dotnet · gewarren · Apr 13, 2021 · Apr 13, 2021 · Apr 13, 2021 · Apr 13, 2021
@@ -243,8 +243,6 @@ The following table lists common subsystem versions of Windows.
 
 |Windows version|Subsystem version|
 |---------------------|-----------------------|
-|Windows 2000|5.00|
-|Windows XP|5.01|
 |Windows Server 2003|5.02|
 |Windows Vista|6.00|
 |Windows 7|6.01|

@@ -71,7 +71,7 @@ To write secure ADO.NET code, you have to understand the security mechanisms ava
 
 ## Enterprise Services  
 
- COM+ contains its own security model that relies on Windows NT accounts and process/thread impersonation. The <xref:System.EnterpriseServices> namespace provides wrappers that allow .NET applications to integrate managed code with COM+ security services through the <xref:System.EnterpriseServices.ServicedComponent> class.  
+ COM+ contains its own security model that relies on Windows accounts and process/thread impersonation. The <xref:System.EnterpriseServices> namespace provides wrappers that allow .NET applications to integrate managed code with COM+ security services through the <xref:System.EnterpriseServices.ServicedComponent> class.  
 
  For more information, see the following resource.  
 

@@ -57,7 +57,7 @@ Profiling is a method of gathering performance data in any development or deploy
 
 |Class|Description|  
 |-----------|-----------------|  
-|<xref:System.Diagnostics.PerformanceCounter?displayProperty=nameWithType>|Represents a Windows NT performance counter component. Use this class to read existing predefined or custom counters and publish (write) performance data to custom counters.|  
+|<xref:System.Diagnostics.PerformanceCounter?displayProperty=nameWithType>|Represents a Windows performance counter component. Use this class to read existing predefined or custom counters and publish (write) performance data to custom counters.|  
 |<xref:System.Diagnostics.PerformanceCounterCategory?displayProperty=nameWithType>|Provides several methods for interacting with counters and categories of counters on the computer.|  
 |<xref:System.Diagnostics.PerformanceCounterInstaller?displayProperty=nameWithType>|Specifies an installer for the `PerformanceCounter` component.|  
 |<xref:System.Diagnostics.PerformanceCounterType?displayProperty=nameWithType>|Specifies the formula to calculate the `NextValue` method for a `PerformanceCounter`.|  

@@ -23,7 +23,7 @@ ms.assetid: 9ef65560-f596-4469-bcce-f4d5407b55cd
 ---
 # NTLM and Kerberos Authentication
 
-Default NTLM authentication and Kerberos authentication use the Microsoft Windows NT user credentials associated with the calling application to attempt authentication with the server. When using non-default NTLM authentication, the application sets the authentication type to NTLM and uses a <xref:System.Net.NetworkCredential> object to pass the user name, password, and domain to the host, as shown in the following example.  
+Default NTLM authentication and Kerberos authentication use the Microsoft Windows user credentials associated with the calling application to attempt authentication with the server. When using non-default NTLM authentication, the application sets the authentication type to NTLM and uses a <xref:System.Net.NetworkCredential> object to pass the user name, password, and domain to the host, as shown in the following example.  
 
 ```vb  
 Dim MyURI As String = "http://www.contoso.com/"  

@@ -125,7 +125,7 @@ The following table shows the syntax of each `action`. For descriptions of the i
 |------------|-----------------|
 |`/nologo`|Suppress the Microsoft startup banner display.|
 |`/silent`|Suppress the display of success messages.|
-|`/verbose`|Display detailed information for debugging. **Note:**  Due to operating system limitations, this option does not display as much additional information on Windows 98 and Windows Millennium Edition.|
+|`/verbose`|Display detailed information for debugging.|
 |`/help`, `/?`|Display command syntax and options for the current release.|
 
 ## Remarks
@@ -353,9 +353,7 @@ In addition, native images are not used if the assembly has been upgraded, or if
 
 When you use Ngen.exe to create a native image of an assembly, the output depends upon the command-line options that you specify and certain settings on your computer. These settings include the following:
 
-- The version of the .NET Framework.
-
-- The version of the operating system, if the change is from the Windows 9x family to the Windows NT family.
+- The version of .NET Framework.
 
 - The exact identity of the assembly (recompilation changes identity).
 
@@ -365,13 +363,9 @@ When you use Ngen.exe to create a native image of an assembly, the output depend
 
 Ngen.exe records this information when it generates a native image. When you execute an assembly, the runtime looks for the native image generated with options and settings that match the computer's current environment. The runtime reverts to JIT compilation of an assembly if it cannot find a matching native image. The following changes to a computer's settings and environment cause native images to become invalid:
 
-- The version of the .NET Framework.
-
-     If you apply an update to the .NET Framework, all native images that you have created using Ngen.exe become invalid. For this reason, all updates of the .NET Framework execute the `Ngen Update` command, to ensure that all native images are regenerated. The .NET Framework automatically creates new native images for the .NET Framework libraries that it installs.
-
-- The version of the operating system, if the change is from the Windows 9x family to the Windows NT family.
+- The version of .NET Framework.
 
-     For example, if the version of the operating system running on a computer changes from Windows 98 to Windows XP, all native images stored in the native image cache become invalid. However, if the operating system changes from Windows 2000 to Windows XP, the images are not invalidated.
+     If you apply an update to .NET Framework, all native images that you have created using Ngen.exe become invalid. For this reason, all updates of .NET Framework execute the `Ngen Update` command, to ensure that all native images are regenerated. .NET Framework automatically creates new native images for the .NET Framework libraries that it installs.
 
 - The exact identity of the assembly.
 

@@ -44,16 +44,13 @@ storeadm [/list][/machine][/remove][/roaming][/quiet]
 
  Applications have a choice of saving to one of two stores for a user or to the machine store:  
 
-- The local store exists in a location that is guaranteed not to roam (on Windows 2000 and later) even if user data roaming is enabled for the user.  
+- The local store exists in a location that is guaranteed not to roam, even if user data roaming is enabled for the user.  
 
-- The roaming store exists in a location that is able to roam, but can only do so if roaming is enabled for the user via Windows NT administration.  
+- The roaming store exists in a location that is able to roam, but can only do so if roaming is enabled for the user via Windows administration.  
 
-- The machine store is common to all users on a machine and is stored under a common directory on that machine.  
+- The machine store is common to all users on a machine and is stored under a common directory on that machine.
 
-    > [!NOTE]
-    > The machine store is new in the .NET Framework version 2.0.  
-
- Whether roaming is actually enabled for the user does not affect the administration of Storeadm.exe. Running the tool without any options applies all actions to the local store. Running the tool with the **/roaming** option applies all actions to the store that is able to roam. Running the tool with the **/machine** option applies all actions to the machine store.  
+Whether roaming is actually enabled for the user does not affect the administration of Storeadm.exe. Running the tool without any options applies all actions to the local store. Running the tool with the **/roaming** option applies all actions to the store that is able to roam. Running the tool with the **/machine** option applies all actions to the machine store.  
 
 ## See also
 

@@ -87,9 +87,7 @@ HRESULT StructDispSafe([out, retval] SAFEARRAY(IDispatch*)* pRetVal);
 
  Because type libraries cannot accommodate all the information found in assemblies, Tlbexp.exe might discard some data during the export process. For an explanation of the transformation process and identification of the source of each piece of information emitted to a type library, see the [Assembly to Type Library Conversion Summary](/previous-versions/dotnet/netframework-4.0/xk1120c3(v=vs.100)).  
 
- Note that the Type Library Exporter exports methods that have <xref:System.TypedReference> parameters as `VARIANT`, even though the <xref:System.TypedReference> object has no meaning in unmanaged code. When you export methods that have <xref:System.TypedReference> parameters, the Type Library Exporter will not generate a warning or error and unmanaged code that uses the resulting type library will not run properly.  
-
- The Type Library Exporter is supported on Microsoft Windows 2000 and later.  
+ Note that the Type Library Exporter exports methods that have <xref:System.TypedReference> parameters as `VARIANT`, even though the <xref:System.TypedReference> object has no meaning in unmanaged code. When you export methods that have <xref:System.TypedReference> parameters, the Type Library Exporter will not generate a warning or error and unmanaged code that uses the resulting type library will not run properly.
 
 ## Examples  
 

@@ -21,7 +21,7 @@ topic_type:
 Provides methods that allow developers to debug applications in the common language runtime (CLR) environment.  
 
 > [!NOTE]
-> Mixed-mode (managed and native code) debugging is not supported on Windows 95, Windows 98, or Windows ME, or on non-x86 platforms (such as IA64 and AMD64).  
+> Mixed-mode (managed and native code) debugging is not supported on non-x86 platforms (such as IA64 and AMD64).  
 
 ## Methods  
 

@@ -43,7 +43,7 @@ interface ICorDebugRemoteTarget  : IUnknown
 
 ## Remarks  
 
- Mixed-mode (that is, managed and native code) debugging is not supported on Windows 95, Windows 98, or Windows ME, or on non-x86 platforms (such as IA-64 and AMD64).  
+ Mixed-mode (that is, managed and native code) debugging is not supported on non-x86 platforms (such as IA-64 and AMD64).  
 
 ## Requirements  
 

@@ -33,11 +33,9 @@ __int32 STDMETHODCALLTYPE _CorExeMain ();
 
  This function is called by the loader in processes created from managed executable assemblies. For DLL assemblies, the loader calls the [_CorDllMain](cordllmain-function.md) function instead.  
 
- The operating system loader calls this method regardless of the entry point specified in the image file.  
+ The operating system loader calls this method regardless of the entry point specified in the image file.
 
- In Windows 98, Windows ME, Windows NT, and Windows 2000, the `_CorExeMain` function is called indirectly through a fixup in the operating system loader. In all other versions of Windows, it is called directly by the operating system loader.  
-
- For additional information, see the Remarks section in the [_CorValidateImage](corvalidateimage-function.md) topic.  
+ For additional information, see the Remarks section in the [_CorValidateImage](corvalidateimage-function.md) article.  
 
 ## Requirements  
 

@@ -66,7 +66,7 @@ typedef enum  CorPinvokeMap {
 |`pmCharSetNotSpec`|Reserved.|  
 |`pmCharSetAnsi`|Marshal strings as multiple-byte character strings.|  
 |`pmCharSetUnicode`|Marshal strings as Unicode 2-byte characters.|  
-|`pmCharSetAuto`|Automatically marshal strings appropriately for the target operating system. The default is Unicode on Windows NT, Windows 2000, Windows XP, and the Windows Server 2003 family; the default is ANSI on Windows 98 and Windows Me.|  
+|`pmCharSetAuto`|Automatically marshal strings appropriately for the target operating system. The default is Unicode on Windows.|  
 |`pmBestFitUseAssem`|Reserved.|  
 |`pmBestFitEnabled`|Perform best-fit mapping of Unicode characters that lack an exact match in the ANSI character set.|  
 |`pmBestFitDisabled`|Do not perform best-fit mapping of Unicode characters. In this case, all unmappable characters will be replaced by a ‘?’.|  

@@ -148,7 +148,7 @@ Windows Communication Foundation (WCF) exposes inspection data of a service at r
 Whoami /user  
 ```  
 
- This provides the SID of the current user, but this method cannot be used to get the SID on any arbitrary user. Another method to get the SID is to use the [getsid.exe](/windows/win32/wmisdk/using-wmi) tool from the Windows 2000 Resource Kit Tools for administrative tasks. This tool compares the SID of two users (local or domain), and as a side effect prints the two SIDs to the command line. For more information, see [Well Known SIDs](https://support.microsoft.com/help/243330/well-known-security-identifiers-in-windows-operating-systems).  
+For more information, see [Well Known SIDs](/troubleshoot/windows-server/identity/security-identifiers-in-windows).  
 
 ## Accessing Remote WMI Object Instances  
 

@@ -10,18 +10,18 @@ ms.assetid: d53762fd-15ea-42dc-b0ea-6a6597aa23f7
 
 To use any of the Windows Communication Foundation (WCF) features of that use X.509 certificates, you just first obtain certificates.  
 
-### To obtain an X.509 certificate  
+## Obtain an X.509 certificate  
 
-1. Choose one of the following:  
+Choose one of the following:  
 
-    - Purchase a certificate from a certification authority, such as VeriSign, Inc.  
+- Purchase a certificate from a certification authority, such as VeriSign, Inc.  
 
-    - Set up your own certificate service and have a certification authority sign the certificates. Windows Server 2003, Windows 2000 Server, Windows 2000 Server Datacenter, and Windows 2000 Datacenter Server all include certificate services that support public key infrastructure (PKI). In Windows Server 2008, use the [Active Directory Certificate Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731564(v=ws.10)) role to manage a certification authority.  
+- Set up your own certificate service and have a certification authority sign the certificates. Windows Server 2003, Windows 2000 Server, Windows 2000 Server Datacenter, and Windows 2000 Datacenter Server all include certificate services that support public key infrastructure (PKI). In Windows Server 2008, use the [Active Directory Certificate Services](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731564(v=ws.10)) role to manage a certification authority.  
 
-    - Set up your own certificate service and do not have the certificates signed.  
+- Set up your own certificate service and do not have the certificates signed.  
 
-    > [!NOTE]
-    > Whichever approach you take, the recipient of the SOAP request that contains the X.509 certificate must trust the X.509 certificate. This means that the X.509 certificate or an issuer in the certificate chain is in the Trusted People certificate store and that the X.509 certificate is not in the Untrusted Certificates store.  
+> [!NOTE]
+> Whichever approach you take, the recipient of the SOAP request that contains the X.509 certificate must trust the X.509 certificate. This means that the X.509 certificate or an issuer in the certificate chain is in the Trusted People certificate store and that the X.509 certificate is not in the Untrusted Certificates store.  
 
 ## See also
 

@@ -22,7 +22,7 @@ Public Key Infrastructure (PKI) is a system of digital certificates, certificati
 
 ### Kerberos Protocol  
 
- The *Kerberos protocol* is a specification for creating a security mechanism that authenticates users on a Windows domain. It allows a user to establish a secure context with other entities within a domain. Windows 2000 and later platforms use the Kerberos protocol by default. Understanding the mechanisms of the system is useful when creating a service that will interact with intranet clients. In addition, since the *Web Services Security Kerberos Binding* is widely published, you can use the Kerberos protocol to communicate with Internet clients (that is, the Kerberos protocol is interoperable). For more information about how the Kerberos protocol is implemented in Windows, see  [Microsoft Kerberos](/windows/win32/secauthn/microsoft-kerberos).  
+ The *Kerberos protocol* is a specification for creating a security mechanism that authenticates users on a Windows domain. It allows a user to establish a secure context with other entities within a domain. Windows uses the Kerberos protocol by default. Understanding the mechanisms of the system is useful when creating a service that will interact with intranet clients. In addition, since the *Web Services Security Kerberos Binding* is widely published, you can use the Kerberos protocol to communicate with Internet clients (that is, the Kerberos protocol is interoperable). For more information about how the Kerberos protocol is implemented in Windows, see  [Microsoft Kerberos](/windows/win32/secauthn/microsoft-kerberos).  
 
 ### X.509 Certificates  
 

@@ -6,7 +6,7 @@ ms.assetid: 1db325ec-85be-47d0-8b6e-3ba2fdf3dda0
 ---
 # Authorization Policy
 
-This sample demonstrates how to implement a custom claim authorization policy and an associated custom service authorization manager. This is useful when the service makes claim-based access checks to service operations and prior to the access checks, grants the caller certain rights. This sample shows both the process of adding claims as well as the process for doing an access check against the finalized set of claims. All application messages between the client and server are signed and encrypted. By default with the `wsHttpBinding` binding, a username and password supplied by the client are used to logon to a valid Windows NT account. This sample demonstrates how to utilize a custom <xref:System.IdentityModel.Selectors.UserNamePasswordValidator> to authenticate the client. In addition this sample shows the client authenticating to the service using an X.509 certificate. This sample shows an implementation of <xref:System.IdentityModel.Policy.IAuthorizationPolicy> and <xref:System.ServiceModel.ServiceAuthorizationManager>, which between them grant access to specific methods of the service for specific users. This sample is based on the [Message Security User Name](message-security-user-name.md), but demonstrates how to perform a claim transformation prior to the <xref:System.ServiceModel.ServiceAuthorizationManager> being called.
+This sample demonstrates how to implement a custom claim authorization policy and an associated custom service authorization manager. This is useful when the service makes claim-based access checks to service operations and prior to the access checks, grants the caller certain rights. This sample shows both the process of adding claims as well as the process for doing an access check against the finalized set of claims. All application messages between the client and server are signed and encrypted. By default with the `wsHttpBinding` binding, a username and password supplied by the client are used to logon to a valid Windows account. This sample demonstrates how to utilize a custom <xref:System.IdentityModel.Selectors.UserNamePasswordValidator> to authenticate the client. In addition this sample shows the client authenticating to the service using an X.509 certificate. This sample shows an implementation of <xref:System.IdentityModel.Policy.IAuthorizationPolicy> and <xref:System.ServiceModel.ServiceAuthorizationManager>, which between them grant access to specific methods of the service for specific users. This sample is based on the [Message Security User Name](message-security-user-name.md), but demonstrates how to perform a claim transformation prior to the <xref:System.ServiceModel.ServiceAuthorizationManager> being called.
 
 > [!NOTE]
 > The setup procedure and build instructions for this sample are located at the end of this topic.