publishing SCP data to AD, see [Microsoft Entra hybrid join targeted deployment](/azure/active-directory/devices/hybrid-join-control#targeted-deployment-of-microsoft-entra-hybrid-join-on-windows-current-devices).
 - The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents fail enrollment with `error 0x80180026`).
 - The minimum Windows Server version requirement is based on the Hybrid Azure AD join requirement. For more information, see [How to plan your hybrid Azure Active Directory join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
 
+
 > [!TIP]
 > For more information, see the following topics:
 >

windows/client-management/manage-windows-copilot.md

@@ -2,7 +2,7 @@
 title: Manage Copilot in Windows
 description: Learn how to manage Copilot in Windows using MDM and group policy.
 ms.topic: article
-ms.date: 09/26/2023
+ms.date: 10/16/2023
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
 ---
@@ -20,7 +20,7 @@ This policy setting allows you to turn off Copilot in Windows. If you enable thi
 |                  | Setting                                                                                                 |
 |------------------|---------------------------------------------------------------------------------------------------------|
 | **CSP**          | ./User/Vendor/MSFT/WindowsAI/[TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) |
-| **Group policy** | User Configuration > Administrative Templates > Windows Copilot > **Turn off Windows Copilot**          |
+| **Group policy** | User Configuration > Administrative Templates > Windows Components > Windows Copilot > **Turn off Windows Copilot** |
 
 
 

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -49,7 +49,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will
 This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
 > [!NOTE]
-> This policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1. Windows 10 version 1809 will support using the Delete command to set the value to 0 again, if it was previously set to 1.
+> In Windows 10 version 1803, this policy doesn't support the Delete command and doesn’t support setting the value to 0 again after it was previously set to 1.
 
 The policy should be set at every sync to ensure the device removes any settings that conflict with MDM just as it does on the very first set of the policy. This ensures that:
 

windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md

@@ -11,7 +11,7 @@ ms.technology: itpro-deploy
 ms.collection:
   - highpri
   - tier3
-ms.date: 11/28/2022
+ms.date: 10/13/2023
 ---
 
 # Prepare for deployment with MDT
@@ -135,7 +135,8 @@ To install WSUS on MDT01, enter the following at an elevated Windows PowerShell
 
 ```powershell
 Install-WindowsFeature -Name UpdateServices, UpdateServices-WidDB, UpdateServices-Services, UpdateServices-RSAT, UpdateServices-API, UpdateServices-UI
-"C:\Program Files\Update Services\Tools\wsusutil.exe" postinstall CONTENT_DIR=C:\WSUS
+cd "C:\Program Files\Update Services\Tools"
+.\wsusutil.exe postinstall CONTENT_DIR=C:\WSUS
 ```
 
 > [!NOTE]
@@ -264,19 +265,19 @@ See the following example:
 
 ![Logs folder.](../images/mdt-05-fig08.png)
 
-## Use CMTrace to read log files (optional)
+## Use Support Center OneTrace or CMTrace to read log files (optional)
 
-The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace ([CMTrace](/mem/configmgr/core/support/cmtrace)).
+The log files in MDT Lite Touch are formatted to be read by [Support Center OneTrace](/mem/configmgr/core/support/support-center-onetrace) or [CMTrace](/mem/configmgr/core/support/cmtrace).
 
-You can use Notepad (example below):
+Notepad can be used to read the log files (example below):
 
 ![figure 8.](../images/mdt-05-fig09.png)
 
-Alternatively, CMTrace formatting makes the logs much easier to read. See the same log file below, opened in CMTrace:
+However, Support Center OneTrace or CMTrace makes the logs much easier to read. See the same log file below, opened in CMTrace:
 
 ![figure 9.](../images/mdt-05-fig10.png)
 
-After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and pin the tool to your taskbar for easy access.
+Both Support Center OneTrace and CMTrace are available as part of Microsoft Configuration Manager.
 
 ## Next steps
 

windows/deployment/volume-activation/activate-using-key-management-service-vamt.md

@@ -8,155 +8,191 @@ author: frankroj
 manager: aaroncz
 ms.author: frankroj
 ms.localizationpriority: medium
-ms.date: 11/07/2022
+ms.date: 10/16/2023
 ms.topic: how-to
 ms.collection:
   - highpri
   - tier2
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
 # Activate using Key Management Service
 
-**Applies to:**
-
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
-
 > [!TIP]
-> Are you looking for information on retail activation?
+>
+> For information on retail activation, see the following articles:
 >
 > - [Activate Windows](https://support.microsoft.com/help/12440/)
 > - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
+Volume activation can be performed via Key Management Service (KMS). KMS can be hosted either on a client version of Windows or on Windows Server.
 
-- Host KMS on a computer running Windows 10
-- Host KMS on a computer running Windows Server 2012 R2
-- Host KMS on a computer running an earlier version of Windows
+## Key Management Service in a client version of Windows
 
-Check out [Windows 10 Volume Activation Tips](/archive/blogs/askcore/windows-10-volume-activation-tips).
+Installing a KMS host key on a computer running a client version of Windows allows the following scenarios against this KMS host:
 
-## Key Management Service in Windows 10
+- Activation of other computers running the same client version of Windows.
+- Activation of other computers running earlier client versions of Windows.
 
-Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
+Clients locate the KMS server by using resource records in DNS, so some configuration of DNS is required. This scenario can be beneficial if the organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
 
-Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
-To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft activation services.
+To enable KMS functionality, a KMS key is installed on a KMS host. The host is then activated over the Internet or by phone using Microsoft activation services.
 
-### Configure KMS in Windows 10
+### Configure KMS in a client version of Windows
 
-To activate, use the `slmgr.vbs` command. Open an elevated command prompt and run one of the following commands:
+KMS can be activated on client versions of Windows by using the `slmgr.vbs`. To activate KMS on a client version of Windows, follow these steps:
 
-- To install the KMS key, run the command `slmgr.vbs /ipk <KmsKey>`.
+1. Open an elevated Command Prompt window.
 
-- To activate online, run the command `slmgr.vbs /ato`.
+1. In the elevated Command Prompt window, run the following command to install the KMS key:
 
-- To activate by telephone, follow these steps:
+   ```cmd
+   cscript.exe slmgr.vbs /ipk <KMS_Key>
+   ```
 
-  1. Run `slmgr.vbs /dti` and confirm the installation ID.
+1. Once the KMS key has been installed, it needs to be activated using one of the following methods:
 
-  2. Call [Microsoft Licensing Activation Centers worldwide telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers) and follow the voice prompts to enter the installation ID that you obtained in step 1 on your telephone.
+   - To activate online, in the elevated Command Prompt window, run the following command:
 
-  3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation.
+    ```cmd
+    cscript.exe slmgr.vbs /ato
+    ```
 
-  4. Run `slmgr.vbs /atp \<confirmation ID\>`.
+   - To activate by telephone, follow these steps:
 
-For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)).
+      1. In the elevated Command Prompt window, run the following command:
 
-## Key Management Service in Windows Server 2012 R2
+         ```cmd
+         cscript.exe slmgr.vbs /dti
+         ```
 
-Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
+         This command should display the installation ID.
 
-> [!NOTE]
-> You cannot install a client KMS key into the KMS in Windows Server.
+      1. Call the [Microsoft Volume License Key assisted support telephone numbers](https://www.microsoft.com/licensing/existing-customer/activation-centers). Follow the voice prompts and when prompted, enter the installation ID obtained in the previous step.
 
-This scenario is commonly used in larger organizations that don't find the overhead of using a server a burden.
+      1. Continue following the voice prompts. When prompted, write down the 48-digit confirmation ID for OS activation given by the prompts.
 
-> [!NOTE]
-> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [Error 0xC004F015 when you activate Windows 10 Enterprise on a Windows Server 2012 R2 KMS host](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10).
+      1. In the elevated Command Prompt window, run the following command:
 
-### Configure KMS in Windows Server 2012 R2
+         ```cmd
+         cscript.exe slmgr.vbs /atp <confirmation_ID_from_previous_step>
+         ```
 
-1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials.
+## Key Management Service in Windows Server
 
-2. Launch Server Manager.
+Installing a KMS host key on a computer running Windows Server allows you to activate computers running the same or earlier versions of Windows Server. Additionally, it also allows activation of client versions of Windows.
 
-3. Add the Volume Activation Services role, as shown in Figure 4.
+> [!IMPORTANT]
+>
+> You can't install a client KMS key into the KMS in Windows Server.
 
-   ![Adding the Volume Activation Services role in Server Manager.](../images/volumeactivationforwindows81-04.jpg)
+### Configure KMS in Windows Server
 
-   **Figure 4**. Adding the Volume Activation Services role in Server Manager
+1. Sign in to a Windows Server server with an account that has local administrative credentials.
 
-4. When the role installation is complete, select the link to launch the Volume Activation Tools (Figure 5).
+1. Open **Server Manager**.
 
-   ![Launching the Volume Activation Tools.](../images/volumeactivationforwindows81-05.jpg)
+1. Under the **Manage** menu in **Server Manager**, select **Add Roles and Features**. The **Add Roles and Features Wizard** window opens.
 
-   **Figure 5**. Launching the Volume Activation Tools
+1. In the **Add Roles and Features Wizard**:
 
-5. Select the **Key Management Service (KMS)** option, and specify the computer that will act as the KMS host (Figure 6). This computer can be the same computer on which you installed the role or another computer. For example, it can be a client computer running Windows 10.
+   1. In the **Before you begin** page, select the **Next >** button.
 
-   ![Configuring the computer as a KMS host.](../images/volumeactivationforwindows81-06.jpg)
+   1. In the **Select installation type**/**Installation Type** page, select **Role-based or feature-based installation**, and then select the **Next >** button.
 
-   **Figure 6**. Configuring the computer as a KMS host
+   1. In the **Select destination server**/**Server Selection** page, make sure **Select a server from the server pool** is selected. Under **Server Pool**, select the server on which to install KMS, and then select the **Next >** button.
 
-6. Install your KMS host key by typing it in the text box, and then select **Commit** (Figure 7).
+   1. In the **Select server roles**/**Server Roles** page, under **Roles**, select **Volume Activation Services**, and then select the **Next >** button.
 
-   ![Installing your KMS host key.](../images/volumeactivationforwindows81-07.jpg)
+   1. In the **Add features that are required for Volume Activation Services?** window that appears, select the **Add Features** button, and then select the **Next >** button.
 
-   **Figure 7**. Installing your KMS host key
+   1. In the **Select features**/**Features** page, select the **Next >** button.
 
-7. If asked to confirm replacement of an existing key, select **Yes**.
-8. After the product key is installed, you must activate it. Select **Next** (Figure 8).
+   1. In the **Volume Activation Services** page, select the **Next >** button.
 
-   ![Activating the software.](../images/volumeactivationforwindows81-08.jpg)
+   1. In the **Confirm installation selections**/**Confirmation** page, select the **Install** button.
 
-   **Figure 8**. Activating the software
+   1. Installation can take a few minutes to complete. Once the role installation completes, select the **Close** button.
 
-   The KMS key can be activated online or by phone. See Figure 9.
+1. Go to the **Start Menu** > **Windows Administrative Tools** and select **Volume Activation Tools**. The **Volume Activation Tools** window appears.
 
-   ![Choosing to activate online.](../images/volumeactivationforwindows81-09.jpg)
+1. In the **Volume Activation Tools** window:
 
-   **Figure 9**. Choosing to activate online
+   1. In the **Introduction to Volume Activation Tools**/**Introduction** page, select the **Next >** button.
 
-Now that the KMS host is configured, it will begin to listen for activation requests. However, it will not activate clients successfully until the activation threshold is met.
+   1. In the **Select Volume Activation Method**/**Activation Type** page, select the **Key Management Service (KMS)** option, and specify the computer that acts as the KMS host. This computer can be the server on which the KMS role was installed, or another server/client computer. After the server/computer has been specified, select the **Next >** button.
+
+   1. In the **Manage KMS Host**/**Product Key Management** page, enter in the KMS host key in the text box under **Install your KMS host key**, and then select the **Commit** button.
+
+   1. If asked to confirm replacement of an existing key, select **Yes**.
+
+   1. After the product key is installed, in the **Product Key Installation Succeeded**/**Product Key Management** page, make sure **Activate Product** is selected, and then select **Next >** button to begin the activation process.
+
+   1. In the **Activate Product**/**Product Key Management** page, make sure the current product is shown under the **Select product** menu, and then select the desired activation method. The available methods are:
+
+      - **Active online** - If selecting this option, select the **Commit** button to finish activating the product online.
+
+      - **Active by phone** - If selecting this option:
+
+         1. Select the desired location from the **Select your location** drop-down menu, and then select the **Next >** button.
+
+         1. In the **Activate by Phone**/**Product Key Management** page, follow the instructions to activate the product by phone.
+
+         1. Once finished, select the **Commit** button.
+
+   1. In the **Activation Succeeded**/**Product Key Management** page, review the configuration options:
+
+      - If the configuration options are as expected, select the **Close** button.
+
+      - If configuration changes are desired:
+
+         1. Select the **Next >** button.
+
+         1. In the **Configure Key Management Service Options/Product Key Management** page, make the desired configuration changes, and then select the **Commit** button.
+
+         1. In the **Configuration Succeeded**/**Configuration** page, select the **Close** button.
+
+Once the KMS host is configured, it begins to listen for activation requests. However, it doesn't activate clients successfully until the activation threshold is met.
 
 ## Verifying the configuration of Key Management Service
 
-KMS volume activation can be verified from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
+KMS volume activation can be verified from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests are processed. The verification process described here increments the activation count each time a client computer contacts the KMS host. If the activation threshold hasn't been reached, the verification generates an error message instead of a confirmation message.
 
 > [!NOTE]
-> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
+>
+> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that doesn't first try to activate itself by using Active Directory-based activation. For example, a client computer that is a workgroup computer that isn't joined to a domain.
 
 To verify that KMS volume activation works, complete the following steps:
 
 1. On the KMS host, open the event log and confirm that DNS publishing is successful.
 
-2. On a client computer, open a Command Prompt window and run the command `Slmgr.vbs /ato`.
+2. On a client computer, open an elevated Command Prompt window and run the command:
+
+   ```cmd
+   cscript.exe slmgr.vbs /ato
+   ```
 
    The `/ato` command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
 
-3. On a client computer or the KMS host, open an elevated Command Prompt window and run the command `Slmgr.vbs /dlv`.
+3. On a client computer or the KMS host, open an elevated Command Prompt window and run the command
+
+   ```cmd
+   cscript.exe slmgr.vbs /dlv
+   ```
 
    The `/dlv` command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This test confirms that KMS is functioning correctly, even though the client hasn't been activated.
 
-For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](/windows-server/get-started/activation-slmgr-vbs-options).
+For more information about the use and syntax of the script `slmgr.vbs`, see [Slmgr.vbs Options](/windows-server/get-started/activation-slmgr-vbs-options).
 
-## Key Management Service in earlier versions of Windows
-
-If you've already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:
-
-1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
-2. Request a new KMS host key from the Volume Licensing Service Center.
-3. Install the new KMS host key on your KMS host.
-4. Activate the new KMS host key by running the slmgr.vbs script.
-
-For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
+> [!IMPORTANT]
+>
+> Clients require RPC over TCP/IP connectivity to the KMS host to successfully activate. For more information, see [Key Management Services (KMS) activation planning: Network requirements](/windows-server/get-started/kms-activation-planning#network-requirements) and [Remote Procedure Call (RPC) errors troubleshooting guidance](/troubleshoot/windows-client/networking/rpc-errors-troubleshooting).
 
 ## Related articles
 
-- [Volume Activation for Windows 10](volume-activation-windows-10.md)
+- [Key Management Services (KMS) activation planning](/windows-server/get-started/kms-activation-planning).

windows/deployment/volume-activation/install-vamt.md

@@ -7,18 +7,20 @@ ms.author: frankroj
 ms.prod: windows-client
 author: frankroj
 ms.localizationpriority: medium
-ms.date: 10/11/2023
+ms.date: 10/13/2023
 ms.topic: article
 ms.technology: itpro-fundamentals
+appliesto:
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2022</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2019</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016</a>
 ---
 
 # Install VAMT
 
-This article describes how to install the Volume Activation Management Tool (VAMT).
-
-## Installing VAMT
-
-You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
+This article describes how to install the Volume Activation Management Tool (VAMT). VAMT is installed as part of the Windows Assessment and Deployment Kit (ADK) for Windows.
 
 >[!IMPORTANT]
 >
@@ -28,7 +30,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 >
 > The VAMT Microsoft Management Console snap-in ships as an x86 package.
 
-### Requirements
+## Requirements
 
 - [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied.
 
@@ -38,50 +40,77 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 - Alternatively, any supported **full** SQL instance.
 
-### Install SQL Server Express / alternatively use any full SQL instance
+## Install SQL Server Express / alternatively use any full SQL instance
 
 1. Download and open the [SQL Server Express](https://aka.ms/sqlexpress) package.
 
-1. Select **Basic**.
+1. For **Select an installation type:**, select **Basic**.
 
-1. Accept the license terms.
+1. In the **Microsoft SQL Server Server License Terms** screen, accept the license terms by selecting the **Accept** button.
 
-1. Enter an install location or use the default path, and then select **Install**.
+1. In the **Specify SQL Server install location** screen under **INSTALL LOCATION \*:**, specify an install location or use the default path, and then select the **Install** button.
 
-1. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
+1. Once the installation is complete, in the **Installation Has completed successfully!** page, under **INSTANCE NAME**, note the instance name for the installation. The instance name will be used later in the [Configure VAMT to connect to SQL Server Express or full SQL Server](#configure-vamt-to-connect-to-sql-server-express-or-full-sql-server) section.
 
-    ![Screenshot that shows that in this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
+1. Once the instance name has been noted, select the **Close** button, and then select the **Yes** button to confirm exiting the installer.
 
-### Install VAMT using the ADK
+## Install VAMT using the ADK
 
 1. Download the latest version of [Windows ADK](/windows-hardware/get-started/adk-install).
 
-   If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
+   If an older version is already installed, it's recommended to first uninstall the older ADK before installing the latest version. Existing VAMT data is maintained in the VAMT database.
 
-1. Enter an install location or use the default path, and then select **Next**.
+1. Open the ADK installer that was downloaded in the previous step. The **Windows Assessment and Deployment Kit** window opens.
 
-1. Select a privacy setting, and then select **Next**.
+1. In the **Windows Assessment and Deployment Kit** window:
 
-1. Accept the license terms.
+   1. At the **Specify Location** page, under **Install Path:**, enter an install location or use the default path. It's recommended to install at the default path. Once done, select the **Next** button.
 
-1. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
+   1. In the **Windows Kits Privacy** page, select a privacy setting, and then select the **Next** button.
 
-1. On the completion page, select **Close**.
+   1. In the **License Agreement** page, accept the license terms by selecting the **Accept** button.
 
-### Configure VAMT to connect to SQL Server Express or full SQL Server
+   1. In the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**. If desired, select any additional features to install. Once done, select the **Install** button.
 
-1. In the Start Menu under, **Windows Kits**, **Volume Active Management Tool 3.1**.
+   1. Once installation is complete, the **Welcome to the Windows Assessment and Deployment Kit!** page is displayed. Select the **Close** button.
 
-1. Enter the server instance name (for a remote SQL use the FQDN) and a name for the database, select **Connect**, and then select **Yes** to create the database. See the following image for an example for SQL.
+## Configure VAMT to connect to SQL Server Express or full SQL Server
 
-   ![Screenshot that shows that the Server name is .\SQLEXPRESS and database name is VAMT.](images/vamt-db.png)
+1. In the Start Menu under **Windows Kits**, select **Volume Active Management Tool 3.1**. The **Database Connection Settings** window opens.
 
-   For remote SQL Server, use `servername.yourdomain.com`.
+1. In the **Database Connection Settings** window:
+
+   1. Next to **Server:**, enter the server instance name as determined in the [Install SQL Server Express / alternatively use any full SQL instance](#install-sql-server-express--alternatively-use-any-full-sql-instance) section. If SQL is remote, make sure to use the FQDN.
+
+   1. Next to **Database:**, add a name for the database.
+
+   1. Once the database server and database names have been entered, select the **Connect** button.
+
+   1. Select the **Yes** button to create the database.
 
 ## Uninstall VAMT
 
-To uninstall VAMT using the **Programs and Features** Control Panel:
+To uninstall VAMT:
 
-1. Open **Control Panel** and select **Programs and Features**.
+1. Right-click on the Start Menu and select **Settings**.
 
-1. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
+1. Select **Apps** in the left hand pane.
+
+1. In the right hand pane under **Apps**, select **Installed apps**.
+
+   Alternatively, select the following link to automatically open the **Settings** app to the **Installed apps** page:
+
+   > [!div class="nextstepaction"]
+   > [Installed apps](ms-settings:appsfeatures)
+
+1. Scroll through the list of installed apps and find **Windows Assessment and Deployment Kit**.
+
+1. Select the three dots **...** next to **Windows Assessment and Deployment Kit** and then select **Modify**. The **Windows Assessment and Deployment Kit** window opens.
+
+1. In the **Windows Assessment and Deployment Kit** window:
+
+   1. In the **Maintain your Windows Assessment and Deployment Kit features** page, select **Change**, and then select the **Next** button.
+
+   1. In the **Select the features you want to change** page, uncheck **Volume Activation Management Tool (VAMT)**, and then select the **Change** button.
+
+   1. Once the uninstall is complete, the **Change is complete.** page is displayed. Select the **Close** button.

windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml

@@ -34,7 +34,7 @@ sections:
           Windows Autopatch doesn't support local (on-premises) domain join. Windows Autopatch supports [Hybrid AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or pure [Azure AD join](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
       - question: Will Windows Autopatch be available for state and local government customers?
         answer: |
-          Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not suppported.
+          Windows Autopatch is available for all Windows E3 customers using Azure commercial cloud. However, Autopatch isn't currently supported for government cloud (GCC) customers. Although Windows 365 Enterprise is in the Azure Commercial cloud, when Windows 365 Enterprise is used with a GCC customer tenant, Autopatch is not supported.
       - question: What if I enrolled into Windows Autopatch using the promo code? Will I still have access to the service?
         answer: |
           Yes. For those who used the promo code to access Windows Autopatch during public preview, you'll continue to have access to Windows Autopatch even when the promo code expires. There's no additional action you have to take to continue using Windows Autopatch.

windows/security/application-security/application-control/windows-defender-application-control/design/microsoft-recommended-driver-block-rules.md

@@ -81,7 +81,7 @@ To check that the policy was successfully applied on your computer:
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
 <SiPolicy xmlns="urn:schemas-microsoft-com:sipolicy">
-  <VersionEx>10.0.25930.0</VersionEx>
+  <VersionEx>10.0.25965.0</VersionEx>
   <PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
   <Rules>
     <Rule>
@@ -662,6 +662,10 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_EIO64_6" FriendlyName="Asus EIO64\cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb Hash Sha256" Hash="D4E7335A177E47688D68AD89940C272F82728C882623F1630E7FD2E03E16F003" />
     <Deny ID="ID_DENY_EIO64_7" FriendlyName="Asus EIO64\cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb Hash Page Sha1" Hash="D1AAAAF1EEA34073BAF39C7494E646C5AD2475F5" />
     <Deny ID="ID_DENY_EIO64_8" FriendlyName="Asus EIO64\cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb Hash Page Sha256" Hash="796BEC283155309F2DF0B1779CABC78A3B2161FFCED9F521DB231550DCB376A1" />
+    <Deny ID="ID_DENY_GVCIDRV_1" FriendlyName="Gigabyte gvcidrv\42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f Hash Sha1" Hash="4EAE38E9DC262EB7B6EDE4B3D3F4AD068933845E" />
+    <Deny ID="ID_DENY_GVCIDRV_2" FriendlyName="Gigabyte gvcidrv\42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f Hash Sha256" Hash="2FF09BB919A9909068166C30322C4E904BEFEBA5429E9A11D011297FB8A73C07" />
+    <Deny ID="ID_DENY_GVCIDRV_3" FriendlyName="Gigabyte gvcidrv\42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f Hash Page Sha1" Hash="6980122AEF4E2D5D7A6DDDB6DA76A166C460E0A1" />
+    <Deny ID="ID_DENY_GVCIDRV_4" FriendlyName="Gigabyte gvcidrv\42f0b036687cbd7717c9efed6991c00d4e3e7b032dc965a2556c02177dfdad0f Hash Page Sha256" Hash="A69247025DD32DC15E06FEE362B494BCC6105D34B8D7091F7EC3D9000BD71501" />
     <Deny ID="ID_DENY_HW_22" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Sha1" Hash="924A088149D6EE89551E15D45E7BC847B9561196" />
     <Deny ID="ID_DENY_HW_23" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Sha256" Hash="5E1E1489A1A01CFB466B527543D9D25112A83792BDE443DE9E34E4D3ADA697E3" />
     <Deny ID="ID_DENY_HW_24" FriendlyName="hw_sys\b8fcc8ef2b27c0c0622d069981e39f112d3b3b0dbede053340bc157ba1316eab Hash Page Sha1" Hash="ADB70331BE7B68359C3EC3065C045349EA5B2EE2" />
@@ -691,6 +695,90 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_INPOUTX_21" FriendlyName="inpoutx\d5cc046c2ae9ba6fe54def699f1c4fa92d3226304321bbf45cc33883ce131138 Hash Sha256" Hash="D5CC046C2AE9BA6FE54DEF699F1C4FA92D3226304321BBF45CC33883CE131138" />
     <Deny ID="ID_DENY_INPOUTX_22" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha1" Hash="CCE8ED3969E52080B32BCC59E2EC174CA9C578EC" />
     <Deny ID="ID_DENY_INPOUTX_23" FriendlyName="inpoutx\e2c531a771b0df1585518a22427798e86611e6be3d357024797871a1b3876e9c Hash Sha256" Hash="E2C531A771B0DF1585518A22427798E86611E6BE3D357024797871A1B3876E9C" />
+    <Deny ID="ID_DENY_IREC_1" FriendlyName="IREC.sys\irec32--1.sys Hash Sha1" Hash="B715B8030FC28346C97B5F5FB901C390ED5C97B6" />
+    <Deny ID="ID_DENY_IREC_2" FriendlyName="IREC.sys\irec32--1.sys Hash Sha256" Hash="2E8E61DAA45061AE04AABEE086371A6D56F0D517AA584E1B70C8423C8E469310" />
+    <Deny ID="ID_DENY_IREC_3" FriendlyName="IREC.sys\irec32--1.sys Hash Page Sha1" Hash="9DF591D3672885C5BAA454413C75D974386B9F14" />
+    <Deny ID="ID_DENY_IREC_4" FriendlyName="IREC.sys\irec32--1.sys Hash Page Sha256" Hash="883602C2C622E270F91E6391FE5E4B156CB68ED6B41A2F5694EFB93774579FFF" />
+    <Deny ID="ID_DENY_IREC_5" FriendlyName="IREC.sys\irec32--10.sys Hash Sha1" Hash="BCA37BCC2AEE3383F43D0126E30E07893E40F452" />
+    <Deny ID="ID_DENY_IREC_6" FriendlyName="IREC.sys\irec32--10.sys Hash Sha256" Hash="B431CBD247F1D229CA2A90256063973A8B4129A154926026366766677AB740F6" />
+    <Deny ID="ID_DENY_IREC_7" FriendlyName="IREC.sys\irec32--10.sys Hash Page Sha1" Hash="4B2582568EC84D1711D3EDCBE53730F32D9EA4F5" />
+    <Deny ID="ID_DENY_IREC_8" FriendlyName="IREC.sys\irec32--10.sys Hash Page Sha256" Hash="6D94B06210D7946DD9F4EC83D2E804FC6EA0083E95CBACA0E62D84891C9DA51C" />
+    <Deny ID="ID_DENY_IREC_9" FriendlyName="IREC.sys\irec32--11.sys Hash Sha1" Hash="EAA1C906B44925B71D4F67A29F125158CF58FBA1" />
+    <Deny ID="ID_DENY_IREC_A" FriendlyName="IREC.sys\irec32--11.sys Hash Sha256" Hash="EBFF008864CE631BCD44328DF0E72901EA08B83EA25EB6949FC8D61335E6A149" />
+    <Deny ID="ID_DENY_IREC_B" FriendlyName="IREC.sys\irec32--11.sys Hash Page Sha1" Hash="86777AF3C0E74138EF70C3DC02D98E3938F244BA" />
+    <Deny ID="ID_DENY_IREC_C" FriendlyName="IREC.sys\irec32--11.sys Hash Page Sha256" Hash="968D1E5440BA5F42E5E50C33ECFEE253FC6217F58F0475EC881DF9A65F254584" />
+    <Deny ID="ID_DENY_IREC_D" FriendlyName="IREC.sys\irec32--2.sys Hash Sha1" Hash="BC47F6F4A03B944A2C9BADA25275D5ED35A00946" />
+    <Deny ID="ID_DENY_IREC_E" FriendlyName="IREC.sys\irec32--2.sys Hash Sha256" Hash="E04C028FA5D0343A10C1D526ADD23B5C98834B252A87732CF69F4D482A7DAB94" />
+    <Deny ID="ID_DENY_IREC_F" FriendlyName="IREC.sys\irec32--2.sys Hash Page Sha1" Hash="F2F9BC79B1CF1FC2C4F9C3B59C53F5A8949CC987" />
+    <Deny ID="ID_DENY_IREC_10" FriendlyName="IREC.sys\irec32--2.sys Hash Page Sha256" Hash="5ECD5D7679504C22300263889CC3B48F1724EC5276CA24C06BABED595C3501AF" />
+    <Deny ID="ID_DENY_IREC_11" FriendlyName="IREC.sys\irec32--3.sys Hash Sha1" Hash="94881B8F8C0BD3EC9B4F8C44D74CD774AAEF77CA" />
+    <Deny ID="ID_DENY_IREC_12" FriendlyName="IREC.sys\irec32--3.sys Hash Sha256" Hash="A026FADABEB628EAD4399CA3FB3369224983E311CF927EAC7826B230CB774B67" />
+    <Deny ID="ID_DENY_IREC_13" FriendlyName="IREC.sys\irec32--3.sys Hash Page Sha1" Hash="3DEF49B1C6095AD5A5CACB5ED24958070C872925" />
+    <Deny ID="ID_DENY_IREC_14" FriendlyName="IREC.sys\irec32--3.sys Hash Page Sha256" Hash="00A813073AED7A5C795C35BF239536962683A73BB315C774DBA9838144131DEF" />
+    <Deny ID="ID_DENY_IREC_15" FriendlyName="IREC.sys\irec32--5.sys Hash Sha1" Hash="7C1B5F25BBA93877FA3D5626F3FF08FC865FC062" />
+    <Deny ID="ID_DENY_IREC_16" FriendlyName="IREC.sys\irec32--5.sys Hash Sha256" Hash="BB02A566FFE392BA15F3DD0FA0F2B08AE684462D41FE2141D98E9E8F416BC339" />
+    <Deny ID="ID_DENY_IREC_17" FriendlyName="IREC.sys\irec32--5.sys Hash Page Sha1" Hash="A987A4E8B23A90EC582C18CCB6A4FC075BBBE564" />
+    <Deny ID="ID_DENY_IREC_18" FriendlyName="IREC.sys\irec32--5.sys Hash Page Sha256" Hash="2ABA330D66FA4FA0348B52C068B8C754C18565D55059FF02D114C52A00946996" />
+    <Deny ID="ID_DENY_IREC_19" FriendlyName="IREC.sys\irec32--7.sys Hash Sha1" Hash="EF221C26D16FDFC16B6B416666AC27C67A123EDB" />
+    <Deny ID="ID_DENY_IREC_1A" FriendlyName="IREC.sys\irec32--7.sys Hash Sha256" Hash="2E5C4332A9EC895818F3F5EB3C101D2E55F4C588A57E4DAAD0544F5F3E434DD6" />
+    <Deny ID="ID_DENY_IREC_1B" FriendlyName="IREC.sys\irec32--7.sys Hash Page Sha1" Hash="98C5D52418EF0D4489EAD7341D4C80337E5438F4" />
+    <Deny ID="ID_DENY_IREC_1C" FriendlyName="IREC.sys\irec32--7.sys Hash Page Sha256" Hash="48AB3B361354812A7353F902491B4814268325AC53D79B81B3938A66A294E219" />
+    <Deny ID="ID_DENY_IREC_1D" FriendlyName="IREC.sys\irec32--8.sys Hash Sha1" Hash="4432DB3BCB9B8F14F1D8CBA0292985A206A624B5" />
+    <Deny ID="ID_DENY_IREC_1E" FriendlyName="IREC.sys\irec32--8.sys Hash Sha256" Hash="5B942A0686EE8772E0CC5070F9A023067410A7FC2F17EE902A380592EFF9DF98" />
+    <Deny ID="ID_DENY_IREC_1F" FriendlyName="IREC.sys\irec32--8.sys Hash Page Sha1" Hash="504DADC23313231D3670E0D60AB12CC9D3F8F366" />
+    <Deny ID="ID_DENY_IREC_20" FriendlyName="IREC.sys\irec32--8.sys Hash Page Sha256" Hash="83A28797DF3C1134FD2CF3BB3E1967C8BE2CF9D1BA13DEDB1367CE9E1E8FE84A" />
+    <Deny ID="ID_DENY_IREC_21" FriendlyName="IREC.sys\irec32--9.sys Hash Sha1" Hash="E388275F8874F95E4484F52742FCFB3751B33FF9" />
+    <Deny ID="ID_DENY_IREC_22" FriendlyName="IREC.sys\irec32--9.sys Hash Sha256" Hash="C9488EDE76B64E13E625D7EAEAFE5CE0C1B180CA6FB429B8C4C8DF5089DEEAF5" />
+    <Deny ID="ID_DENY_IREC_23" FriendlyName="IREC.sys\irec32--9.sys Hash Page Sha1" Hash="A4C243D53D69FBA0539949D7966E2DF67C4010CE" />
+    <Deny ID="ID_DENY_IREC_24" FriendlyName="IREC.sys\irec32--9.sys Hash Page Sha256" Hash="D6818FA421D57D961BD54625C2BDD0FB0C1E16CF00E404DBF37F1BC86DB48C20" />
+    <Deny ID="ID_DENY_IREC_25" FriendlyName="IREC.sys\irec64--16.sys Hash Sha1" Hash="169DD93FD4A637E452B148309C2E187880534E12" />
+    <Deny ID="ID_DENY_IREC_26" FriendlyName="IREC.sys\irec64--16.sys Hash Sha256" Hash="43BF704522A5E01030A9B5CDFBDD7B226E93B40B5AF62581495E66407F365B10" />
+    <Deny ID="ID_DENY_IREC_27" FriendlyName="IREC.sys\irec64--16.sys Hash Page Sha1" Hash="A9D9D7FF0D091A63491D43B4E9FB3852BC1BD5B1" />
+    <Deny ID="ID_DENY_IREC_28" FriendlyName="IREC.sys\irec64--16.sys Hash Page Sha256" Hash="1356FD71998471A795A4CBFDACED2D86879F05CEE383918B516BCF14ACAF547D" />
+    <Deny ID="ID_DENY_IREC_29" FriendlyName="IREC.sys\irec64--17.sys Hash Sha1" Hash="8E5B173D15C5E940D8D2D1985810D5EB2118AFAD" />
+    <Deny ID="ID_DENY_IREC_2A" FriendlyName="IREC.sys\irec64--17.sys Hash Sha256" Hash="06A136B23ADE23C02509A896A05CF6D99DF93E774A10583B796B61E3F643A858" />
+    <Deny ID="ID_DENY_IREC_2B" FriendlyName="IREC.sys\irec64--17.sys Hash Page Sha1" Hash="BC95CB78F67C3F98380CB53FE1EB3A495BF53B8B" />
+    <Deny ID="ID_DENY_IREC_2C" FriendlyName="IREC.sys\irec64--17.sys Hash Page Sha256" Hash="F563312E01F7C88293CC4374C97737EDAED22A6FD26E0106CB6A30CE68C3BD45" />
+    <Deny ID="ID_DENY_IREC_2D" FriendlyName="IREC.sys\irec64--18.sys Hash Sha1" Hash="90EBE947F9DAEF1ABEE0BCC2241069E061AE24ED" />
+    <Deny ID="ID_DENY_IREC_2E" FriendlyName="IREC.sys\irec64--18.sys Hash Sha256" Hash="9A6E8BD410BA51574B773B98C6488FC332F445DA0E94E78F693B9A76E86DFBCC" />
+    <Deny ID="ID_DENY_IREC_2F" FriendlyName="IREC.sys\irec64--18.sys Hash Page Sha1" Hash="B8FC6F0E07F898268E43652C0CCB650405CCD68C" />
+    <Deny ID="ID_DENY_IREC_30" FriendlyName="IREC.sys\irec64--18.sys Hash Page Sha256" Hash="BA7317A12A431DA55E53778C9EC0D58DB701E88B89D03A9EDD7C5C1012E66A14" />
+    <Deny ID="ID_DENY_IREC_31" FriendlyName="IREC.sys\irec64--19.sys Hash Sha1" Hash="719F659300BA463EFEEAB5916F0378C64FC1AD4A" />
+    <Deny ID="ID_DENY_IREC_32" FriendlyName="IREC.sys\irec64--19.sys Hash Sha256" Hash="457E2EB5EE1DEF0E336463B7F62DCC02FDDE307B817CF750907A5F5465C4DCB7" />
+    <Deny ID="ID_DENY_IREC_33" FriendlyName="IREC.sys\irec64--19.sys Hash Page Sha1" Hash="F7FEA2BE8FF65DBB89BAF39EF8E0D80DAB81CB8E" />
+    <Deny ID="ID_DENY_IREC_34" FriendlyName="IREC.sys\irec64--19.sys Hash Page Sha256" Hash="5FEB045C2452FD280BA1CAD5FC9B4F0DE7FC95EABDCE19FA2CD1F632891F3B1A" />
+    <Deny ID="ID_DENY_IREC_35" FriendlyName="IREC.sys\irec64--21.sys Hash Sha1" Hash="37486D0CA79CF2924D8540B00E84FF4F9C86F574" />
+    <Deny ID="ID_DENY_IREC_36" FriendlyName="IREC.sys\irec64--21.sys Hash Sha256" Hash="87F01D8BF8424D801D4B47273918FB817DA2E59F517BA1FC1C038FB3C4E91A17" />
+    <Deny ID="ID_DENY_IREC_37" FriendlyName="IREC.sys\irec64--21.sys Hash Page Sha1" Hash="54CBAEDB10F2AFAA73E4C209ECD6E76B3912AF6F" />
+    <Deny ID="ID_DENY_IREC_38" FriendlyName="IREC.sys\irec64--21.sys Hash Page Sha256" Hash="09516642395221D25006D8E604D7FC519DE102453875D6DD325D02A80A4D30CE" />
+    <Deny ID="ID_DENY_IREC_39" FriendlyName="IREC.sys\irec64--23.sys Hash Sha1" Hash="E4496961589BB0C03F05016AA3242B2D1ACD5E3F" />
+    <Deny ID="ID_DENY_IREC_3A" FriendlyName="IREC.sys\irec64--23.sys Hash Sha256" Hash="D62B9E6BC56E042C1CE7CB6493AB7FD1B58F716D1C4DC9E56DDFDBDB79B4F3E4" />
+    <Deny ID="ID_DENY_IREC_3B" FriendlyName="IREC.sys\irec64--23.sys Hash Page Sha1" Hash="0F11543D227EB822C9FBB3F4B9E497E1831BFAA9" />
+    <Deny ID="ID_DENY_IREC_3C" FriendlyName="IREC.sys\irec64--23.sys Hash Page Sha256" Hash="A28B1BD5B1C5D3C91029CAEAE0FB71AFD3485A5D6701DF812D9181B429E605F1" />
+    <Deny ID="ID_DENY_IREC_3D" FriendlyName="IREC.sys\irec64--24.sys Hash Sha1" Hash="288AA5926A9382D34AF147B142BCDD02C06B39BD" />
+    <Deny ID="ID_DENY_IREC_3E" FriendlyName="IREC.sys\irec64--24.sys Hash Sha256" Hash="66A751B6168A4D9F2F5F5D8D18BEF25F1494E0E20A31360E0F72E498096DE23F" />
+    <Deny ID="ID_DENY_IREC_3F" FriendlyName="IREC.sys\irec64--24.sys Hash Page Sha1" Hash="D71E1AA8124D6E634D2F8C9C08E6D1BFC29F0E3A" />
+    <Deny ID="ID_DENY_IREC_40" FriendlyName="IREC.sys\irec64--24.sys Hash Page Sha256" Hash="66D06BE183B3AE3F51798A4FCFAB56CAD3B92135429620F5EC1589258F799326" />
+    <Deny ID="ID_DENY_IREC_41" FriendlyName="IREC.sys\irec64--25.sys Hash Sha1" Hash="8BBB803E9F79196590FC33E4FB216D556E318F86" />
+    <Deny ID="ID_DENY_IREC_42" FriendlyName="IREC.sys\irec64--25.sys Hash Sha256" Hash="9C709B73D67AC049C391EB398A08056422AA677801B2AF924CF3BBACD3D484D2" />
+    <Deny ID="ID_DENY_IREC_43" FriendlyName="IREC.sys\irec64--25.sys Hash Page Sha1" Hash="0D28D548B2E5C5CBB279061A32CC46297A1F531C" />
+    <Deny ID="ID_DENY_IREC_44" FriendlyName="IREC.sys\irec64--25.sys Hash Page Sha256" Hash="924DF2032B3B70CD9D9ACC3AC28D0924E8D9EAA24CD406688E2DC0E3BFC3F70A" />
+    <Deny ID="ID_DENY_IREC_45" FriendlyName="IREC.sys\irec64--26.sys Hash Sha1" Hash="63DC0951A2D8FD32F62E7ECBB34B917EDB855E27" />
+    <Deny ID="ID_DENY_IREC_46" FriendlyName="IREC.sys\irec64--26.sys Hash Sha256" Hash="D48B16426AD15C2FCD570F68893BDDFC16E61BF47E86575D17B7CBDED71F9937" />
+    <Deny ID="ID_DENY_IREC_47" FriendlyName="IREC.sys\irec64--26.sys Hash Page Sha1" Hash="798CF0D31E7DE95236D32526D98B1B9F398EF451" />
+    <Deny ID="ID_DENY_IREC_48" FriendlyName="IREC.sys\irec64--26.sys Hash Page Sha256" Hash="679ECD06D16A6E5D647E955DC8DB480F2799868C1C8F2334DAF11B095DCE9DCB" />
+    <Deny ID="ID_DENY_IREC_49" FriendlyName="IREC.sys\irec64--27.sys Hash Sha1" Hash="EFE0B7278B60880F2A7EE6FE6F7EC274995C8D0E" />
+    <Deny ID="ID_DENY_IREC_4A" FriendlyName="IREC.sys\irec64--27.sys Hash Sha256" Hash="F2F3907897D349B6263C1FBC16BF12534886DB847E98BFFE786025C16E2796C1" />
+    <Deny ID="ID_DENY_IREC_4B" FriendlyName="IREC.sys\irec64--27.sys Hash Page Sha1" Hash="CA64B7A0BEA9C46986C9CCC869F66DB49FC82CDA" />
+    <Deny ID="ID_DENY_IREC_4C" FriendlyName="IREC.sys\irec64--27.sys Hash Page Sha256" Hash="6789CA368EC8D5D01FD8D379A119CEAA677798BA0763BEBBE65C9FA5E581A160" />
+    <Deny ID="ID_DENY_IREC_4D" FriendlyName="IREC.sys\irec64--28.sys Hash Sha1" Hash="8B8D832E9F39281A454CE6D6A876338B8931075F" />
+    <Deny ID="ID_DENY_IREC_4E" FriendlyName="IREC.sys\irec64--28.sys Hash Sha256" Hash="7CCCD8D23FDABF6F6AC6725521EF99B6CB90BA5045FC13540EC6B9BB69F71AB0" />
+    <Deny ID="ID_DENY_IREC_4F" FriendlyName="IREC.sys\irec64--28.sys Hash Page Sha1" Hash="CC1696378EC427350B8AF1327113DC18FFE8433C" />
+    <Deny ID="ID_DENY_IREC_50" FriendlyName="IREC.sys\irec64--28.sys Hash Page Sha256" Hash="8248A91E24E4DE42B0690268C781938095D1C4F89750A66D8E05DBE5DD709864" />
+    <Deny ID="ID_DENY_IREC_51" FriendlyName="IREC.sys\irecARM64--45.sys Hash Sha1" Hash="F89D40FA04E040EF2B6170CAA7E7BDF52A40B2E6" />
+    <Deny ID="ID_DENY_IREC_52" FriendlyName="IREC.sys\irecARM64--45.sys Hash Sha256" Hash="7883DDEBE413E3D18E93FE73CA293322235A6EF6AEF5AD7030B743A4ECED83A3" />
+    <Deny ID="ID_DENY_IREC_53" FriendlyName="IREC.sys\irecARM64--45.sys Hash Page Sha1" Hash="2C8F603F5420AC349DAD3051C6DD820DC1D34C8E" />
+    <Deny ID="ID_DENY_IREC_54" FriendlyName="IREC.sys\irecARM64--45.sys Hash Page Sha256" Hash="8154EA793FC5DA34AAA7B14D24F462D1E6838AA7DE44CF3E5F332A8C66191DF2" />
     <Deny ID="ID_DENY_LGCORETEMP_1" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha1" Hash="BF20C99129A768B3D2D5C621AB50375984AB9351" />
     <Deny ID="ID_DENY_LGCORETEMP_2" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Sha256" Hash="9C4DB6EE983FD4FA74F8212031ADE343A1B9ABDB258D05BEF1AABD7AB49FBC16" />
     <Deny ID="ID_DENY_LGCORETEMP_3" FriendlyName="lgcoretemp\e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef Hash Page Sha1" Hash="4DD5A5D9B4AF0708902DF52C6C42921DE296CC21" />
@@ -889,6 +977,26 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_NVFLASH_6A" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Sha256" Hash="157CE9AE0D09766CFA3E5BE8F90E2AC510F0CE3A0BB7CD97E3A5F9AA20C76661" />
     <Deny ID="ID_DENY_NVFLASH_6B" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Page Sha1" Hash="C1DC399DF098A44F569BA80ECCFE0B5724362B16" />
     <Deny ID="ID_DENY_NVFLASH_6C" FriendlyName="nvflash.sys\ffd1aef19646ffed09b56a2ace4fc8cdf5b2f714fcca1e7ffb82256264c94b18 Hash Page Sha256" Hash="D6E111744E51D167F040AC43D426D852013241C717C557ECC8C8FCEAA0F01BBC" />
+    <Deny ID="ID_DENY_NVOCLOCK_1" FriendlyName="nvoclock\2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958 Hash Sha1" Hash="0380CE3467B97AA19CA6AB3177651B22A77D9C0E" />
+    <Deny ID="ID_DENY_NVOCLOCK_2" FriendlyName="nvoclock\2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958 Hash Sha256" Hash="717242AD6A3AFB6F236890CAA44501A4BE8D0AB019F028BA2C74D3455F065804" />
+    <Deny ID="ID_DENY_NVOCLOCK_3" FriendlyName="nvoclock\2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958 Hash Page Sha1" Hash="B80FECC3E055CE1952E0C9F491B9BBC4EDD3591A" />
+    <Deny ID="ID_DENY_NVOCLOCK_4" FriendlyName="nvoclock\2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958 Hash Page Sha256" Hash="D1CC7B5CED135FC9CF1170C78F6B3FD789962A73D84114C3ACC93FFBABA59C77" />
+    <Deny ID="ID_DENY_NVOCLOCK_5" FriendlyName="nvoclock\29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36 Hash Sha1" Hash="E7F478393A69EC3FE0A026584DDC26FD336DC4F0" />
+    <Deny ID="ID_DENY_NVOCLOCK_6" FriendlyName="nvoclock\29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36 Hash Sha256" Hash="73664268A737D071F2C3C67503002DB08432953F14771317835B6F080D3DAEFF" />
+    <Deny ID="ID_DENY_NVOCLOCK_7" FriendlyName="nvoclock\3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284 Hash Sha1" Hash="1E4FDFE6750A04756332CC5A5896CD5763C923C7" />
+    <Deny ID="ID_DENY_NVOCLOCK_8" FriendlyName="nvoclock\3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284 Hash Sha256" Hash="1848CB34D16559E3C8232C369D89FC12B5720B58300D8C4C21DADE6E3EA8D585" />
+    <Deny ID="ID_DENY_NVOCLOCK_9" FriendlyName="nvoclock\4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d Hash Sha1" Hash="FB6958D7D53E63EDEB4CCEEBAB4D12CA70202109" />
+    <Deny ID="ID_DENY_NVOCLOCK_10" FriendlyName="nvoclock\4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d Hash Sha256" Hash="F72DBB2A818BA47CA03FFBE50D211050210699C25CAEC3B97CA960D7286D4B6A" />
+    <Deny ID="ID_DENY_NVOCLOCK_11" FriendlyName="nvoclock\64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5 Hash Sha1" Hash="2D63276EB232457770188F2DF6FC67EB41FAACD1" />
+    <Deny ID="ID_DENY_NVOCLOCK_12" FriendlyName="nvoclock\64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5 Hash Sha256" Hash="ABBF92203A31C93B8E719CDABFF1C681921EDBAF43CD34DA79C86CB5A806757F" />
+    <Deny ID="ID_DENY_NVOCLOCK_13" FriendlyName="nvoclock\64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5 Hash Page Sha1" Hash="6687A30E8887A18CBCC962E2BDE118BA66310F15" />
+    <Deny ID="ID_DENY_NVOCLOCK_14" FriendlyName="nvoclock\64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5 Hash Page Sha256" Hash="1FE5977A8C891E29444E1364EB91C82A606E39E842D80FE0DBA126261376E751" />
+    <Deny ID="ID_DENY_NVOCLOCK_15" FriendlyName="nvoclock\77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f Hash Sha1" Hash="FDDCB8952F5F44DDAE6201B08DDAA94537470669" />
+    <Deny ID="ID_DENY_NVOCLOCK_16" FriendlyName="nvoclock\77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f Hash Sha256" Hash="CEC5964D7E32C52439D5EB660FA97827B619A7DA9F3264F0C9FA4B69E3CB7CC1" />
+    <Deny ID="ID_DENY_NVOCLOCK_17" FriendlyName="nvoclock\87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b Hash Sha1" Hash="8546586F7825C49876F2E0C52BA55F545B4E03BD" />
+    <Deny ID="ID_DENY_NVOCLOCK_18" FriendlyName="nvoclock\87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b Hash Sha256" Hash="7C8D7BB3A272AFE7FB737BD165FE9BD8F8187F1835289EB66D471CDCED74E950" />
+    <Deny ID="ID_DENY_NVOCLOCK_19" FriendlyName="nvoclock\d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8 Hash Sha1" Hash="FE761BEE648D4A1C9FD8C1646323A692DF957C42" />
+    <Deny ID="ID_DENY_NVOCLOCK_20" FriendlyName="nvoclock\d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8 Hash Sha256" Hash="B3183D87A902DB1BBDAECB37291B9D37C032CE9DFACBE4B36CC3032F5A643AB4" /> 
     <Deny ID="ID_DENY_OTIPCIBUS_1" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Sha1" Hash="FD172C7F8BDC81988FCF1642881078A8CA8415F6" />
     <Deny ID="ID_DENY_OTIPCIBUS_2" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Sha256" Hash="1CDA1A6E33D14D5DD06344425102BF840F8149E817ECFB01C59A2190D3367024" />
     <Deny ID="ID_DENY_OTIPCIBUS_3" FriendlyName="otipcibus.sys\4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80 Hash Page Sha1" Hash="8DFBFD888C9A420AC7F3371E5443C26A2852E539" />
@@ -915,6 +1023,22 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_PHYMEMX64_SHA256" FriendlyName="phymemx64 Hash Sha256" Hash="A6AE7364FD188C10D6B5A729A7FF58A3EB11E7FEB0D107D18F9133655C11FB66" />
     <Deny ID="ID_DENY_PHYMEMX64_SHA1_PAGE" FriendlyName="phymemx64 Hash Page Sha1" Hash="6E7D8ABF7F81A2433F27B052B3952EFC4B9CC0B1" />
     <Deny ID="ID_DENY_PHYMEMX64_SHA256_PAGE" FriendlyName="phymemx64 Hash Page Sha256" Hash="B7113B9A68E17428E2107B19BA099571AAFFC854B8FB9CBCEB79EF9E3FD1CC62" />
+    <Deny ID="ID_DENY_QMBSEC_0" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Sha1" Hash="129ABA97A7EB768AE0ED28D0C9A496F3C60DB314" />
+    <Deny ID="ID_DENY_QMBSEC_1" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Sha256" Hash="AF55DE92D14CF69D19B2FCB6DB4FBE272C2E04E5F62F7519BD368C173A05CE1F" />
+    <Deny ID="ID_DENY_QMBSEC_2" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Page Sha1" Hash="416895E001A9C3721999048941CD9B79BB9BF9BB" />
+    <Deny ID="ID_DENY_QMBSEC_3" FriendlyName="qmbsec.sys\0c801d381292e0476fb435fcc450b7a8970054cc47230c3123f3b6930d8ad799 Hash Page Sha256" Hash="50A1719C23DD141ACC867D0935A0EB1A8349F3D7CF1186FA037E829D1788FB34" />
+    <Deny ID="ID_DENY_QMBSEC_4" FriendlyName="qmbsec.sys\494cf30f87274942694e1d6a5700466382cf1398ff62a64a654b2e396fff43f4 Hash Sha1" Hash="7DC5480689591EE8FE778641807CB7B54263E04F" />
+    <Deny ID="ID_DENY_QMBSEC_5" FriendlyName="qmbsec.sys\494cf30f87274942694e1d6a5700466382cf1398ff62a64a654b2e396fff43f4 Hash Sha256" Hash="C8AF285696916F5E503E1F6445BE1CAA23B10178F261E4893DFB0F93A2AA9211" />
+    <Deny ID="ID_DENY_QMBSEC_6" FriendlyName="qmbsec.sys\494cf30f87274942694e1d6a5700466382cf1398ff62a64a654b2e396fff43f4 Hash Page Sha1" Hash="AF20947C135C4497FB6D1B51180DC07AAABEEA00" />
+    <Deny ID="ID_DENY_QMBSEC_7" FriendlyName="qmbsec.sys\494cf30f87274942694e1d6a5700466382cf1398ff62a64a654b2e396fff43f4 Hash Page Sha256" Hash="FB361D34A0D7C633817DDABEFD0CE66F9F5BC1E8F2B301DCCE657BADD2F06FB3" />
+    <Deny ID="ID_DENY_QMBSEC_8" FriendlyName="qmbsec.sys\51745c658c506484ed79e2d71862b36351bac95a897ddc41aaeb9ba5bdfb2a37 Hash Sha1" Hash="6C3434976D859889FA4E91FCF370764A48056B73" />
+    <Deny ID="ID_DENY_QMBSEC_9" FriendlyName="qmbsec.sys\51745c658c506484ed79e2d71862b36351bac95a897ddc41aaeb9ba5bdfb2a37 Hash Sha256" Hash="46141E13ADBADCDB42E0E96AC9F71D3E88E5FA6EFB42F658E216078424FE57A0" />
+    <Deny ID="ID_DENY_QMBSEC_A" FriendlyName="qmbsec.sys\51745c658c506484ed79e2d71862b36351bac95a897ddc41aaeb9ba5bdfb2a37 Hash Page Sha1" Hash="BAB8C0DAC93E72E13F7F2014F44C5EDF1EFCAE17" />
+    <Deny ID="ID_DENY_QMBSEC_B" FriendlyName="qmbsec.sys\51745c658c506484ed79e2d71862b36351bac95a897ddc41aaeb9ba5bdfb2a37 Hash Page Sha256" Hash="6980D97D602100054B8F9F2206E29705E79EC86464915B2212ECEC08C548A291" />
+    <Deny ID="ID_DENY_QMBSEC_C" FriendlyName="qmbsec.sys\be6c3af76d43d6200a387eab9b57791c87dc3a3e21636b3df68bb34e24eebf89 Hash Sha1" Hash="82879A316D5A212C95E8F6DC2734BFDA3DD84DE4" />
+    <Deny ID="ID_DENY_QMBSEC_D" FriendlyName="qmbsec.sys\be6c3af76d43d6200a387eab9b57791c87dc3a3e21636b3df68bb34e24eebf89 Hash Sha256" Hash="B083BB2B298FA14F2E7CC65341337209DF5DE7C53B8CE5DAB5FA830DD29FE2A5" />
+    <Deny ID="ID_DENY_QMBSEC_E" FriendlyName="qmbsec.sys\be6c3af76d43d6200a387eab9b57791c87dc3a3e21636b3df68bb34e24eebf89 Hash Page Sha1" Hash="96516702799451093DB85802491D70F20382DFDE" />
+    <Deny ID="ID_DENY_QMBSEC_F" FriendlyName="qmbsec.sys\be6c3af76d43d6200a387eab9b57791c87dc3a3e21636b3df68bb34e24eebf89 Hash Page Sha256" Hash="0915820FC684225C54BBE9C0727E5E592EE7F10272C3BD8FCE055742C188305C" />
     <Deny ID="ID_DENY_RETLIFTEN_SHA1_1" FriendlyName="80.sys Hash Sha1" Hash="BC2F3850C7B858340D7ED27B90E63B036881FD6C" />
     <Deny ID="ID_DENY_RETLIFTEN_SHA1_2" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="E74B6DDA8BC53BC687FC21218BD34062A78D8467" />
     <Deny ID="ID_DENY_RETLIFTEN_SHA1_3" FriendlyName="netfilterdrv.sys Hash Sha1" Hash="2C27ABBBBCF10DFB75AD79557E30ACE5ED314DF8" />
@@ -1171,6 +1295,56 @@ To check that the policy was successfully applied on your computer:
     <Deny ID="ID_DENY_WINIO_32" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Sha256" Hash="5B6C10E103D42B17E5DDD6BEEC295BBF51CE56547134CE8D675A008A8243F615" />
     <Deny ID="ID_DENY_WINIO_33" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha1" Hash="746414A878978FA039A6521F392167913CEA7C8D" />
     <Deny ID="ID_DENY_WINIO_34" FriendlyName="PartnerTech WinIO\dc2b92f59fd8d059a58cc0761212f788d7041f708f4bd717d1738de909b4f781 Hash Page Sha256" Hash="45DFA3B42C2789A741C5F29862A8CFC5998D889F96C5783C1A27AC03DE1A407A" />
+    <Deny ID="ID_DENY_WINIO_35" FriendlyName="WinIO\0bfcf39a3e63bb6ef8afec67965103df1b9803bca31d221a7fd4233972be9e05 Hash Sha1" Hash="664F7E5EF393507A259362E6D7337407E44A3EDB" />
+    <Deny ID="ID_DENY_WINIO_36" FriendlyName="WinIO\0bfcf39a3e63bb6ef8afec67965103df1b9803bca31d221a7fd4233972be9e05 Hash Sha256" Hash="2DCED5FB3F68F8E33D2454798FCDC5AFCB00EBD1BBB8968CAF274B8D9A3A1DFE" />
+    <Deny ID="ID_DENY_WINIO_37" FriendlyName="WinIO\0bfcf39a3e63bb6ef8afec67965103df1b9803bca31d221a7fd4233972be9e05 Hash Page Sha1" Hash="CF3DF8311C7F241C56F4640D2C6A4A9BB20CD674" />
+    <Deny ID="ID_DENY_WINIO_38" FriendlyName="WinIO\0bfcf39a3e63bb6ef8afec67965103df1b9803bca31d221a7fd4233972be9e05 Hash Page Sha256" Hash="CA87FD00ACDAA7FE36496C1EBD81F6F608ADBB60F41F9B02C6815580F4CE42AC" />
+    <Deny ID="ID_DENY_WINIO_39" FriendlyName="WinIO\13a38c92606de7bc61960606deb59e1db125fb4efbb8b29ba732e5d3c2dc169c Hash Sha1" Hash="1769C1E75D4131047771350AAF84AEA0A631A53C" />
+    <Deny ID="ID_DENY_WINIO_40" FriendlyName="WinIO\13a38c92606de7bc61960606deb59e1db125fb4efbb8b29ba732e5d3c2dc169c Hash Sha256" Hash="E9E8061F8E2C68C6F3E4A4D284CE9E8195140E531981C54F68ED7445D259B4DA" />
+    <Deny ID="ID_DENY_WINIO_41" FriendlyName="WinIO\13a38c92606de7bc61960606deb59e1db125fb4efbb8b29ba732e5d3c2dc169c Hash Page Sha1" Hash="50B55723B63BFECD05DBEB4C19C36AC8F9BEBD25" />
+    <Deny ID="ID_DENY_WINIO_42" FriendlyName="WinIO\13a38c92606de7bc61960606deb59e1db125fb4efbb8b29ba732e5d3c2dc169c Hash Page Sha256" Hash="14F25296EA3C6AE183BDAE04A0029BE2BB4D679089680FB2695904708A778CB2" />
+    <Deny ID="ID_DENY_WINIO_43" FriendlyName="WinIO\1f868677f2e6afd63b974908f793307a91329a6a413cfd726e85185507401afb Hash Sha1" Hash="67A8DF0F5962D4C93D4463BF79185F23502B8CEA" />
+    <Deny ID="ID_DENY_WINIO_44" FriendlyName="WinIO\1f868677f2e6afd63b974908f793307a91329a6a413cfd726e85185507401afb Hash Sha256" Hash="1E93ACD7C0ACCE3C39AC6303A8D914B5F8556C7C1E10EFDBBA18CCF75A41F36E" />
+    <Deny ID="ID_DENY_WINIO_45" FriendlyName="WinIO\2e8c28298890f1684be3827bcdb0746a124a0ffe58d1c9a4c361c2e8b13cf735 Hash Sha1" Hash="7BCF1C28DEED9ECAD5DFBEC3A111297673C33AA7" />
+    <Deny ID="ID_DENY_WINIO_46" FriendlyName="WinIO\2e8c28298890f1684be3827bcdb0746a124a0ffe58d1c9a4c361c2e8b13cf735 Hash Sha256" Hash="6A4E037EE84F83D3A4E84C35F09AE26D42F347FEC8ECF525553962EC24CEB2BE" />
+    <Deny ID="ID_DENY_WINIO_47" FriendlyName="WinIO\2e8c28298890f1684be3827bcdb0746a124a0ffe58d1c9a4c361c2e8b13cf735 Hash Page Sha1" Hash="B23D319DBE769BF8DB0D5217A3523553072830E3" />
+    <Deny ID="ID_DENY_WINIO_48" FriendlyName="WinIO\2e8c28298890f1684be3827bcdb0746a124a0ffe58d1c9a4c361c2e8b13cf735 Hash Page Sha256" Hash="F0158C28986F4A806F127DB70720462D8EF07F8EB7A7B8DE698896993365B517" />
+    <Deny ID="ID_DENY_WINIO_49" FriendlyName="WinIO\385660a65e69b3bf9ac5c2ae4cadbb1e07f366e1807979bf7a915e40e9480f8b Hash Sha1" Hash="FDF79660BAE9C9DD54509FEC6C9F0E0A9BB2C1D5" />
+    <Deny ID="ID_DENY_WINIO_50" FriendlyName="WinIO\385660a65e69b3bf9ac5c2ae4cadbb1e07f366e1807979bf7a915e40e9480f8b Hash Sha256" Hash="FF40D6714AC9C59A6D0E3A155586D6C51A3457F77BA1E2858D9804A0318178E7" />
+    <Deny ID="ID_DENY_WINIO_51" FriendlyName="WinIO\385660a65e69b3bf9ac5c2ae4cadbb1e07f366e1807979bf7a915e40e9480f8b Hash Page Sha1" Hash="65EC6A3DB695FCD94DF5C8B41EEF67DE02031C96" />
+    <Deny ID="ID_DENY_WINIO_52" FriendlyName="WinIO\385660a65e69b3bf9ac5c2ae4cadbb1e07f366e1807979bf7a915e40e9480f8b Hash Page Sha256" Hash="F74C91893BE76BE735CDBCA522405D0AE055326AE7D7082907FE1447FA196F2C" />
+    <Deny ID="ID_DENY_WINIO_53" FriendlyName="WinIO\42322b59f75f3ee3f66d080433c01fe024ca9ce5cbd3acac8a98394ac2a0d659 Hash Sha1" Hash="8E93E37A72A13DAC1C4C0BC1DA6BDFB8BA8D9CB3" />
+    <Deny ID="ID_DENY_WINIO_54" FriendlyName="WinIO\42322b59f75f3ee3f66d080433c01fe024ca9ce5cbd3acac8a98394ac2a0d659 Hash Sha256" Hash="5B6C10E103D42B17E5DDD6BEEC295BBF51CE56547134CE8D675A008A8243F615" />
+    <Deny ID="ID_DENY_WINIO_55" FriendlyName="WinIO\42322b59f75f3ee3f66d080433c01fe024ca9ce5cbd3acac8a98394ac2a0d659 Hash Page Sha1" Hash="746414A878978FA039A6521F392167913CEA7C8D" />
+    <Deny ID="ID_DENY_WINIO_56" FriendlyName="WinIO\42322b59f75f3ee3f66d080433c01fe024ca9ce5cbd3acac8a98394ac2a0d659 Hash Page Sha256" Hash="45DFA3B42C2789A741C5F29862A8CFC5998D889F96C5783C1A27AC03DE1A407A" />
+    <Deny ID="ID_DENY_WINIO_57" FriendlyName="WinIO\8d5466ccce64de5beccc373e0c878ca3e624ed78d359f76aae32de4df5afce18 Hash Sha1" Hash="DB70C4C4BE791955F33977D85B30D9624E9270E3" />
+    <Deny ID="ID_DENY_WINIO_58" FriendlyName="WinIO\8d5466ccce64de5beccc373e0c878ca3e624ed78d359f76aae32de4df5afce18 Hash Sha256" Hash="9F44E5C897EE06D92E7BEDC713DD369D85E084959C69CEEC25663A599FF5D5F8" />
+    <Deny ID="ID_DENY_WINIO_59" FriendlyName="WinIO\8d5466ccce64de5beccc373e0c878ca3e624ed78d359f76aae32de4df5afce18 Hash Page Sha1" Hash="AAB02F7A7931442D2F46330E069ABF9B59DB3F3D" />
+    <Deny ID="ID_DENY_WINIO_60" FriendlyName="WinIO\8d5466ccce64de5beccc373e0c878ca3e624ed78d359f76aae32de4df5afce18 Hash Page Sha256" Hash="9185576B594D33290237E72841F56D36A4F0D6668EC9094FB45C1F3957DF6A0C" />
+    <Deny ID="ID_DENY_WINIO_61" FriendlyName="WinIO\9ef6eb93e504351d710b88fd5ec68ef2e0b757ea364341e715b0076dc559b54a Hash Sha1" Hash="789C851AF232506F62BE108799065219427861C2" />
+    <Deny ID="ID_DENY_WINIO_62" FriendlyName="WinIO\9ef6eb93e504351d710b88fd5ec68ef2e0b757ea364341e715b0076dc559b54a Hash Sha256" Hash="D6399E43E24E4D2348008645F6E2176AEB2F0244A5E17028C152D87617E7BD0D" />
+    <Deny ID="ID_DENY_WINIO_63" FriendlyName="WinIO\9ef6eb93e504351d710b88fd5ec68ef2e0b757ea364341e715b0076dc559b54a Hash Page Sha1" Hash="5E699DF6F458A11CD8C2D59D083D2CA38A25F876" />
+    <Deny ID="ID_DENY_WINIO_64" FriendlyName="WinIO\9ef6eb93e504351d710b88fd5ec68ef2e0b757ea364341e715b0076dc559b54a Hash Page Sha256" Hash="E6E5B6C064338FBB222221EF3A8DEBE60E4ED0AAECCB5B03FECD0DC595AB3FC9" />
+    <Deny ID="ID_DENY_WINIO_65" FriendlyName="WinIO\9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 Hash Sha1" Hash="651B953CB03928E41424AD59F21D4978D6F4952E" />
+    <Deny ID="ID_DENY_WINIO_66" FriendlyName="WinIO\9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 Hash Sha256" Hash="EBBAA44277A3EC6E20AD3F6AEF5399FDC398306EB4C13AA96E45C9A281820A12" />
+    <Deny ID="ID_DENY_WINIO_67" FriendlyName="WinIO\9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 Hash Page Sha1" Hash="3727D824713E733558A20DE9876AABF1059D3158" />
+    <Deny ID="ID_DENY_WINIO_68" FriendlyName="WinIO\9fc29480407e5179aa8ea41682409b4ea33f1a42026277613d6484e5419de374 Hash Page Sha256" Hash="88C83F618C8F4069DED87C409A8446C5A30E22A303E64AAFF1C5BE6302ADEDB4" />
+    <Deny ID="ID_DENY_WINIO_69" FriendlyName="WinIO\be929ae99015fafa0ab55cb475035e8c1359db1b61e00507defc1919a3538385 Hash Sha1" Hash="8522BD30B4028C43B747C96665F60AB920F341EA" />
+    <Deny ID="ID_DENY_WINIO_70" FriendlyName="WinIO\be929ae99015fafa0ab55cb475035e8c1359db1b61e00507defc1919a3538385 Hash Sha256" Hash="48EC0783D0A2AAF4956102479BA4DDFE9F760066D00E1C5B7F022A084951DC73" />
+    <Deny ID="ID_DENY_WINIO_71" FriendlyName="WinIO\be929ae99015fafa0ab55cb475035e8c1359db1b61e00507defc1919a3538385 Hash Page Sha1" Hash="9808DE8670677522E87FFEF1593D220E3619C7B9" />
+    <Deny ID="ID_DENY_WINIO_72" FriendlyName="WinIO\be929ae99015fafa0ab55cb475035e8c1359db1b61e00507defc1919a3538385 Hash Page Sha256" Hash="BC54AF722F57C3BD11EDAEDBF5979AA8D8A388A2D94E80E9E26311B61A11529A" />
+    <Deny ID="ID_DENY_WINIO_73" FriendlyName="WinIO\d6518cb6dc0cfdfefb9e2210e3de18867748a77153fa11bc7263cdbc58919815 Hash Sha1" Hash="660DC4007F3C667BA97736C3C9A5E038CB473EE0" />
+    <Deny ID="ID_DENY_WINIO_74" FriendlyName="WinIO\d6518cb6dc0cfdfefb9e2210e3de18867748a77153fa11bc7263cdbc58919815 Hash Sha256" Hash="669FF9649C66B4C61BD97EC4A83D6EBC8DA7736C039B2741D4E2D8310039977A" />
+    <Deny ID="ID_DENY_WINIO_75" FriendlyName="WinIO\d6518cb6dc0cfdfefb9e2210e3de18867748a77153fa11bc7263cdbc58919815 Hash Page Sha1" Hash="118777DD5E34BDCE01B2A0C6720A4EB9DC4FEFFF" />
+    <Deny ID="ID_DENY_WINIO_76" FriendlyName="WinIO\d6518cb6dc0cfdfefb9e2210e3de18867748a77153fa11bc7263cdbc58919815 Hash Page Sha256" Hash="E686804D2FF9ACEAD443A0B66DACD1780E4041A0ACAEDB3A78B91F52DCFF4824" />
+    <Deny ID="ID_DENY_WINIO_77" FriendlyName="WinIO\db4a5b87db97167c70e98014a12ac324866cf643cee65d3b3cda0b33add34d2f Hash Sha1" Hash="4AF05BCCDD9A1FFCF3DAF4DFE4A00FE6F1F257BE" />
+    <Deny ID="ID_DENY_WINIO_78" FriendlyName="WinIO\db4a5b87db97167c70e98014a12ac324866cf643cee65d3b3cda0b33add34d2f Hash Sha256" Hash="059EFDB03556258C34B6CB26FF4679DC7CD4CB797190FDDDF373B3F701EE55B7" />
+    <Deny ID="ID_DENY_WINIO_79" FriendlyName="WinIO\db4a5b87db97167c70e98014a12ac324866cf643cee65d3b3cda0b33add34d2f Hash Page Sha1" Hash="468B16FD87C346A1F5B11BDE450673F1D8866619" />
+    <Deny ID="ID_DENY_WINIO_80" FriendlyName="WinIO\db4a5b87db97167c70e98014a12ac324866cf643cee65d3b3cda0b33add34d2f Hash Page Sha256" Hash="186D287B669D813A727CBAAACDAA291FA1F16B1599122BA869622AE0C920F6B9" />
+    <Deny ID="ID_DENY_WINIO_81" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Sha1" Hash="7B3DB7D11456209A266F077F8E2D2B90E4F9118D" />
+    <Deny ID="ID_DENY_WINIO_82" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Sha256" Hash="2EBB1FE5DCEF9EC8629D56D30DDBA27D112C2CBFCED936D235FCDF078846DDC6" />
+    <Deny ID="ID_DENY_WINIO_83" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Page Sha1" Hash="929749666A53B35CC75A21B19C65E54671CC751E" />
+    <Deny ID="ID_DENY_WINIO_84" FriendlyName="WinIO\f4acfebd83a351029dd812a0e40b44f5362f31ae80b6ae0b2fa2241687d34912 Hash Page Sha256" Hash="C39AB8DC5E4DA02FA2309B83FF4FDF63AEF20F33018DFDEFB7B0B12B92CFE86E" />
     <Deny ID="ID_DENY_WINRING0_SHA1" FriendlyName="WinRing0.sys Hash Sha1" Hash="12EB825418A932B1E4C6697DC7647E89AE52CF3F" />
     <Deny ID="ID_DENY_WINRING0_SHA256" FriendlyName="WinRing0.sys Hash Sha256" Hash="4582ADB2E67EEBAFF755AE740C1F24BC3AF78E0F28E8E8DECB99F86BF155AB23" />
     <Deny ID="ID_DENY_WINRING0_SHA1_PAGE" FriendlyName="WinRing0.sys Hash Page Sha1" Hash="497AFEB0D5B97D4B863704A2F77FFEF31220402D" />
@@ -1213,10 +1387,10 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_EIO64" FriendlyName="ASUS EIO64.sys\1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718 FileAttribute" FileName="EIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_EELAM" FriendlyName="ESET eelam Overpermissive ELAM FileAttribute" FileName="eelam.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="10.0.16.0" />
     <FileAttrib ID="ID_FILEATTRIB_ELBY_DRIVER" FriendlyName="" FileName="ElbyCDIO.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="6.0.3.2" />
-    <FileAttrib ID="ID_FILEATTRIB_ETDSUPPORT" FriendlyName="HP EtdSupport\0d383e469d0e27ebb713770f01f7f1a57068a7d30478221e6f2276125048d1c9 FileAttribute" FileName="etdsupp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_ETDSUPPORT" FriendlyName="HP EtdSupport\0d383e469d0e27ebb713770f01f7f1a57068a7d30478221e6f2276125048d1c9 FileAttribute" FileName="etdsupp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="20.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_FAIRPLAY" FriendlyName="Deny FairplayKD.sys MTA San Andreas Versions 367.*" ProductName="MTA San Andreas" MinimumFileVersion="367.0.0.0" MaximumFileVersion="367.65535.65535.65535"/>
     <FileAttrib ID="ID_FILEATTRIB_GMER" FriendlyName="GMEREK gmer64 FileAttribute" FileName="gmer64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
-    <FileAttrib ID="ID_FILEATTRIB_HAXM" FriendlyName="haXM.sys FileAttribute" FileName="HaXM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
+    <FileAttrib ID="ID_FILEATTRIB_HAXM" FriendlyName="haXM.sys FileAttribute" FileName="HaXM.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_HPPORTIOX64" FriendlyName="HpPortIox64.sys" FileName="HpPortIox64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.2.0.9" />
     <FileAttrib ID="ID_FILEATTRIB_HW" FriendlyName="hw_sys\4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8 FileAttribute" FileName="HW.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="4.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_HWINFO_1" FriendlyName="REALiX_HWiNFO32 FileAttribute" FileName="HWiNFO32.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="8.98.0.0" />
@@ -1225,7 +1399,7 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_HWRWDRV" FriendlyName="HwRwDrv FileAttribute" FileName="HwRwDrv.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_IOBITUNLOCKER" FriendlyName="IObitUnlocker FileAttribute" FileName="IObitUnlocker.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.3.0.0" />
     <FileAttrib ID="ID_FILEATTRIB_IOMEM" FriendlyName="DT Research iomem\2b507e0ad4515d9d47fb7f0bfa1f1eb11de25db4fca49fc1417ea991dc33b6bf FileAttribute" FileName="iomem.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535"/>
-    <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_IQVW64" FriendlyName="IQVW64.sys FileAttribute" FileName="iQVW64.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.4.0.21" />
     <FileAttrib ID="ID_FILEATTRIB_KEVP64" FriendlyName="kevp64.sys FileAttribute" FileName="kEvP64.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LGCORETEMP" FriendlyName="LogiTech LgCoreTemp\93b266f38c3c3eaab475d81597abbd7cc07943035068bb6fd670dbbe15de0131 FileAttribute" FileName="LgCoreTemp.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_LHA" FriendlyName="LHA.sys FileAttribute" FileName="LHA.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
@@ -1241,6 +1415,7 @@ To check that the policy was successfully applied on your computer:
     <FileAttrib ID="ID_FILEATTRIB_NICM_DRIVER" FriendlyName="" FileName="NICM.SYS" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
     <FileAttrib ID="ID_FILEATTRIB_NSCM_DRIVER" FriendlyName="" FileName="nscm.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="3.1.11.0" />
     <FileAttrib ID="ID_FILEATTRIB_NTIOLIB" FriendlyName="" FileName="NTIOLib.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.0.0.0" />
+    <FileAttrib ID="ID_FILEATTRIB_NVOCLOCK" FriendlyName="Nvidia nvoclock\29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36 FileAttribute" FileName="nvoclock.sys" MinimumFileVersion="7.0.0.32" />
     <FileAttrib ID="ID_FILEATTRIB_NVFLASH" FriendlyName="Nvidia NVFlash FileAttribute" FileName="nvflash.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="1.9.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_OPENLIBSYS" FriendlyName="OpenLibSys\91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c FileAttribute" FileName="OpenLibSys.sys" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65535.65535.65535.65535" />
     <FileAttrib ID="ID_FILEATTRIB_PANIO_1" FriendlyName="PanIOx64\6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74 FileAttribute" FileName="PanIOx64.sys" MinimumFileVersion="1.0.0.1" />
@@ -1353,6 +1528,7 @@ To check that the policy was successfully applied on your computer:
       <FileAttribRef RuleID="ID_FILEATTRIB_LIBNICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NICM_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NSCM_DRIVER" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVOCLOCK" />
       <FileAttribRef RuleID="ID_FILEATTRIB_TREND_MICRO" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCHGBIOS2X64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_NCPL_DRIVER" />
@@ -1476,6 +1652,7 @@ To check that the policy was successfully applied on your computer:
       <FileAttribRef RuleID="ID_FILEATTRIB_CPUZ_DRIVER" />
       <FileAttribRef RuleID="ID_FILEATTRIB_IQVW64" />
       <FileAttribRef RuleID="ID_FILEATTRIB_MTCBSV64" />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVOCLOCK" />
       <FileAttribRef RuleID="ID_FILEATTRIB_PCDOC" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_1" />
       <FileAttribRef RuleID="ID_FILEATTRIB_ZEMANA_2" />
@@ -1994,6 +2171,11 @@ To check that the policy was successfully applied on your computer:
       <CertPublisher Value="HP Inc." />
       <FileAttribRef RuleID="ID_FILEATTRIB_ETDSUPPORT" />
     </Signer>
+    <Signer ID="ID_SIGNER_NVOCLOCK" Name="GeoTrust TrustCenter CodeSigning CA I">
+      <CertRoot Type="TBS" Value="172F39BCA3DDA7C6D5169C96B34A5FE7E96FF0BD" />
+      <CertPublisher Value="Micro-Star Int'l Co., Ltd." />
+      <FileAttribRef RuleID="ID_FILEATTRIB_NVOCLOCK" />
+    </Signer>
     <Signer ID="ID_SIGNER_CPUZ_1" Name="DigiCert EV Code Signing CA">
       <CertRoot Type="TBS" Value="2D54C16A8F8B69CCDEA48D0603C132F547A5CF75" />
       <CertPublisher Value="CPUID S.A.R.L.U." />
@@ -2195,6 +2377,7 @@ To check that the policy was successfully applied on your computer:
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH" />
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH_2" />
           <DeniedSigner SignerId="ID_SIGNER_NVFLASH_3" />
+          <DeniedSigner SignerId="ID_SIGNER_NVOCLOCK" />
           <DeniedSigner SignerId="ID_SIGNER_OPENLIBSYS"/>
           <DeniedSigner SignerId="ID_SIGNER_PAN" />
           <DeniedSigner SignerId="ID_SIGNER_PAVEL_Y_1" />
@@ -2811,6 +2994,10 @@ To check that the policy was successfully applied on your computer:
           <FileRuleRef RuleID="ID_DENY_EIO64_6" />
           <FileRuleRef RuleID="ID_DENY_EIO64_7" />
           <FileRuleRef RuleID="ID_DENY_EIO64_8" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV_1" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV_2" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV_3" />
+          <FileRuleRef RuleID="ID_DENY_GVCIDRV_4" />
           <FileRuleRef RuleID="ID_DENY_HW_22" />
           <FileRuleRef RuleID="ID_DENY_HW_23" />
           <FileRuleRef RuleID="ID_DENY_HW_24" />
@@ -2840,6 +3027,90 @@ To check that the policy was successfully applied on your computer:
           <FileRuleRef RuleID="ID_DENY_INPOUTX_21" />
           <FileRuleRef RuleID="ID_DENY_INPOUTX_22" />
           <FileRuleRef RuleID="ID_DENY_INPOUTX_23" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4" />
+          <FileRuleRef RuleID="ID_DENY_IREC_5" />
+          <FileRuleRef RuleID="ID_DENY_IREC_6" />
+          <FileRuleRef RuleID="ID_DENY_IREC_7" />
+          <FileRuleRef RuleID="ID_DENY_IREC_8" />
+          <FileRuleRef RuleID="ID_DENY_IREC_9" />
+          <FileRuleRef RuleID="ID_DENY_IREC_A" />
+          <FileRuleRef RuleID="ID_DENY_IREC_B" />
+          <FileRuleRef RuleID="ID_DENY_IREC_C" />
+          <FileRuleRef RuleID="ID_DENY_IREC_D" />
+          <FileRuleRef RuleID="ID_DENY_IREC_E" />
+          <FileRuleRef RuleID="ID_DENY_IREC_F" />
+          <FileRuleRef RuleID="ID_DENY_IREC_10" />
+          <FileRuleRef RuleID="ID_DENY_IREC_11" />
+          <FileRuleRef RuleID="ID_DENY_IREC_12" />
+          <FileRuleRef RuleID="ID_DENY_IREC_13" />
+          <FileRuleRef RuleID="ID_DENY_IREC_14" />
+          <FileRuleRef RuleID="ID_DENY_IREC_15" />
+          <FileRuleRef RuleID="ID_DENY_IREC_16" />
+          <FileRuleRef RuleID="ID_DENY_IREC_17" />
+          <FileRuleRef RuleID="ID_DENY_IREC_18" />
+          <FileRuleRef RuleID="ID_DENY_IREC_19" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1A" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1B" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1C" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1D" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1E" />
+          <FileRuleRef RuleID="ID_DENY_IREC_1F" />
+          <FileRuleRef RuleID="ID_DENY_IREC_20" />
+          <FileRuleRef RuleID="ID_DENY_IREC_21" />
+          <FileRuleRef RuleID="ID_DENY_IREC_22" />
+          <FileRuleRef RuleID="ID_DENY_IREC_23" />
+          <FileRuleRef RuleID="ID_DENY_IREC_24" />
+          <FileRuleRef RuleID="ID_DENY_IREC_25" />
+          <FileRuleRef RuleID="ID_DENY_IREC_26" />
+          <FileRuleRef RuleID="ID_DENY_IREC_27" />
+          <FileRuleRef RuleID="ID_DENY_IREC_28" />
+          <FileRuleRef RuleID="ID_DENY_IREC_29" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2A" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2B" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2C" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2D" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2E" />
+          <FileRuleRef RuleID="ID_DENY_IREC_2F" />
+          <FileRuleRef RuleID="ID_DENY_IREC_30" />
+          <FileRuleRef RuleID="ID_DENY_IREC_31" />
+          <FileRuleRef RuleID="ID_DENY_IREC_32" />
+          <FileRuleRef RuleID="ID_DENY_IREC_33" />
+          <FileRuleRef RuleID="ID_DENY_IREC_34" />
+          <FileRuleRef RuleID="ID_DENY_IREC_35" />
+          <FileRuleRef RuleID="ID_DENY_IREC_36" />
+          <FileRuleRef RuleID="ID_DENY_IREC_37" />
+          <FileRuleRef RuleID="ID_DENY_IREC_38" />
+          <FileRuleRef RuleID="ID_DENY_IREC_39" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3A" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3B" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3C" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3D" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3E" />
+          <FileRuleRef RuleID="ID_DENY_IREC_3F" />
+          <FileRuleRef RuleID="ID_DENY_IREC_40" />
+          <FileRuleRef RuleID="ID_DENY_IREC_41" />
+          <FileRuleRef RuleID="ID_DENY_IREC_42" />
+          <FileRuleRef RuleID="ID_DENY_IREC_43" />
+          <FileRuleRef RuleID="ID_DENY_IREC_44" />
+          <FileRuleRef RuleID="ID_DENY_IREC_45" />
+          <FileRuleRef RuleID="ID_DENY_IREC_46" />
+          <FileRuleRef RuleID="ID_DENY_IREC_47" />
+          <FileRuleRef RuleID="ID_DENY_IREC_48" />
+          <FileRuleRef RuleID="ID_DENY_IREC_49" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4A" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4B" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4C" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4D" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4E" />
+          <FileRuleRef RuleID="ID_DENY_IREC_4F" />
+          <FileRuleRef RuleID="ID_DENY_IREC_50" />
+          <FileRuleRef RuleID="ID_DENY_IREC_51" />
+          <FileRuleRef RuleID="ID_DENY_IREC_52" />
+          <FileRuleRef RuleID="ID_DENY_IREC_53" />
+          <FileRuleRef RuleID="ID_DENY_IREC_54" />
           <FileRuleRef RuleID="ID_DENY_KLMD" />
           <FileRuleRef RuleID="ID_DENY_LGCORETEMP_1" />
           <FileRuleRef RuleID="ID_DENY_LGCORETEMP_2" />
@@ -3039,6 +3310,26 @@ To check that the policy was successfully applied on your computer:
           <FileRuleRef RuleID="ID_DENY_NVFLASH_6A" />
           <FileRuleRef RuleID="ID_DENY_NVFLASH_6B" />
           <FileRuleRef RuleID="ID_DENY_NVFLASH_6C" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_1" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_2" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_3" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_4" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_5" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_6" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_7" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_8" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_9" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_10" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_11" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_12" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_13" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_14" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_15" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_16" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_17" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_18" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_19" />
+          <FileRuleRef RuleID="ID_DENY_NVOCLOCK_20" />
           <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_1" />
           <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_2" />
           <FileRuleRef RuleID="ID_DENY_OTIPCIBUS_3" />
@@ -3065,6 +3356,22 @@ To check that the policy was successfully applied on your computer:
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA1_PAGE" />
           <FileRuleRef RuleID="ID_DENY_PHYMEMX64_SHA256_PAGE" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_0" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_1" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_2" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_3" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_4" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_5" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_6" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_7" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_8" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_9" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_A" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_B" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_C" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_D" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_E" />
+          <FileRuleRef RuleID="ID_DENY_QMBSEC_F" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA256" />
           <FileRuleRef RuleID="ID_DENY_SEMAV6MSR64_SHA1_PAGE" />
@@ -3325,6 +3632,56 @@ To check that the policy was successfully applied on your computer:
           <FileRuleRef RuleID="ID_DENY_WINIO_32" />
           <FileRuleRef RuleID="ID_DENY_WINIO_33" />
           <FileRuleRef RuleID="ID_DENY_WINIO_34" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_35" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_36" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_37" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_38" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_39" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_40" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_41" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_42" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_43" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_44" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_45" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_46" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_47" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_48" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_49" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_50" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_51" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_52" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_53" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_54" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_55" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_56" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_57" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_58" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_59" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_60" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_61" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_62" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_63" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_64" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_65" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_66" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_67" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_68" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_69" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_70" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_71" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_72" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_73" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_74" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_75" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_76" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_77" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_78" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_79" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_80" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_81" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_82" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_83" />
+          <FileRuleRef RuleID="ID_DENY_WINIO_84" />
           <FileRuleRef RuleID="ID_DENY_PROCESSHACKER" />
           <FileRuleRef RuleID="ID_DENY_AMP" />
           <FileRuleRef RuleID="ID_DENY_ASMMAP" />
@@ -3357,7 +3714,7 @@ To check that the policy was successfully applied on your computer:
     </Setting>
     <Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
       <Value>
-        <String>10.0.25930.0</String>
+        <String>10.0.25965.0</String>
       </Value>
     </Setting>
   </Settings>

windows/security/identity-protection/hello-for-business/hello-identity-verification.md

@@ -44,12 +44,12 @@ The table shows the minimum requirements for each deployment. For key trust in a
 
 The table shows the minimum requirements for each deployment.
 
-| Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
-| --- | --- |
-|Any supported Windows client versions|Any supported Windows client versions|
-| Windows Server 2016 Schema | Windows Server 2016 Schema|
-| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
-| Any supported Windows Server versions  | Any supported Windows Server versions |
-| Any supported Windows Server versions  | Any supported Windows Server versions  |
-| Any supported Windows Server versions  | Any supported Windows Server versions  |
-| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |
+| Requirement | Key trust <br/> Group Policy managed | Certificate trust <br/> Group Policy managed|
+| --- | --- | ---|
+| **Windows Version** | Any supported Windows client versions|Any supported Windows client versions|
+| **Schema Version**| Windows Server 2016 Schema | Windows Server 2016 Schema|
+| **Domain and Forest Functional Level**| Windows Server 2008 R2 Domain/Forest functional level | Windows Server 2008 R2 Domain/Forest functional level |
+| **Domain Controller Version**| Any supported Windows Server versions  | Any supported Windows Server versions |
+| **Certificate Authority**| Any supported Windows Server versions  | Any supported Windows Server versions  |
+| **AD FS Version**| Any supported Windows Server versions  | Any supported Windows Server versions  |
+| **MFA Requirement**| AD FS with 3rd Party MFA Adapter | AD FS with 3rd Party MFA Adapter |