Merge pull request #1431 from MicrosoftDocs/repo_sync_working_branch

Confirm merge from repo_sync_working_branch to master to sync with https://github.com/MicrosoftDocs/windowsserverdocs (branch master)

WindowsServerDocs/administration/OpenSSH/OpenSSH_KeyManagement.md

@@ -49,6 +49,9 @@ To make key authentication easy with an SSH server, run the following commands f
 # Install the OpenSSHUtils module to the server. This will be valuable when deploying user keys.
 Install-Module -Force OpenSSHUtils -Scope AllUsers
 
+# By default the ssh-agent service is disabled. Allow it to be manually started for the next step to work.
+Get-Service -Name ssh-agent | Set-Service -StartupType Manual
+
 # Start the ssh-agent service to preserve the server keys
 Start-Service ssh-agent
 

WindowsServerDocs/administration/OpenSSH/OpenSSH_Server_Configuration.md

@@ -103,7 +103,7 @@ Not applicable in Windows. To prevent administrator login, use Administrators wi
 ### SyslogFacility
 
 If you need file based logging, use LOCAL0. Logs are generated under %programdata%\ssh\logs.
-Any other value, including the default value AUTH directs logging to ETW. For more info see Logging Facilities in Windows.
+For any other value, including the default value, AUTH directs logging to ETW. For more info, see [Logging Facilities in Windows](https://github.com/PowerShell/Win32-OpenSSH/wiki/Logging-Facilities).
 
 ### Not supported
 
@@ -142,4 +142,4 @@ The following configuration options are not available in the OpenSSH version tha
 * X11DisplayOffset
 * X11Forwarding
 * X11UseLocalhost
-* XAuthLocation
+* XAuthLocation

WindowsServerDocs/administration/windows-commands/ping.md

@@ -15,10 +15,10 @@ ms.date: 07/11/2018
 
 Verifies IP-level connectivity to another TCP/IP computer by sending Internet Control Message Protocol (ICMP) echo Request messages. The receipt of corresponding echo Reply messages are displayed, along with round-trip times. ping is the primary TCP/IP command used to troubleshoot connectivity, reachability, and name resolution. Used without parameters, this command displays Help content.
 
-You can also use this command to test both the computer name and the IP address of the computer. If pinging the IP address is successful, but pinging the computer name isn't, you might have a name resolution problem. In this case, make sure that the computer name you are specifying can be resolved through the local Hosts file, by using Domain Name System (DNS) queries, or through NetBIOS name resolution techniques.
+You can also use this command to test both the computer name and the IP address of the computer. If pinging the IP address is successful, but pinging the computer name isn't, you might have a name resolution problem. In this case, make sure the computer name you are specifying can be resolved through the local Hosts file, by using Domain Name System (DNS) queries, or through NetBIOS name resolution techniques.
 
 > [!NOTE]
-> This command is available only if the Internet Protocol (TCP/IP) protocol is installed as a component in the properties of a network adapter in Network Connections.
+> This command is available only if the Internet Protocol (TCP/IP) is installed as a component in the properties of a network adapter in Network Connections.
 
 ## Syntax
 
@@ -29,23 +29,23 @@ ping [/t] [/a] [/n <count>] [/l <size>] [/f] [/I <TTL>] [/v <TOS>] [/r <count>]
 ### Parameters
 
 | Parameter | Description |
-|--|--|
-| /t | Specifies that ping continue sending echo Request messages to the destination until interrupted. To interrupt and display statistics, press CTRL+ENTER. To interrupt and quit this command, press CTRL+C. |
-| /a | Specifies that reverse name resolution is performed on the destination IP address. If this is successful, ping displays the corresponding host name. |
-| /n `<count>` | Specifies the number of echo Request messages sent. The default is 4. |
-| /l `<size>` | Specifies the length, in bytes, of the **Data** field in the echo Request messages sent. The default is 32. The maximum size is 65,527. |
+|:--:|---|
+| /t | Specifies ping continue sending echo Request messages to the destination until interrupted. To interrupt and display statistics, press CTRL+ENTER. To interrupt and quit this command, press CTRL+C. |
+| /a | Specifies reverse name resolution be performed on the destination IP address. If this is successful, ping displays the corresponding host name. |
+| /n `<count>` | Specifies the number of echo Request messages be sent. The default is 4. |
+| /l `<size>` | Specifies the length, in bytes, of the **Data** field in the echo Request messages. The default is 32. The maximum size is 65,527. |
 | /f | Specifies that echo Request messages are sent with the **Do not Fragment** flag in the IP header set to 1 (available on IPv4 only). The echo Request message can't be fragmented by routers in the path to the destination. This parameter is useful for troubleshooting path Maximum Transmission Unit (PMTU) problems. |
-| /I `<TTL>` | Specifies the value of the TTL field in the IP header for echo Request messages sent. The default is the default TTL value for the host. The maximum *TTL* is 255. |
-| /v `<TOS>` | Specifies the value of the type of Service (TOS) field in the IP header for echo Request messages sent (available on IPv4 only). The default is 0. *TOS* is specified as a decimal value from 0 through 255. |
-| /r `<count>` | Specifies that the **Record Route** option in the IP header is used to record the path taken by the echo Request message and corresponding echo Reply message (available on IPv4 only). Each hop in the path uses an entry in the **Record Route** option. If possible, specify a *count* that's equal to or greater than the number of hops between the source and destination. The *count* must be a minimum of 1 and a maximum of 9. |
+| /I `<TTL>` | Specifies the value of the Time To Live (TTL) field in the IP header for echo Request messages sent. The default is the default TTL value for the host. The maximum *TTL* is 255. |
+| /v `<TOS>` | Specifies the value of the Type Of Service (TOS) field in the IP header for echo Request messages sent (available on IPv4 only). The default is 0. *TOS* is specified as a decimal value from 0 through 255. |
+| /r `<count>` | Specifies the **Record Route** option in the IP header is used to record the path taken by the echo Request message and corresponding echo Reply message (available on IPv4 only). Each hop in the path uses an entry in the **Record Route** option. If possible, specify a *count* equal to or greater than the number of hops between the source and destination. The *count* must be a minimum of 1 and a maximum of 9. |
 | /s `<count>` | Specifies that the **Internet timestamp** option in the IP header is used to record the time of arrival for the echo Request message and corresponding echo Reply message for each hop. The *count* must be a minimum of 1 and a maximum of 4. This is required for link-local destination addresses. |
-| /j `<hostlist>` | Specifies that the echo Request messages use the **Loose Source Route** option in the IP header with the set of intermediate destinations specified in *hostlist* (available on IPv4 only). With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The host list is a series of IP addresses (in dotted decimal notation) separated by spaces. |
-| /k `<hostlist>` | Specifies that the echo Request messages use the **Strict Source Route** option in the IP header with the set of intermediate destinations specified in *hostlist* (available on IPv4 only). With strict source routing, the next intermediate destination must be directly reachable (it must be a neighbor on an interface of the router). The maximum number of addresses or names in the host list is 9. The host list is a series of IP addresses (in dotted decimal notation) separated by spaces. |
-| /w `<timeout>` | Specifies the amount of time, in milliseconds, to wait for the echo Reply message that corresponds to a given echo Request message to be received. If the echo Reply message is not received within the time-out, the "Request timed out" error message is displayed. The default time-out is 4000 (4 seconds). |
-| /R | Specifies that the round-trip path is traced (available on IPv6 only). |
+| /j `<hostlist>` | Specifies the echo Request messages use the **Loose Source Route** option in the IP header with the set of intermediate destinations specified in *hostlist* (available on IPv4 only). With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The host list is a series of IP addresses (in dotted decimal notation) separated by spaces. |
+| /k `<hostlist>` | Specifies the echo Request messages use the **Strict Source Route** option in the IP header with the set of intermediate destinations specified in *hostlist* (available on IPv4 only). With strict source routing, the next intermediate destination must be directly reachable (it must be a neighbor on an interface of the router). The maximum number of addresses or names in the host list is 9. The host list is a series of IP addresses (in dotted decimal notation) separated by spaces. |
+| /w `<timeout>` | Specifies the amount of time, in milliseconds, to wait for the echo Reply message corresponding to a given echo Request message. If the echo Reply message is not received within the time-out, the "Request timed out" error message is displayed. The default time-out is 4000 (4 seconds). |
+| /R | Specifies the round-trip path is traced (available on IPv6 only). |
 | /S `<Srcaddr>` | Specifies the source address to use (available on IPv6 only). |
-| /4 | Specifies that IPv4 is used to ping. This parameter is not required to identify the target host with an IPv4 address. It is only required to identify the target host by name. |
-| /6 | Specifies that IPv6 is used to ping. This parameter is not required to identify the target host with an IPv6 address. It is only required to identify the target host by name. |
+| /4 | Specifies IPv4 used to ping. This parameter is not required to identify the target host with an IPv4 address. It is only required to identify the target host by name. |
+| /6 | Specifies IPv6 used to ping. This parameter is not required to identify the target host with an IPv6 address. It is only required to identify the target host by name. |
 | `<targetname>` | Specifies the host name or IP address of the destination. |
 | /? | Displays help at the command prompt. |
 

WindowsServerDocs/identity/ad-ds/get-started/virtual-dc/Virtualized-Domain-Controller-Architecture.md

@@ -25,7 +25,7 @@ Virtualized domain controller cloning relies on the hypervisor platform to expos
 
 In a mixed environment where some hypervisors support VM-GenerationID and others do not, it is possible for a clone media to be accidentally deployed on a hypervisor that does not support VM-GenerationID. The presence of DCCloneConfig.xml file indicates administrative intent to clone a DC. Therefore, if a DCCloneConfig.xml file is found during boot but a VM-GenerationID is not provided from the host, the clone DC is booted into Directory Services Restore Mode (DSRM) to prevent any impact to the rest of the environment. The clone media can be subsequently moved to a hypervisor that supports VM-GenerationID and then cloning can be retried.
 
-If the clone media is deployed on a hypervisor that supports VM-GenerationID but a DCCloneConfig.xml file is not provided, as the DC detects a VM-GenerationID change between its DIT and the one from the new VM, it will trigger safeguards to prevent USN re-use and avoid duplicate SIDs. However, cloning will not be initiated, so the secondary DC will continue to run under the same identity as the source DC. This secondary DC should be removed from the network at the earliest possible time to avoid any inconsistencies in the environment. For more information about how to reclaim this secondary DC while ensuring that updates get replicated outbound, see Microsoft KB article [2742970](https://support.microsoft.com/kb/2742970).
+If the clone media is deployed on a hypervisor that supports VM-GenerationID but a DCCloneConfig.xml file is not provided, as the DC detects a VM-GenerationID change between its DIT and the one from the new VM, it will trigger safeguards to prevent USN re-use and avoid duplicate SIDs. However, cloning will not be initiated, so the secondary DC will continue to run under the same identity as the source DC. This secondary DC should be removed from the network at the earliest possible time to avoid any inconsistencies in the environment.
 
 ### <a name="BKMK_CloneProcessDetails"></a>Cloning Detailed Processing
 The following diagram shows the architecture for an initial cloning operation and for a cloning retry operation. These processes are explained in more detail later in this topic.
@@ -54,7 +54,7 @@ The following steps explain the process in more detail:
 
     2.  If the two IDs do not match, this is a new virtual machine that contains an NTDS.DIT from a previous domain controller (or it is a restored snapshot). If a DCCloneConfig.xml file exists, the domain controller proceeds with cloning operations. If not, it continues with snapshot restoration operations. See [Virtualized domain controller safe restore architecture](../../../ad-ds/get-started/virtual-dc/../../../ad-ds/get-started/virtual-dc/../../../ad-ds/get-started/virtual-dc/../../../ad-ds/get-started/virtual-dc/Virtualized-Domain-Controller-Architecture.md#BKMK_SafeRestoreArch).
 
-    3.  If the hypervisor does not provide a VM-Generation ID for comparison but there is a DCCloneConfig.xml file, the guest renames the file and then boots into DSRM to protect the network from a duplicate domain controller. If there is no dccloneconfig.xml file, the guest boots normally (with the potential for a duplicate domain controller on the network). For more information about how to reclaim this duplicate domain controller, see Microsoft KB article [2742970](https://support.microsoft.com/kb/2742970).
+    3.  If the hypervisor does not provide a VM-Generation ID for comparison but there is a DCCloneConfig.xml file, the guest renames the file and then boots into DSRM to protect the network from a duplicate domain controller. If there is no dccloneconfig.xml file, the guest boots normally (with the potential for a duplicate domain controller on the network).
 
 3.  The NTDS service checks the value of the VDCisCloning DWORD registry value name (under HKEY_Local_Machine\System\CurrentControlSet\Services\Ntds\Parameters).
 

WindowsServerDocs/identity/securing-privileged-access/securing-privileged-access.md

@@ -89,7 +89,7 @@ Additional guidance for operating an environment with LAPS and PAWs can be found
 
 ### 3. Administrative workstations
 
-As an initial security measure for those users with Azure Active Directory and traditional on-premises Active Directory administrative privileges, ensure they are using Windows 10 devices configured with the [Standards for a highly secure Windows 10 device](/windows-hardware/design/device-experiences/oem-highly-secure). Privileged administrator accounts should not be a members of the local administrator group of the administrative workstations.  Privilege elevation via User Access Control (UAC) can be utilized when configuration changes to the workstations is required.  Additionally, the Windows 10 Security Baseline should be applied to the workstations to further harden the device.
+As an initial security measure for those users with Azure Active Directory and traditional on-premises Active Directory administrative privileges, ensure they are using Windows 10 devices configured with the [Standards for a highly secure Windows 10 device](/windows-hardware/design/device-experiences/oem-highly-secure). Privileged administrator accounts should not be members of the local administrator group of the administrative workstations.  Privilege elevation via User Access Control (UAC) can be utilized when configuration changes to the workstations is required.  Additionally, the Windows 10 Security Baseline should be applied to the workstations to further harden the device.
 
 ### 4. Identity attack detection
 

WindowsServerDocs/manage/windows-admin-center/extend/case-studies/biitops.md

@@ -11,6 +11,6 @@ ms.localizationpriority: medium
 
 BiitOps Changes for Windows Admin Center gives you insight into changes to hardware, software and configuration settings on your Windows Server physical/virtual machines. The BiitOps Changes extension enables you to quickly and cost-effectively determine changes which cause issues related to compliance, reliability or security. It will show precisely what is new, what has changed and what has been deleted in a single-pane-of-glass. It works on both servers and selected services on Microsoft Windows Server.
 
-Learn more by visiting the [BiitOps product site](http://www.biitops.com/solutions/changes-for-wac/) or subscribe for a [free trial](http://www.biitops.com/solutions/register-changes-for-wac/).
+Learn more by visiting the [BiitOps product site](https://biitops.com/solutions) or subscribe for a [free trial](https://biitops.com/solutions/biitops-changes).
 
-![BiitOps Extension](../../media/extend-case-study-biitops/biitops-1.png)
+![BiitOps Extension](../../media/extend-case-study-biitops/biitops-1.png)