deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

acrolinx fixes

Browse Source
This commit is contained in:
ShannonLeavitt 2020-11-03 10:02:04 -07:00
parent d1b667637f
commit f99b15f246
3 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
View File

@ -109,7 +109,7 @@ To stop a trace:
- **logman -stop scardsvr -ets** - **logman -stop scardsvr -ets**
## Kerberos protocol, KDC and NTLM debugging and tracing ## Kerberos protocol, KDC, and NTLM debugging and tracing
<!-- It's difficult to find any Kerberos content any more. If they reinstate some content that's more relevant and detailed than what's below, link to it instead. --> <!-- It's difficult to find any Kerberos content any more. If they reinstate some content that's more relevant and detailed than what's below, link to it instead. -->
@ -123,7 +123,7 @@ To begin tracing, you can use Tracelog. Different components use different contr
### NTLM ### NTLM
To enable tracing for NTLM authentication, run the following at the command line: To enable tracing for NTLM authentication, run the following command on the command line:
- **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1** - **tracelog.exe -kd -rt -start ntlm -guid \#5BBB6C18-AA45-49b1-A15F-085F7ED0AA90 -f .\\ntlm.etl -flags 0x15003 -ft 1**
@ -143,11 +143,11 @@ To stop tracing for Kerberos authentication, run this command:
### KDC ### KDC
To enable tracing for the Key Distribution Center (KDC), run the following at the command line: To enable tracing for the Key Distribution Center (KDC), run the following command on the command line:
- **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1** - **tracelog.exe -kd -rt -start kdc -guid \#1BBA8B19-7F31-43c0-9643-6E911F79A06B -f .\\kdc.etl -flags 0x803 -ft 1**
To stop tracing for the KDC, run the following at the command line: To stop tracing for the KDC, run the following command on the command line:
- **tracelog.exe -stop kdc** - **tracelog.exe -stop kdc**
@ -184,11 +184,11 @@ The smart card resource manager service runs in the context of a local service.
**To check if Smart Card service is running** **To check if Smart Card service is running**
1. Press CTRL+ALT+DEL, and then click **Start Task Manager**. 1. Press CTRL+ALT+DEL, and then select **Start Task Manager**.
2. In the **Windows Task Manager** dialog box, click the **Services** tab. 2. In the **Windows Task Manager** dialog box, select the **Services** tab.
3. Click the **Name** column to sort the list alphabetically, and then type **s**. 3. Select the **Name** column to sort the list alphabetically, and then type **s**.
4. In the **Name** column, look for **SCardSvr**, and then look under the **Status** column to see if the service is running or stopped. 4. In the **Name** column, look for **SCardSvr**, and then look under the **Status** column to see if the service is running or stopped.
@ -196,7 +196,7 @@ The smart card resource manager service runs in the context of a local service.
1. Run as administrator at the command prompt. 1. Run as administrator at the command prompt.
2. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. 2. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**.
3. At the command prompt, type **net stop SCardSvr**. 3. At the command prompt, type **net stop SCardSvr**.
@ -204,7 +204,7 @@ The smart card resource manager service runs in the context of a local service.
You can use the following command at the command prompt to check whether the service is running: **sc queryex scardsvr**. You can use the following command at the command prompt to check whether the service is running: **sc queryex scardsvr**.
This is an example output from this command: The following code sample is an example output from this command:
```console ```console
SERVICE_NAME: scardsvr SERVICE_NAME: scardsvr
@ -228,14 +228,14 @@ As with any device connected to a computer, Device Manager can be used to view p
1. Navigate to **Computer**. 1. Navigate to **Computer**.
2. Right-click **Computer**, and then click **Properties**. 2. Right-click **Computer**, and then select **Properties**.
3. Under **Tasks**, click **Device Manager**. 3. Under **Tasks**, select **Device Manager**.
4. In Device Manager, expand **Smart card readers**, select the name of the smart card reader you want to check, and then click **Properties**. 4. In Device Manager, expand **Smart card readers**, select the name of the smart card reader you want to check, and then select **Properties**.
> [!NOTE] > [!NOTE]
> If the smart card reader is not listed in Device Manager, in the **Action** menu, click **Scan for hardware changes**. > If the smart card reader is not listed in Device Manager, in the **Action** menu, select **Scan for hardware changes**.
## CryptoAPI 2.0 Diagnostics ## CryptoAPI 2.0 Diagnostics

6
windows/security/information-protection/bitlocker/bitlocker-and-adds-faq.md
View File

@ -29,12 +29,12 @@ ms.custom: bitlocker
Stored information | Description Stored information | Description
-------------------|------------ -------------------|------------
Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in. Hash of the TPM owner password | Beginning with Windows 10, the password hash is not stored in AD DS by default. The password hash can be stored only if the TPM is owned and the ownership was taken by using components of Windows 8.1 or earlier, such as the BitLocker Setup Wizard or the TPM snap-in.
BitLocker recovery password | The recovery password allows you to unlock and access the drive in the event of a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md). BitLocker recovery password | The recovery password allows you to unlock and access the drive after a recovery incident. Domain administrators can view the BitLocker recovery password by using the BitLocker Recovery Password Viewer. For more information about this tool, see [BitLocker: Use BitLocker Recovery Password Viewer](bitlocker-use-bitlocker-recovery-password-viewer.md).
BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, Repair-bde. BitLocker key package | The key package helps to repair damage to the hard disk that would otherwise prevent standard recovery. Using the key package for recovery requires the BitLocker Repair Tool, Repair-bde.
## What if BitLocker is enabled on a computer before the computer has joined the domain? ## What if BitLocker is enabled on a computer before the computer has joined the domain?
If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered** and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require that the computer be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS. If BitLocker is enabled on a drive before Group Policy has been applied to enforce backup, the recovery information will not be automatically backed up to AD DS when the computer joins the domain or when Group Policy is subsequently applied. However, you can use the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed drives can be recovered**, and **Choose how BitLocker-protected removable drives can be recovered** Group Policy settings to require the computer to be connected to a domain before BitLocker can be enabled to help ensure that recovery information for BitLocker-protected drives in your organization is backed up to AD DS.
For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).
@ -65,7 +65,7 @@ No. By design, BitLocker recovery password entries do not get deleted from AD D
If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS. If the backup initially fails, such as when a domain controller is unreachable at the time when the BitLocker setup wizard is run, BitLocker does not try again to back up the recovery information to AD DS.
When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, **Choose how BitLocker-protected removable data drives can be recovered** policy settings, this prevents users from enabling BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization. When an administrator selects the **Require BitLocker backup to AD DS** check box of the **Store BitLocker recovery information in Active Directory Domain Service (Windows 2008 and Windows Vista)** policy setting, or the equivalent **Do not enable BitLocker until recovery information is stored in AD DS for (operating system | fixed data | removable data) drives** check box in any of the **Choose how BitLocker-protected operating system drives can be recovered**, **Choose how BitLocker-protected fixed data drives can be recovered**, and **Choose how BitLocker-protected removable data drives can be recovered** policy settings, users can't enable BitLocker unless the computer is connected to the domain and the backup of BitLocker recovery information to AD DS succeeds. With these settings configured if the backup fails, BitLocker cannot be enabled, ensuring that administrators will be able to recover BitLocker-protected drives in the organization.
For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md). For more info, see [BitLocker Group Policy settings](bitlocker-group-policy-settings.md).

2
windows/security/information-protection/index.md
View File

@ -1,6 +1,6 @@
--- ---
title: Information protection (Windows 10) title: Information protection (Windows 10)
description: Learn more about how to protect sesnsitive data across your ogranization. description: Learn more about how to protect sensitive data across your organization.
ms.prod: w10 ms.prod: w10
ms.mktglfcycl: deploy ms.mktglfcycl: deploy
ms.sitesec: library ms.sitesec: library