mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 13:27:23 +00:00
Merge pull request #1760 from MicrosoftDocs/seo-update-lengthy-meta-descriptions
SEO update lengthy meta-descriptions - part 4
This commit is contained in:
Gary Moore
GitHub
commit
fbd7e970c1
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: WiredNetwork CSP
|
title: WiredNetwork CSP
|
||||||
description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP to enable them to access corporate Internet over ethernet.
|
description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that do not have GP. Learn how it works.
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
ms.topic: article
|
ms.topic: article
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Configure MDT deployment share rules (Windows 10)
|
title: Configure MDT deployment share rules (Windows 10)
|
||||||
description: In this topic, you will learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine.
|
description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
|
||||||
ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
|
ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
@ -27,7 +27,7 @@ When using MDT, you can assign setting in three distinct ways:
|
|||||||
- You can prompt the user or technician for information.
|
- You can prompt the user or technician for information.
|
||||||
- You can have MDT generate the settings automatically.
|
- You can have MDT generate the settings automatically.
|
||||||
|
|
||||||
In order illustrate these three options, let's look at some sample configurations.
|
In order to illustrate these three options, let's look at some sample configurations.
|
||||||
|
|
||||||
## <a href="" id="sec02"></a>Sample configurations
|
## <a href="" id="sec02"></a>Sample configurations
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Use web services in MDT (Windows 10)
|
title: Use web services in MDT (Windows 10)
|
||||||
description: In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
|
description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
|
||||||
ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
|
ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
|
title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager (Windows 10)
|
||||||
description: This topic will walk you through the process of integrating Microsoft System Center 2012 R2 Configuration Manager SP1 with Microsoft Deployment Toolkit (MDT) 2013 Update 2, as well as the other preparations needed to deploying Windows 10 via Zero Touch Installation. Additional preparations include the installation of hotfixes as well as activities that speed up the Pre-Boot Execution Environment (PXE).
|
description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
|
||||||
ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
|
ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
|
|||||||
@ -1,147 +1,148 @@
|
|||||||
---
|
---
|
||||||
title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
|
title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager (Windows 10)
|
||||||
description: This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2.
|
description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
|
||||||
ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
|
ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
keywords: upgrade, install, installation, computer refresh
|
keywords: upgrade, install, installation, computer refresh
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.topic: article
|
author: greg-lindsay
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
|
|
||||||
|
# Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
|
**Applies to**
|
||||||
- Windows 10 versions 1507, 1511
|
|
||||||
|
- Windows 10 versions 1507, 1511
|
||||||
>[!IMPORTANT]
|
|
||||||
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
|
>[!IMPORTANT]
|
||||||
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
|
>For instructions to deploy the most recent version of Windows 10 with Configuration Manager, see [Scenarios to deploy enterprise operating systems with System Center Configuration Manager](https://docs.microsoft.com/sccm/osd/deploy-use/scenarios-to-deploy-enterprise-operating-systems).
|
||||||
|
>Configuration Manager 2012 and 2012 R2 provide support for Windows 10 versions 1507 and 1511 only. Later versions of Windows 10 require an updated Configuration Manager release. For a list of Configuration Manager versions and the corresponding Windows 10 client versions that are supported, see [Support for Windows 10 for System Center Configuration Manager](https://docs.microsoft.com/sccm/core/plan-design/configs/support-for-windows-10).
|
||||||
This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
|
|
||||||
|
This topic will show you how to use a previously created task sequence to refresh a Windows 7 SP1 client with Windows 10 using Microsoft System Center 2012 R2 Configuration Manager and Microsoft Deployment Toolkit (MDT) 2013 Update 2. When refreshing a machine to a later version, it appears as an upgrade to the end user, but technically it is not an in-place upgrade. A computer refresh also involves taking care of user data and settings from the old installation and making sure to restore those at the end of the installation. For more information, see [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
|
||||||
A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
|
|
||||||
|
A computer refresh with System Center 2012 R2 Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager involves the following steps:
|
||||||
1. Data and settings are backed up locally in a backup folder.
|
|
||||||
|
1. Data and settings are backed up locally in a backup folder.
|
||||||
2. The partition is wiped, except for the backup folder.
|
|
||||||
|
2. The partition is wiped, except for the backup folder.
|
||||||
3. The new operating system image is applied.
|
|
||||||
|
3. The new operating system image is applied.
|
||||||
4. Other applications are installed.
|
|
||||||
|
4. Other applications are installed.
|
||||||
5. Data and settings are restored.
|
|
||||||
|
5. Data and settings are restored.
|
||||||
For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
|
|
||||||
|
For the purposes of this topic, we will use three machines: DC01, CM01, and PC0003. DC01 is a domain controller and CM01 is a machine running Windows Server 2012 R2 Standard. PC0003 is a machine with Windows 7 SP1, on which Windows 10 will be deployed. DC01, CM01, and PC003 are all members of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
|
||||||
In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed.
|
|
||||||
|
In this topic, we assume that you have a Windows 7 SP1 client named PC0003 with the Configuration Manager client installed.
|
||||||
## <a href="" id="sec01"></a>Create a device collection and add the PC0003 computer
|
|
||||||
|
## <a href="" id="sec01"></a>Create a device collection and add the PC0003 computer
|
||||||
|
|
||||||
1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
|
|
||||||
|
1. On CM01, using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
|
||||||
* General
|
|
||||||
|
* General
|
||||||
* Name: Install Windows 10 Enterprise x64
|
|
||||||
|
* Name: Install Windows 10 Enterprise x64
|
||||||
* Limited Collection: All Systems
|
|
||||||
|
* Limited Collection: All Systems
|
||||||
* Membership rules:
|
|
||||||
|
* Membership rules:
|
||||||
* Direct rule
|
|
||||||
|
* Direct rule
|
||||||
* Resource Class: System Resource
|
|
||||||
|
* Resource Class: System Resource
|
||||||
* Attribute Name: Name
|
|
||||||
|
* Attribute Name: Name
|
||||||
* Value: PC0003
|
|
||||||
|
* Value: PC0003
|
||||||
* Select **Resources**
|
|
||||||
|
* Select **Resources**
|
||||||
* Select **PC0003**
|
|
||||||
|
* Select **PC0003**
|
||||||
2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection.
|
|
||||||
|
2. Review the Install Windows 10 Enterprise x64 collection. Do not continue until you see the PC0003 machine in the collection.
|
||||||
>[!NOTE]
|
|
||||||
>It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
|
>[!NOTE]
|
||||||
|
>It may take a short while for the collection to refresh; you can view progress via the Colleval.log file. If you want to speed up the process, you can manually update membership on the Install Windows 10 Enterprise x64 collection by right-clicking the collection and selecting Update Membership.
|
||||||
|
|
||||||
|
|
||||||
## <a href="" id="sec02"></a>Create a new deployment
|
|
||||||
|
## <a href="" id="sec02"></a>Create a new deployment
|
||||||
|
|
||||||
Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings:
|
|
||||||
|
Using the Configuration Manager console, in the Software Library workspace, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the following settings:
|
||||||
- General
|
|
||||||
|
- General
|
||||||
- Collection: Install Windows 10 Enterprise x64
|
|
||||||
|
- Collection: Install Windows 10 Enterprise x64
|
||||||
- Deployment Settings
|
|
||||||
|
- Deployment Settings
|
||||||
- Purpose: Available
|
|
||||||
|
- Purpose: Available
|
||||||
- Make available to the following: Configuration Manager clients, media and PXE
|
|
||||||
|
- Make available to the following: Configuration Manager clients, media and PXE
|
||||||
>[!NOTE]
|
|
||||||
>It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
|
>[!NOTE]
|
||||||
|
>It is not necessary to make the deployment available to media and Pre-Boot Execution Environment (PXE) for a computer refresh, but you will use the same deployment for bare-metal deployments later on and you will need it at that point.
|
||||||
|
|
||||||
|
|
||||||
- Scheduling
|
|
||||||
|
- Scheduling
|
||||||
- <default>
|
|
||||||
|
- <default>
|
||||||
- User Experience
|
|
||||||
|
- User Experience
|
||||||
- <default>
|
|
||||||
|
- <default>
|
||||||
- Alerts
|
|
||||||
|
- Alerts
|
||||||
- <default>
|
|
||||||
|
- <default>
|
||||||
- Distribution Points
|
|
||||||
|
- Distribution Points
|
||||||
- <default>
|
|
||||||
|
- <default>
|
||||||
## <a href="" id="sec03"></a>Initiate a computer refresh
|
|
||||||
|
## <a href="" id="sec03"></a>Initiate a computer refresh
|
||||||
|
|
||||||
Now you can start the computer refresh on PC0003.
|
|
||||||
|
Now you can start the computer refresh on PC0003.
|
||||||
1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**.
|
|
||||||
|
1. Using the Configuration Manager console, in the Asset and Compliance workspace, in the Install Windows 10 Enterprise x64 collection, right-click **PC0003** and select **Client Notification / Download Computer Policy**. Click **OK**.
|
||||||
>[!NOTE]
|
|
||||||
>The Client Notification feature is new in Configuration Manager.
|
>[!NOTE]
|
||||||
|
>The Client Notification feature is new in Configuration Manager.
|
||||||
2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**.
|
|
||||||
|
2. On PC0003, using the Software Center (begin using the Start screen, or click the **New software is available** balloon in the system tray), select the **Windows 10 Enterprise x64 RTM** deployment and click **INSTALL**.
|
||||||
3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**.
|
|
||||||
|
3. In the **Software Center** warning dialog box, click **INSTALL OPERATING SYSTEM**.
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
|
|
||||||
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
|
|
||||||
|
[Integrate Configuration Manager with MDT](../deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
|
||||||
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
|
||||||
|
[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
|
||||||
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
|
|
||||||
|
[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
|
||||||
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
|
|
||||||
|
[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
|
||||||
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
|
|
||||||
|
[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
|
||||||
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
|
|
||||||
|
[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
|
||||||
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
|
|
||||||
|
[Create a task sequence with Configuration Manager and MDT](../deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
|
||||||
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
|
|
||||||
|
[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
|
||||||
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
|
|
||||||
|
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Plan for Windows 10 deployment (Windows 10)
|
title: Plan for Windows 10 deployment (Windows 10)
|
||||||
description: Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date.
|
description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
|
||||||
ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15
|
ms.assetid: 002F9B79-B50F-40C5-A7A5-0B4770E6EC15
|
||||||
keywords: deploy, upgrade, update, configure
|
keywords: deploy, upgrade, update, configure
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
|
|||||||
@ -1,66 +1,67 @@
|
|||||||
---
|
---
|
||||||
title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
|
title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
|
||||||
description: This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
|
description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
|
||||||
ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017
|
ms.assetid: 9c2e9396-908e-4a36-ad67-2e40452ce017
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: plan
|
ms.mktglfcycl: plan
|
||||||
ms.pagetype: appcompat
|
ms.pagetype: appcompat
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.date: 04/19/2017
|
author: greg-lindsay
|
||||||
ms.topic: article
|
ms.date: 04/19/2017
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Managing Application-Compatibility Fixes and Custom Fix Databases
|
|
||||||
|
# Managing Application-Compatibility Fixes and Custom Fix Databases
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
|
**Applies to**
|
||||||
- Windows 10
|
|
||||||
- Windows 8.1
|
- Windows 10
|
||||||
- Windows 8
|
- Windows 8.1
|
||||||
- Windows 7
|
- Windows 8
|
||||||
- Windows Server 2012
|
- Windows 7
|
||||||
- Windows Server 2008 R2
|
- Windows Server 2012
|
||||||
|
- Windows Server 2008 R2
|
||||||
This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
|
|
||||||
|
This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
|
||||||
## In this section
|
|
||||||
|
## In this section
|
||||||
|
|
||||||
<table>
|
|
||||||
<colgroup>
|
<table>
|
||||||
<col width="50%" />
|
<colgroup>
|
||||||
<col width="50%" />
|
<col width="50%" />
|
||||||
</colgroup>
|
<col width="50%" />
|
||||||
<thead>
|
</colgroup>
|
||||||
<tr class="header">
|
<thead>
|
||||||
<th align="left">Topic</th>
|
<tr class="header">
|
||||||
<th align="left">Description</th>
|
<th align="left">Topic</th>
|
||||||
</tr>
|
<th align="left">Description</th>
|
||||||
</thead>
|
</tr>
|
||||||
<tbody>
|
</thead>
|
||||||
<tr class="odd">
|
<tbody>
|
||||||
<td align="left"><p><a href="understanding-and-using-compatibility-fixes.md" data-raw-source="[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)">Understanding and Using Compatibility Fixes</a></p></td>
|
<tr class="odd">
|
||||||
<td align="left"><p>As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.</p></td>
|
<td align="left"><p><a href="understanding-and-using-compatibility-fixes.md" data-raw-source="[Understanding and Using Compatibility Fixes](understanding-and-using-compatibility-fixes.md)">Understanding and Using Compatibility Fixes</a></p></td>
|
||||||
</tr>
|
<td align="left"><p>As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change. This can cause problems for applications that relied upon the original implementation. You can avoid compatibility issues by using the Microsoft Windows Application Compatibility (Compatibility Fix) infrastructure to create a specific application fix for a particular version of an application.</p></td>
|
||||||
<tr class="even">
|
</tr>
|
||||||
<td align="left"><p><a href="compatibility-fix-database-management-strategies-and-deployment.md" data-raw-source="[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)">Compatibility Fix Database Management Strategies and Deployment</a></p></td>
|
<tr class="even">
|
||||||
<td align="left"><p>After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:</p></td>
|
<td align="left"><p><a href="compatibility-fix-database-management-strategies-and-deployment.md" data-raw-source="[Compatibility Fix Database Management Strategies and Deployment](compatibility-fix-database-management-strategies-and-deployment.md)">Compatibility Fix Database Management Strategies and Deployment</a></p></td>
|
||||||
</tr>
|
<td align="left"><p>After you determine that you will use compatibility fixes in your application-compatibility mitigation strategy, you must define a strategy to manage your custom compatibility-fix database. Typically, you can use one of two approaches:</p></td>
|
||||||
<tr class="odd">
|
</tr>
|
||||||
<td align="left"><p><a href="testing-your-application-mitigation-packages.md" data-raw-source="[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)">Testing Your Application Mitigation Packages</a></p></td>
|
<tr class="odd">
|
||||||
<td align="left"><p>This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.</p></td>
|
<td align="left"><p><a href="testing-your-application-mitigation-packages.md" data-raw-source="[Testing Your Application Mitigation Packages](testing-your-application-mitigation-packages.md)">Testing Your Application Mitigation Packages</a></p></td>
|
||||||
</tr>
|
<td align="left"><p>This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.</p></td>
|
||||||
</tbody>
|
</tr>
|
||||||
</table>
|
</tbody>
|
||||||
|
</table>
|
||||||
|
|
||||||
|
|
||||||
## Related topics
|
|
||||||
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
|
## Related topics
|
||||||
|
[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
|
||||||
[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
|
|
||||||
|
[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
|
||||||
|
|||||||
@ -1,86 +1,87 @@
|
|||||||
---
|
---
|
||||||
title: Security and data protection considerations for Windows To Go (Windows 10)
|
title: Security and data protection considerations for Windows To Go (Windows 10)
|
||||||
description: One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
|
description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
|
||||||
ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe
|
ms.assetid: 5f27339f-6761-44f4-8c29-9a25cf8e75fe
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: laurawi
|
manager: laurawi
|
||||||
ms.author: greglin
|
ms.author: greglin
|
||||||
keywords: mobile, device, USB, secure, BitLocker
|
keywords: mobile, device, USB, secure, BitLocker
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: plan
|
ms.mktglfcycl: plan
|
||||||
ms.pagetype: mobility, security
|
ms.pagetype: mobility, security
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
audience: itpro
author: greg-lindsay
|
audience: itpro
|
||||||
ms.topic: article
|
author: greg-lindsay
|
||||||
---
|
ms.topic: article
|
||||||
|
---
|
||||||
# Security and data protection considerations for Windows To Go
|
|
||||||
|
# Security and data protection considerations for Windows To Go
|
||||||
|
|
||||||
**Applies to**
|
|
||||||
|
**Applies to**
|
||||||
- Windows 10
|
|
||||||
|
- Windows 10
|
||||||
>[!IMPORTANT]
|
|
||||||
>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
|
>[!IMPORTANT]
|
||||||
|
>Windows To Go is no longer being developed. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
|
||||||
One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
|
|
||||||
|
One of the most important requirements to consider when you plan your Windows To Go deployment is to ensure that the data, content, and resources you work with in the Windows To Go workspace is protected and secure.
|
||||||
## Backup and restore
|
|
||||||
|
## Backup and restore
|
||||||
|
|
||||||
As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
|
|
||||||
|
As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
|
||||||
If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
|
|
||||||
|
If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
|
||||||
## BitLocker
|
|
||||||
|
## BitLocker
|
||||||
|
|
||||||
We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
|
|
||||||
|
We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace, this helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) cannot be used by BitLocker to protect the drive. Instead, you will be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
|
||||||
You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
|
|
||||||
|
You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
|
||||||
**Tip**
|
|
||||||
If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail)
|
**Tip**
|
||||||
|
If the Windows To Go Creator wizard is not able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.md#wtg-faq-blfail)
|
||||||
|
|
||||||
|
|
||||||
If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode.
|
|
||||||
|
If you are using a host computer running Windows 7 that has BitLocker enabled, you should suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker is not suspended first, the next time the computer is started it will boot into recovery mode.
|
||||||
## Disk discovery and data leakage
|
|
||||||
|
## Disk discovery and data leakage
|
||||||
|
|
||||||
We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
|
|
||||||
|
We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This means the drive will not appear in Windows Explorer and an AutoPlay prompt will not be displayed to the user. This reduces the likelihood that an end-user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
|
||||||
To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
|
|
||||||
|
To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
|
||||||
For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
|
|
||||||
|
For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
|
||||||
## Security certifications for Windows To Go
|
|
||||||
|
## Security certifications for Windows To Go
|
||||||
|
|
||||||
Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
|
|
||||||
|
Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
|
||||||
- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
|
|
||||||
|
- [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
|
||||||
- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
|
|
||||||
|
- [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
|
||||||
## Related topics
|
|
||||||
|
## Related topics
|
||||||
|
|
||||||
[Windows To Go: feature overview](windows-to-go-overview.md)
|
|
||||||
|
[Windows To Go: feature overview](windows-to-go-overview.md)
|
||||||
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
|
|
||||||
|
[Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
|
||||||
[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
|
|
||||||
|
[Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)
|
||||||
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
|
|
||||||
|
[Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Windows 10 personal data services configuration
|
title: Windows 10 personal data services configuration
|
||||||
description: An overview of Windows 10 services configuration settings that are used for personal data privacy protection relevant for regulations, such as the General Data Protection Regulation (GDPR)
|
description: Learn more about Windows 10 configuration settings that are useful for complying with regulations such as the GDPR and protecting users' personal data.
|
||||||
keywords: privacy, GDPR, windows, IT
|
keywords: privacy, GDPR, windows, IT
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: manage
|
ms.mktglfcycl: manage
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Virtual Smart Card Overview (Windows 10)
|
title: Virtual Smart Card Overview (Windows 10)
|
||||||
description: This topic for IT professional provides an overview of the virtual smart card technology that was developed by Microsoft, and links to additional topics about virtual smart cards.
|
description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: deploy
|
ms.mktglfcycl: deploy
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune (Windows 10)
|
title: Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune (Windows 10)
|
||||||
description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
|
description: After you've created and deployed your Windows Information Protection (WIP) policy, use Microsoft Intune to link it to your Virtual Private Network (VPN) policy
|
||||||
keywords: WIP, Enterprise Data Protection
|
keywords: WIP, Enterprise Data Protection
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: explore
|
ms.mktglfcycl: explore
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10)
|
title: Create a Windows Information Protection (WIP) policy with MDM using the Azure portal for Microsoft Intune (Windows 10)
|
||||||
description: The Azure portal for Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, supporting mobile device management (MDM), to let you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
|
description: Learn how to use the Azure portal for Microsoft Intune to create and deploy your Windows Information Protection (WIP) policy to protect data on your network.
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: explore
|
ms.mktglfcycl: explore
|
||||||
ms.sitesec: library
|
ms.sitesec: library
|
||||||
@ -30,7 +30,7 @@ You can create an app protection policy in Intune either with device enrollment
|
|||||||
|
|
||||||
- MAM has additional **Access** settings for Windows Hello for Business.
|
- MAM has additional **Access** settings for Windows Hello for Business.
|
||||||
- MAM can [selectively wipe company data](https://docs.microsoft.com/intune/apps-selective-wipe) from a user's personal device.
|
- MAM can [selectively wipe company data](https://docs.microsoft.com/intune/apps-selective-wipe) from a user's personal device.
|
||||||
- MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
|
- MAM requires an [Azure Active Directory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses).
|
||||||
- An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
|
- An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery depends on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
|
||||||
- MAM supports only one user per device.
|
- MAM supports only one user per device.
|
||||||
- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
|
- MAM can only manage [enlightened apps](enlightened-microsoft-apps-and-wip.md).
|
||||||
@ -40,7 +40,7 @@ You can create an app protection policy in Intune either with device enrollment
|
|||||||
|
|
||||||
## Prerequisites
|
## Prerequisites
|
||||||
|
|
||||||
Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Direcory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
|
Before you can create a WIP policy using Intune, you need to configure an MDM or MAM provider in Azure Active Directory (Azure AD). MAM requires an [Azure Active Directory (Azure AD) Premium license](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-whatis#what-are-the-azure-ad-licenses). An Azure AD Premium license is also required for WIP auto-recovery, where a device can re-enroll and re-gain access to protected data. WIP auto-recovery relies on Azure AD registration to back up the encryption keys, which requires device auto-enrollment with MDM.
|
||||||
|
|
||||||
## Configure the MDM or MAM provider
|
## Configure the MDM or MAM provider
|
||||||
|
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
|
title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
|
||||||
description: Configuration Manager (version 1606 or later) helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
|
description: Use Configuration Manager to make & deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
|
||||||
ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
|
ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
|
keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10)
|
title: Mandatory tasks and settings required to turn on Windows Information Protection (WIP) (Windows 10)
|
||||||
description: This list provides all of the tasks that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP) in your enterprise.
|
description: Review all of the tasks required for Windows to turn on Windows Information Protection (WIP), formerly enterprise data protection (EDP), in your enterprise.
|
||||||
keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Protected apps list
|
keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection, protected apps, protected app list, App Rules, Protected apps list
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: explore
|
ms.mktglfcycl: explore
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Audit Directory Service Changes (Windows 10)
|
title: Audit Directory Service Changes (Windows 10)
|
||||||
description: This topic for the IT professional describes the advanced security audit policy setting, Audit Directory Service Changes, which determines whether the operating system generates audit events when changes are made to objects in Active Directory Domain Services (ADÂ DS).
|
description: The policy setting Audit Directory Service Changes determines if audit events are generated when objects in Active Directory Domain Services (AD DS) are changed
|
||||||
ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
|
ms.assetid: 9f7c0dd4-3977-47dd-a0fb-ec2f17cad05e
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Audit Filtering Platform Packet Drop (Windows 10)
|
title: Audit Filtering Platform Packet Drop (Windows 10)
|
||||||
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Filtering Platform Packet Drop, which determines whether the operating system generates audit events when packets are dropped by the Windows Filtering Platform.
|
description: The policy setting, Audit Filtering Platform Packet Drop, determines if audit events are generated when packets are dropped by the Windows Filtering Platform.
|
||||||
ms.assetid: 95457601-68d1-4385-af20-87916ddab906
|
ms.assetid: 95457601-68d1-4385-af20-87916ddab906
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Audit Other Account Logon Events (Windows 10)
|
title: Audit Other Account Logon Events (Windows 10)
|
||||||
description: This topic for the IT professional describes the advanced security audit policy setting, Audit Other Account Logon Events, which allows you to audit events generated by responses to credential requests submitted for a user account logon that are not credential validation or Kerberos tickets.
|
description: The policy setting, Audit Other Account Logon Events, allows you to audit events generated by responses to credential requests for certain kinds of user logons.
|
||||||
ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
|
ms.assetid: c8c6bfe0-33d2-4600-bb1a-6afa840d75b3
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Audit Process Creation (Windows 10)
|
title: Audit Process Creation (Windows 10)
|
||||||
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Process Creation, which determines whether the operating system generates audit events when a process is created (starts).
|
description: The Advanced Security Audit policy setting, Audit Process Creation, determines if audit events are generated when a process is created (starts).
|
||||||
ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019
|
ms.assetid: 67e39fcd-ded6-45e8-b1b6-d411e4e93019
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Audit Removable Storage (Windows 10)
|
title: Audit Removable Storage (Windows 10)
|
||||||
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Removable Storage, which determines when there is a read or a write to a removable drive.
|
description: The Advanced Security Audit policy setting, Audit Removable Storage, determines when there is a read or a write to a removable drive.
|
||||||
ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
|
ms.assetid: 1746F7B3-8B41-4661-87D8-12F734AFFB26
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
manager: dansimp
|
manager: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Registry (Global Object Access Auditing) (Windows 10)
|
title: Registry (Global Object Access Auditing) (Windows 10)
|
||||||
description: This topic for the IT professional describes the Advanced Security Audit policy setting, Registry (Global Object Access Auditing), which enables you to configure a global system access control list (SACL) on the registry of a computer.
|
description: The Advanced Security Audit policy setting, Registry (Global Object Access Auditing), enables you to configure a global system access control list (SACL).
|
||||||
ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
|
ms.assetid: 953bb1c1-3f76-43be-ba17-4aed2304f578
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Microsoft Defender Advanced Threat Protection
|
title: Microsoft Defender Advanced Threat Protection
|
||||||
description: Microsoft Defender Advanced Threat Protection is an enterprise security platform that helps secops to prevent, detect, investigate, and respond to possible cybersecurity threats related to advanced persistent threats.
|
description: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) is an enterprise security platform that helps defend against advanced persistent threats.
|
||||||
keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
|
keywords: introduction to Microsoft Defender Advanced Threat Protection, introduction to Microsoft Defender ATP, cybersecurity, advanced persistent threat, enterprise security, machine behavioral sensor, cloud security, analytics, threat intelligence, attack surface reduction, next generation protection, automated investigation and remediation, microsoft threat experts, secure score, advanced hunting, microsoft threat protection, cyber threat hunting
|
||||||
search.product: eADQiWindows 10XVcnh
|
search.product: eADQiWindows 10XVcnh
|
||||||
search.appverid: met150
|
search.appverid: met150
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Deny log on through Remote Desktop Services (Windows 10)
|
title: Deny log on through Remote Desktop Services (Windows 10)
|
||||||
description: Describes the best practices, location, values, policy management, and security considerations for the Deny log on through Remote Desktop Services security policy setting.
|
description: Best practices, location, values, policy management, and security considerations for the security policy setting, Deny log on through Remote Desktop Services.
|
||||||
ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67
|
ms.assetid: 84bbb807-287c-4acc-a094-cf0ffdcbca67
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Domain member Require strong (Windows 2000 or later) session key (Windows 10)
|
title: Domain member Require strong (Windows 2000 or later) session key (Windows 10)
|
||||||
description: Describes the best practices, location, values, and security considerations for the Domain member Require strong (Windows 2000 or later) session key security policy setting.
|
description: Best practices, location, values, and security considerations for the security policy setting, Domain member Require strong (Windows 2000 or later) session key.
|
||||||
ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd
|
ms.assetid: 5ab8993c-5086-4f09-bc88-1b27454526bd
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Interactive logon Display user information when the session is locked (Windows 10)
|
title: Interactive logon Display user information when the session is locked (Windows 10)
|
||||||
description: Describes the best practices, location, values, and security considerations for the Interactive logon Display user information when the session is locked security policy setting.
|
description: Best practices, security considerations, and more for the security policy setting, Interactive logon Display user information when the session is locked.
|
||||||
ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530
|
ms.assetid: 9146aa3d-9b2f-47ba-ac03-ff43efb10530
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Interactive logon Machine account lockout threshold (Windows 10)
|
title: Interactive logon Machine account lockout threshold (Windows 10)
|
||||||
description: Describes the best practices, location, values, management, and security considerations for the Interactive logon Machine account lockout threshold security policy setting.
|
description: Best practices, location, values, management, and security considerations for the security policy setting, Interactive logon Machine account lockout threshold.
|
||||||
ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4
|
ms.assetid: ebbd8e22-2611-4ebe-9db9-d49344e631e4
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Network security Configure encryption types allowed for Kerberos
|
title: Network security Configure encryption types allowed for Kerberos
|
||||||
description: Describes the best practices, location, values and security considerations for the Network security Configure encryption types allowed for Kerberos Win7 only security policy setting.
|
description: Best practices, location, values and security considerations for the policy setting, Network security Configure encryption types allowed for Kerberos Win7 only.
|
||||||
ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece
|
ms.assetid: 303d32cc-415b-44ba-96c0-133934046ece
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Profile system performance (Windows 10)
|
title: Profile system performance (Windows 10)
|
||||||
description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management, and security considerations for the Profile system performance security policy setting.
|
description: Best practices, location, values, policy management, and security considerations for the security policy setting, Profile system performance.
|
||||||
ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
|
ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10)
|
title: System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing (Windows 10)
|
||||||
description: This security policy reference topic for the IT professional describes the best practices, location, values, policy management and security considerations for this policy setting.
|
description: Best practices, security considerations, and more for the policy setting, System cryptography Use FIPS compliant algorithms for encryption, hashing, and signing
|
||||||
ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
|
ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: User Account Control Admin Approval Mode for the Built-in Administrator account (Windows 10)
|
title: User Account Control Admin Approval Mode for the Built-in Administrator account (Windows 10)
|
||||||
description: Describes the best practices, location, values, policy management and security considerations for the User Account Control Admin Approval Mode for the Built-in Administrator account security policy setting.
|
description: Best practices, security considerations, and more for the policy setting, User Account Control Admin Approval Mode for the Built-in Administrator account.
|
||||||
ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
|
ms.assetid: d465fc27-1cd2-498b-9cf6-7ad2276e5998
|
||||||
ms.reviewer:
|
ms.reviewer:
|
||||||
ms.author: dansimp
|
ms.author: dansimp
|
||||||
|
|||||||
@ -1,6 +1,6 @@
|
|||||||
---
|
---
|
||||||
title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
|
title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
|
||||||
description: Steps about what happens when an employee tries to run an app, how employees can report websites as safe or unsafe, and how employees can use the Windows Security to set Windows Defender SmartScreen for individual devices.
|
description: Learn how employees can use Windows Security to set up Windows Defender SmartScreen. Windows Defender SmartScreen protects users from running malicious apps.
|
||||||
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
|
keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
|
||||||
ms.prod: w10
|
ms.prod: w10
|
||||||
ms.mktglfcycl: explore
|
ms.mktglfcycl: explore
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user