Windows 10 for Enterprise Administrators

Book description

Tag line

About This Book

Learn the art of configuring, deploying, managing and securing Windows 10 for your enterprise.

About This Book

  • Enhance your enterprise administration skills to manage Windows 10 Redstone 3
  • Get acquainted with configuring Azure Active Directory for enabling cloud-based services and Remote Server Admin Tools for managing Windows Server
  • Provide enterprise-level security with ease using the built-in data loss prevention of Windows 10

Who This Book Is For

If you are a system administrator who has been given the responsibility of administering and managing Windows 10 Redstone 3, then this book is for you. If you have deployed and managed previous versions of Windows, it would be an added advantage.

What You Will Learn

  • Understand the remote access capabilities
  • Use third-party tools to deploy Windows 10
  • Customize image and user Interface experience
  • Implement assigned access rights
  • Configure remote administration
  • Manage Windows 10 security
  • Work with Azure AD and Intune management

In Detail

Microsoft’s launch of Windows 10 is a step toward satisfying the enterprise administrator’s needs for management and user experience customization. This book provides the enterprise administrator with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise.

This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You’ll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory.

Lastly, you will learn modern Mobile Device Management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and impede attacks.

By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.

Style and approach

This step-by-step guide will show you how to configure, deploy, manage, and secure the all new Windows 10 Redstone 3 for your enterprise.

Table of contents

  1. Preface
    1. What this book covers
    2. What you need for this book
    3. Who this book is for
    4. Conventions
    5. Reader feedback
    6. Customer support
      1. Downloading the color images of this book
      2. Errata
      3. Piracy
      4. Questions
  2. Installation and Upgrading
    1. Which branch to select?
      1. Current Branch, also known as Semi-Annual Channel (Targeted)
      2. Current Branch for Business, also known as Semi-Annual Channel
        1. Support timeline before 1709
        2. Support timeline since 1709
      3. The Long-Term Servicing Branch
        1. LTSB problem silicon support - potential risk with Zen, Cannonlake, and newer CPUs
        2. Limitations of LTSB
      4. Recommendations
    2. New deployment methods
      1. Why in-place upgrades?
      2. Limitations and blocker of the in-place upgrade
        1. Changing from BIOS/legacy mode to UEFI mode
        2. Changing from Windows 32-bit/x86 to 64-bit/x64
        3. Changing the base OS language
        4. Changing primary disk partitioning
        5. Using the Windows To Go or boot from VHD features
        6. Image creation process (sysprep after upgrade not supported)
        7. Certain third-party disk encryption products
        8. Changing too many apps (bulk application swap)
        9. Changing the environment
      3. Traditional wipe and load
      4. An alternative: provisioning
    3. Improvements in deployment since Windows 10 1511
      1. Windows 10 1607, also known as Anniversary Update
      2. Windows 10 1703/1709, also known as Fall Creators Update
    4. Tips and tricks for smooth in-place upgrade from 7, 8.1, or 10 to 10
      1. Integrating cumulative updates into install sources
      2. Updating graphics driver
      3. Looking at Setupact.log and Setupapi.dev.log
      4. Using Windows Upgrade Analytics aka Windows Upgrade Readiness
    5. Selecting the deployment tools
    6. Summary
  3. Configuration and Customization
    1. Introducing Windows as a service
    2. Cortana
    3. Security mitigation
    4. Image customization
      1. Imaging process
      2. Customizing the image
    5. Upgrade expectations
      1. Internet Explorer 11 Enterprise Mode configuration
      2. Windows 10 Start and taskbar layout
      3. Audit mode
      4. Tips
      5. Virtual Desktop Infrastructure
        1. Layering technologies
    6. Security Compliance Manager
      1. AppLocker
    7. Microsoft Windows Store for Business, also known as Private Store
    8. Microsoft telemetry
      1. Windows Spotlight
      2. Mandatory user profiles
        1. Assigned Access, also known as kiosk mode
        2. Bring Your Own Device scenarios
        3. Windows libraries
        4. User Experience Virtualization
    9. Summary
  4. User Account Administration
    1. Windows account types
    2. Account privileges
    3. Local Admin Password Solution
    4. Create policies to control local accounts
      1. Password policy
      2. Account lockout policy
    5. Manage user sign in options
    6. Mobile device management security settings 
    7. User Account Control
    8. Windows Hello for Business
      1. Manage options for Windows Hello for Business
    9. Credential Guard
    10. Privileged Access Workstation
    11. Summary
  5. Remote Administration Tools
    1. Remote Server Administration Tools
      1. Installing RSAT
      2. RSAT usage
    2. PowerShell
      1. PowerShell setup
      2. PowerShell usage
      3. PowerShell in the Enterprise
      4. Desired State Configuration
    3. Windows Sysinternals tools suite
      1. BgInfo
        1. Configuring BGInfo
        2. Deployment
        3. Introducing PsTools
        4. Installing PsTools
        5. Using PsTools
        6. Custom code repository
    4. Summary
  6. Device Management
    1. Evolving business needs
    2. Mobile device management
    3. Changes to GPOs in Windows 10
      1. Enterprise/Education - only GPOs
      2. Known issues when upgrading the central policy store
      3. Known issues with Group Policy Preferences/GPMC
    4. Servicing and patching
      1. Why cumulative updates?
      2. Update delivery solutions
        1. Windows Update
        2. Windows Update for Business
        3. Windows Server Update Services
        4. SCCM and third-party solutions
      3. Windows 10 servicing
    5. Summary
  7. Protecting Enterprise Data in BYOD Scenarios
    1. Bring Your Own Device
      1. What is BYOD?
      2. Choose Your Own Device
      3. Key considerations
        1. Device choice
        2. Ownership
        3. Management responsibility
        4. Comparing options
    2. Protection options
      1. Identity and access management
        1. Connect to work or school
        2. Microsoft Passport
        3. Windows Hello
        4. Credential Guard
      2. Device Configuration
      3. Application management
        1. Provisioning packages
        2. Windows Store for Business
        3. Mobile Application Management
      4. Information protection
        1. BitLocker and device pin
        2. Windows Information Protection
        3. Document classification and encryption
        4. Data loss prevention
    3. Alternative options
      1. Enable remote/virtual desktops - RDS/VDI
      2. Enable virtual private networks
      3. Publish applications via proxy
      4. End user behavior analytics
      5. OneDrive for Business
      6. Work Folders
        1. Work Folders compared to other sync technologies
    4. Summary
  8. Windows 10 Security
    1. Today's security challenges
    2. Windows Hello/Windows Hello for Business
      1. Differences between Windows Hello and Windows Hello for Business
    3. Virtualization-based security
    4. Credential Guard
    5. Device Guard
    6. Windows Defender Application Guard for Microsoft Edge
    7. Windows Defender Exploit Guard
    8. Device Health Attestation
    9. Windows Defender Security Center
    10. New BitLocker options
    11. Local Administrator Password Solution
      1. AD preparation
      2.  Now to the installation
        1. LAPS UI
        2. Group Policy client-side extension
        3. Group Policy configuration options
    12. Summary
  9. Windows Defender Advanced Threat Protection
    1. Prerequisites
    2. Windows Defender
      1. Windows Defender Security Center
      2. Windows Defender ATP
    3. Plan - environment analysis
    4. Deploy - service activation
      1. Sign up and activate Windows Defender ATP
      2. Portal configuration
        1. Check service health
        2. Check sensor status
        3. Enable SIEM integration
    5. Onboard endpoints
      1. Configure sensor data
      2. Additional configuration
    6. Detect - using the ATP portal
      1. Alerts queue
      2. Machine list
      3. Preferences setup
      4. Endpoint management
    7. Protect Post-breach response
      1. Types of threats
        1. Ransomware
        2. Credential theft
        3. Exploits
        4. Backdoors
        5. General malware
        6. Potentially Unwanted Application
      2. Take responsive actions
        1. Taking responsive actions on a machine
          1. Collecting an investigation package
          2. Isolate a machine
        2. Take responsive actions on a file or process
          1. Request deep analysis
          2. Stop and quarantine file
          3. Block file
        3. Pivot into Office 365
    8. Summary
  10. Advanced Configurations
    1. Virtual desktops
      1. VDI infrastructure best practices
      2. VDI configuration considerations
    2. The Windows ICD
    3. Windows 10 Kiosk Mode
    4. AutoPilot mode
      1. The Set up School PCs application
    5. Device lockdown
      1. Custom Logon
      2. Keyboard filter
      3. Shell Launcher
      4. Unbranded Boot
      5. Unified Write Filter
    6. Summary
  11. RedStone 3 Changes
    1. OneDrive – file on demand
    2. Task Manager shows GPU usage graph
    3. No SMB1
    4. Ubuntu, openSUSE and SUSE LSE available as Linux subsystem
    5. New features of Microsoft Edge
    6. New Google Chrome to Microsoft Edge migration feature
    7. Hyper-V improvements
    8. Change of network profiles in GUI
    9. Improved storage sense feature
    10. Microsoft Fluent Design
    11. My people app
    12. Eye tracking
    13. Controlled folder access
    14. Summary

Product information

  • Title: Windows 10 for Enterprise Administrators
  • Author(s): Jeff Stokes, Manuel Singer, Richard Diver
  • Release date: September 2017
  • Publisher(s): Packt Publishing
  • ISBN: 9781786462824