deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-25 23:33:35 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
Files
ce500fde9bac815e2e63096beb20ab4c44160c79
windows-itpro-docs/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
DocsPreview ce500fde9b Latest updates for issues content (#379) 
* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* updates for new vdi stuff

* Adding important note to solve #3493

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Typo "&lt;"→"<", "&gt;"→">"

https://docs.microsoft.com/en-us/windows/application-management/manage-windows-mixed-reality

* Issue #2297

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Clarification

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update troubleshoot-np.md

* update configure-endpoints-gp.md

* Removing a part which is not supported

* Name change

* update troubleshoot-np.md

* removed on-premises added -hello

* Added link into Domain controller guide

* Line corections

* corrected formatting of xml code samples

When viewing the page in Win 10/Edge, the xml code samples stretched across the page, running into the side menu. The lack of line breaks also made it hard to read.

This update adds line breaks and syntax highlighting, replaces curly double quotes with standard double quotes, and adds a closing tag for <appv:appconnectiongroup>for each code sample

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* corrected formating of XML examples

The XML samples here present the same formatting problems as in about-the-connection-group-file51.md (see https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847/)

Perhaps we should open an issue to see if we have more versions of this code sample in the docs

* corrected formatting of XML example section

In the XML example on this page, the whitespace had been stripped out, so there were no spaces between adjacent attribute values or keys.

This made it hard to read, though the original formatting allowed for a scroll bar, so the text was not running into the side of the page (compare to https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847 and https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3850, where the uncorrected formatting forced the text to run into the side menu).

* update configure-endpoints-gp.md

* Fixed error in registry path and improved description

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Removing extra line in 25 

Suggested by

* update windows-analytics-azure-portal.md

* re: broken links, credential-guard-considerations

Context:
* #3513, MVA is being retired and producing broken links
* #3860 Microsoft Virtual Academy video links

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as I could not find a similar video available describing which credentials are covered by credential guard.

I replaced the second link with a video containing similar material, though it is not a "deep dive".

Suggestions on handling this problem, as many pages contain similar links, would be appreciated,.

* removed link to retired video re: #3867

Context:
* #3513, MVA is being retired and producing broken links
* #3867, Microsoft Virtual Academy video links

This page contains a broken link to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course is already retired, and no replacement course exists.

I removed the whole _See Also_ section, as I could not find a video narrowly or deeply addressing how to protect privelaged users with Credential Guard. The most likely candidate is too short and general: https://www.linkedin.com/learning/cism-cert-prep-1-information-security-governance/privileged-account-management

* addressing broken mva links, #3817

Context:
* #3513, MVA is being retired and producing broken links
* #3817, Another broken link

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as we no longer have a video with similar content for a similar audience. The most likely candidate is https://www.linkedin.com/learning/programming-foundations-web-security-2/types-of-credential-attacks, which is more general and for a less technical audience. 

I removed the second link and the _See Also_ section, as I could not find a similar video narrowly focused on which credentials are covered by Credential Guard. Most of the related material available now describes how to perform a task.

* Update deployment-vdi-windows-defender-antivirus.md

* typo fix re: #3876; DMSA -> DSMA

* Addressing dead MVA links, #3818

This page, like its fellows in the mva-links label, contains links to a retired video course on a website that is retiring soon.

The links listed by the user in issue #3818 were also on several other pages, related to Credentials Guard. 

These links were addressed in the pull requests #3875, #3872, and #3871

Credentials threat & lateral threat link: removed (see PR #3875 for reasoning) 
Virtualization link: replaced (see #3871 for reasoning)
Credentials protected link: removed (see #3872 for reasoning)

* Adding notes for known issue in script

Solves #3869

* Updated the download link admx files Windows 10

Added link for April 2018 and Oct 2018 ADMX files.

* added event logs path

Referenced : https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Suggestions applied.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update deployment-vdi-windows-defender-antivirus.md

* screenshot update

* Add files via upload

* update 4 scrrenshots

* Update deployment-vdi-windows-defender-antivirus.md

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Re: #3909

Top link is broken, #3909 

> The link here does not work:
> Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

The link to the pdf describing MDATP was broken.

Thankfully, PR #2897 updated the same link in another page some time ago, so I didn't have to go hunting for an equivalent

* CI Update

* Updated as per task 3405344

* Updated author

* Update windows-analytics-azure-portal.md

* added the example query

* Updated author fields

* Update office-csp.md

* update video for testing

* update video

* Update surface-hub-site-readiness-guide.md

line 134 Fixed  video link MD formatting

* fixing video url

* updates from Albert

* Bulk replaced author to manikadhiman

* Bulk replaced ms.author to v-madhi

* Latest content is published (#371)

* Added 1903 policy DDF link and fixed a typo

* Reverted the DDF version

* Latest update (#375)

* Update deployment-vdi-windows-defender-antivirus.md

* Update deployment-vdi-windows-defender-antivirus.md
2019-06-06 15:54:17 -07:00

11 KiB
Raw Blame History

title, description, author, ms.pagetype, ms.mktglfcycl, ms.sitesec, ms.prod, ms.date, ms.reviewer, manager, ms.author, ms.topic
title description author ms.pagetype ms.mktglfcycl ms.sitesec ms.prod ms.date ms.reviewer manager ms.author ms.topic
Configuring UE-V with System Center Configuration Manager Configuring UE-V with System Center Configuration Manager dansimp mdop, virtualization deploy library w10 04/19/2017 dansimp dansimp article

Configuring UE-V with System Center Configuration Manager

Applies to

  • Windows 10, version 1607

After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager (2012 SP1 or later) to apply consistent configurations across sites where UE-V and Configuration Manager are installed.

UE-V Configuration Pack supported features

The UE-V Configuration Pack includes tools to:

  • Create or update UE-V settings location template distribution baselines

    • Define UE-V templates to be registered or unregistered

    • Update UE-V template configuration items and baselines as templates are added or updated

    • Distribute and register UE-V templates using standard Configuration Item remediation

  • Create or update a UE-V Agent policy configuration item to set or clear these settings

    Max package size

    Enable/disable Windows app sync

    Wait for sync on application start

    Setting import delay

    Sync unlisted Windows apps

    Wait for sync on logon

    Settings import notification

    IT contact URL

    Wait for sync timeout

    Settings storage path

    IT contact descriptive text

    Settings template catalog path

    Sync enablement

    Tray icon enabled

    Start/Stop UE-V agent service

    Sync method

    First use notification

    Define which Windows apps will roam settings

    Sync timeout

  • Verify compliance by confirming that UE-V is running.

Generate a UE-V service policy configuration item

All UE-V service policy and configuration is distributed through a single configuration item that is generated using the UevAgentPolicyGenerator.exe tool. This tool reads the desired configuration from an XML configuration file and creates a CI containing the discovery and remediation settings needed to bring the machine into compliance.

The UE-V service policy configuration item CAB file is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:

  • Site <site code>

  • PolicyName <name> Optional: Defaults to “UE-V Agent Policy” if not present

  • PolicyDescription <description> Optional: A description is provided if not present

  • CabFilePath <full path to configuration item .CAB file>

  • ConfigurationFile <full path to agent configuration XML file>

Note   It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:

  1. Select Administration > Client Settings > Properties

  2. In the User Agent tab, set the PowerShell Execution Policy to Bypass

Create the first UE-V policy configuration item

  1. Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:

    C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml

    The default configuration file contains five sections:

    Computer Policy
    All UE-V machine level settings. The DesiredState attribute can be

    • Set to have the value assigned in the registry

    • Clear to remove the setting

    • Unmanaged to have the configuration item left at its current state

    Do not remove lines from this section. Instead, set the DesiredState to Unmanaged if you do not want Configuration Manager to alter current or default values.

    CurrentComputerUserPolicy
    All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be

    • Set to have the value assigned in the registry

    • Clear to remove the setting

    • Unmanaged to have the configuration item left at its current state

    Do not remove lines from this section. Instead, set the DesiredState to Unmanaged if you do not want Configuration Manager to alter current or default values.

    Services
    Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to Running or Stopped.

    Windows8AppsComputerPolicy
    All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of

    • Enabled to have settings roam

    • Disabled to prevent settings from roaming

    • Cleared to have the entry removed from UE-V control

    Additional lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.

    Windows8AppsCurrentComputerUserPolicy
    Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user.

  2. Edit the configuration file by changing the desired state and value fields.

  3. Run this command on a machine running the ConfigMgr Admin Console:

    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"

  4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem

Update a UE-V Policy Configuration Item

  1. Edit the configuration file by changing the desired state and value fields.

  2. Run the command from Step 3 in Create the First UE-V Policy Configuration Item. If you changed the name with the PolicyName parameter, make sure you enter the same name.

  3. Reimport the CAB file. The version in ConfigMgr will be updated.

Generate a UE-V Template Baseline

UE-V templates are distributed using a baseline containing multiple configuration items. Each configuration item contains the discovery and remediation scripts needed to install one UE-V template. The actual UE-V template is embedded within the remediation script for distribution using standard Configuration Item functionality.

The UE-V template baseline is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:

  • Site <site code>

  • BaselineName <name> (Optional: defaults to “UE-V Template Distribution Baseline” if not present)

  • BaselineDescription <description> (Optional: a description is provided if not present)

  • TemplateFolder <UE-V template folder>

  • Register <comma separated template file list>

  • Unregister <comma separated template list>

  • CabFilePath <Full path to baseline CAB file to generate>

The result is a baseline CAB file that is ready for import into Configuration Manager. If at a future date, you update or add a template, you can rerun the command using the same baseline name. Importing the CAB results in CI version updates on the changed templates.

Create the First UE-V Template Baseline

  1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they are pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\Program Files\Microsoft User Experience Virtualization\Templates.

  2. Create a text.bat file where you can add the template generator command. This is optional, but will make regeneration simpler if you save the command parameters.

  3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:

    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"

  4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager.

Update a UE-V Template Baseline

The template generator uses the template version to determine if a template should be updated. If you make a template change and update the version, the baseline generator compares the template in your master folder with the template contained in the CI on the ConfigMgr server. If a difference is found, the generated baseline and modified CI versions are updated.

To distribute a new Notepad template, you would perform these steps:

  1. Update the template and template version located in the <Version> element of the template.

  2. Copy the template to your master template directory.

  3. Run the command in the .bat file that you created in Step 3 in Create the First UE-V Template Baseline.

  4. Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline.

Get the UE-V Configuration Pack

You can download the System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0 from the Microsoft Download Center.

Related topics

Manage Configurations for UE-V