mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-18 16:27:22 +00:00

Latest updates for issues content (#379 )

* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* Updated deployment-vdi-windows-defender-antivirus.md

* updates for new vdi stuff

* Adding important note to solve #3493

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Typo "&lt;"→"<", "&gt;"→">"

https://docs.microsoft.com/en-us/windows/application-management/manage-windows-mixed-reality

* Issue #2297

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Clarification

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* update troubleshoot-np.md

* update configure-endpoints-gp.md

* Removing a part which is not supported

* Name change

* update troubleshoot-np.md

* removed on-premises added -hello

* Added link into Domain controller guide

* Line corections

* corrected formatting of xml code samples

When viewing the page in Win 10/Edge, the xml code samples stretched across the page, running into the side menu. The lack of line breaks also made it hard to read.

This update adds line breaks and syntax highlighting, replaces curly double quotes with standard double quotes, and adds a closing tag for <appv:appconnectiongroup>for each code sample

* Update windows/security/identity-protection/hello-for-business/hello-identity-verification.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update windows/deployment/update/waas-delivery-optimization-reference.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* corrected formating of XML examples

The XML samples here present the same formatting problems as in about-the-connection-group-file51.md (see https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847/)

Perhaps we should open an issue to see if we have more versions of this code sample in the docs

* corrected formatting of XML example section

In the XML example on this page, the whitespace had been stripped out, so there were no spaces between adjacent attribute values or keys.

This made it hard to read, though the original formatting allowed for a scroll bar, so the text was not running into the side of the page (compare to https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3847 and https://github.com/MicrosoftDocs/windows-itpro-docs/pull/3850, where the uncorrected formatting forced the text to run into the side menu).

* update configure-endpoints-gp.md

* Fixed error in registry path and improved description

* Update windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>

* Removing extra line in 25 

Suggested by

* update windows-analytics-azure-portal.md

* re: broken links, credential-guard-considerations

Context:
* #3513, MVA is being retired and producing broken links
* #3860 Microsoft Virtual Academy video links

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as I could not find a similar video available describing which credentials are covered by credential guard.

I replaced the second link with a video containing similar material, though it is not a "deep dive".

Suggestions on handling this problem, as many pages contain similar links, would be appreciated,.

* removed link to retired video re: #3867

Context:
* #3513, MVA is being retired and producing broken links
* #3867, Microsoft Virtual Academy video links

This page contains a broken link to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course is already retired, and no replacement course exists.

I removed the whole _See Also_ section, as I could not find a video narrowly or deeply addressing how to protect privelaged users with Credential Guard. The most likely candidate is too short and general: https://www.linkedin.com/learning/cism-cert-prep-1-information-security-governance/privileged-account-management

* addressing broken mva links, #3817

Context:
* #3513, MVA is being retired and producing broken links
* #3817, Another broken link

This page contains two links to deprecated video content on Microsoft Virtual Academy (MVA).

MVA is being retired. 

In addition, the Deep Dive course the two links point to is already retired, and no replacement course exists.

I removed the first link, as we no longer have a video with similar content for a similar audience. The most likely candidate is https://www.linkedin.com/learning/programming-foundations-web-security-2/types-of-credential-attacks, which is more general and for a less technical audience. 

I removed the second link and the _See Also_ section, as I could not find a similar video narrowly focused on which credentials are covered by Credential Guard. Most of the related material available now describes how to perform a task.

* Update deployment-vdi-windows-defender-antivirus.md

* typo fix re: #3876; DMSA -> DSMA

* Addressing dead MVA links, #3818

This page, like its fellows in the mva-links label, contains links to a retired video course on a website that is retiring soon.

The links listed by the user in issue #3818 were also on several other pages, related to Credentials Guard. 

These links were addressed in the pull requests #3875, #3872, and #3871

Credentials threat & lateral threat link: removed (see PR #3875 for reasoning) 
Virtualization link: replaced (see #3871 for reasoning)
Credentials protected link: removed (see #3872 for reasoning)

* Adding notes for known issue in script

Solves #3869

* Updated the download link admx files Windows 10

Added link for April 2018 and Oct 2018 ADMX files.

* added event logs path

Referenced : https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Suggestions applied.

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>

* Update deployment-vdi-windows-defender-antivirus.md

* screenshot update

* Add files via upload

* update 4 scrrenshots

* Update deployment-vdi-windows-defender-antivirus.md

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Update browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md

Co-Authored-By: Nicole Turner <39884432+nenonix@users.noreply.github.com>

* Re: #3909

Top link is broken, #3909 

> The link here does not work:
> Applies to: Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)

The link to the pdf describing MDATP was broken.

Thankfully, PR #2897 updated the same link in another page some time ago, so I didn't have to go hunting for an equivalent

* CI Update

* Updated as per task 3405344

* Updated author

* Update windows-analytics-azure-portal.md

* added the example query

* Updated author fields

* Update office-csp.md

* update video for testing

* update video

* Update surface-hub-site-readiness-guide.md

line 134 Fixed  video link MD formatting

* fixing video url

* updates from Albert

* Bulk replaced author to manikadhiman

* Bulk replaced ms.author to v-madhi

* Latest content is published (#371)

* Added 1903 policy DDF link and fixed a typo

* Reverted the DDF version

* Latest update (#375)

* Update deployment-vdi-windows-defender-antivirus.md

* Update deployment-vdi-windows-defender-antivirus.md

2019-06-06 15:54:17 -07:00

14 KiB

Raw Blame History

title, description, ms.prod, ms.mktglfcycl, ms.sitesec, author, ms.author, ms.topic, ms.localizationpriority, ms.date, ms.reviewer, manager

title	description	ms.prod	ms.mktglfcycl	ms.sitesec	author	ms.author	ms.topic	ms.localizationpriority	ms.date	ms.reviewer	manager
Create a provisioning package (Windows 10)	With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.	w10	deploy	library	dansimp	dansimp	article	medium	07/27/2017		dansimp

Create a provisioning package for Windows 10

Applies to

Windows 10
Windows 10 Mobile

You use Windows Configuration Designer to create a provisioning package (.ppkg) that contains customization settings. You can apply the provisioning package to a device running Windows 10 or Windows 10 Mobile.

Learn how to install Windows Configuration Designer.

Tip

We recommend creating a local admin account when developing and testing your provisioning package. We also recommend using a “least privileged” domain user account to join devices to the Active Directory domain.

Start a new project

Open Windows Configuration Designer:
- From either the Start screen or Start menu search, type 'Windows Configuration Designer' and click on the Windows Configuration Designer shortcut,
  
  or
- If you installed Windows Configuration Designer from the ADK, navigate to C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86 (on an x64 computer) or C:\Program Files\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe (on an x86 computer), and then double-click ICD.exe.
Select your desired option on the Start page, which offers multiple options for creating a provisioning package, as shown in the following image:
- The wizard options provide a simple interface for configuring common settings for desktop, mobile, and kiosk devices. Wizards are also available for creating provisioning packages for Microsoft Surface Hub and Microsoft HoloLens devices. For a summary of the settings available in the desktop, mobile, and kiosk devices, see What you can configure using Configuration Designer wizardS.
- The Advanced provisioning option opens a new project with all Runtime settings available. The rest of this procedure uses advanced provisioning.
  
  Tip
  
  You can start a project in the simple wizard editor and then switch the project to the advanced editor.
Enter a name for your project, and then click Next.

Select the settings you want to configure, based on the type of device, and then click Next. The following table describes the options.

Windows edition	Settings available for customization	Provisioning package can apply to
All Windows editions	Common settings	All Windows 10 devices
All Windows desktop editions	Common settings and settings specific to desktop devices	All Windows 10 desktop editions (Home, Pro, Enterprise, Pro Education, Enterprise Education)
All Windows mobile editions	Common settings and settings specific to mobile devices	All Windows 10 Mobile devices
Windows 10 IoT Core	Common settings and settings specific to Windows 10 IoT Core	All Windows 10 IoT Core devices
Windows 10 Holographic	Common settings and settings specific to Windows 10 Holographic	Microsoft HoloLens
Common to Windows 10 Team edition	Common settings and settings specific to Windows 10 Team	Microsoft Surface Hub

On the Import a provisioning package (optional) page, you can click Finish to create your project, or browse to and select an existing provisioning packge to import to your project, and then click Finish.

Tip

Import a provisioning package can make it easier to create different provisioning packages that all have certain settings in common. For example, you could create a provisioning package that contains the settings for your organization's network, and then import it into other packages you create so you don't have to reconfigure those common settings repeatedly.

After you click Finish, Windows Configuration Designer will open the Available customizations pane and you can then configure settings for the package.

Configure settings

For an advanced provisioning project, Windows Configuration Designer opens the Available customizations pane. The example in the following image is based on All Windows desktop editions settings.

The settings in Windows Configuration Designer are based on Windows 10 configuration service providers (CSPs). To learn more about CSPs, see Introduction to configuration service providers (CSPs) for IT pros.

The process for configuring settings is similar for all settings. The following table shows an example.

Expand a category.
Select a setting.
Enter a value for the setting. Click Add if the button is displayed.
Some settings, such as this example, require additional information. In Available customizations, select the value you just created, and additional settings are displayed.
When the setting is configured, it is displayed in the Selected customizations pane.

For details on each specific setting, see Windows Provisioning settings reference. The reference topic for a setting is also displayed in Windows Configuration Designer when you select the setting, as shown in the following image.

Build package

After you're done configuring your customizations, click Export and select Provisioning Package.
In the Describe the provisioning package window, enter the following information, and then click Next:
- Name - This field is pre-populated with the project name. You can change this value by entering a different name in the Name field.
- Version (in Major.Minor format - - Optional. You can change the default package version by specifying a new value in the Version field.
- Owner - Select IT Admin. For more information, see Precedence for provisioning packages.
- Rank (between 0-99) - Optional. You can select a value between 0 and 99, inclusive. The default package rank is 0.
In the Select security details for the provisioning package window, you can select to encrypt and/or sign a provisioning package with a selected certificate. Both selections are optional. Click Next after you make your selections.
- Encrypt package - If you select this option, an auto-generated password will be shown on the screen.
- Sign package - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking Select and choosing the certificate you want to use to sign the package.
  
  Note
  
  You should only configure provisioning package security when the package is used for device provisioning and the package has contents with sensitive security data such as certificates or credentials that should be prevented from being compromised. When applying an encrypted and/or signed provisioning package, either during OOBE or through the setting UI, the package can be decrypted, and if signed, be trusted without explicit user consent. An IT administrator can set policy on a user device to restrict the removal of required packages from the device, or the provisioning of potentially harmful packages on the device.
  
  If a provisioning package is signed by a trusted provisioner, it can be installed on a device without a prompt for user consent. In order to enable trusted provider certificates, you must set the TrustedProvisioners setting prior to installing the trusted provisioning package. This is the only way to install a package without user consent. To provide additional security, you can also set RequireProvisioningPackageSignature, which prevents users from installing provisioning packages that are not signed by a trusted provisioner.
In the Select where to save the provisioning package window, specify the output location where you want the provisioning package to go once it's built, and then click Next. By default, Windows Configuration Designer uses the project folder as the output location.
In the Build the provisioning package window, click Build. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.

If you need to cancel the build, click Cancel. This cancels the current build process, closes the wizard, and takes you back to the Customizations Page.
If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.

If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.

If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click Back to change the output package name and path, and then click Next to start another build.
When you are done, click Finish to close the wizard and go back to the Customizations page.

Next step: How to apply a provisioning package

Learn more

Watch the video: Provisioning Windows 10 Devices with New Tools
Watch the video: Windows 10 for Mobile Devices: Provisioning Is Not Imaging
How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager

14 KiB Raw Blame History