Modern administrators' guide based on Redstone 3 version
Jeff Stokes, Manuel Singer, Richard Diver
Purchase Now !
Just with Paypal
Just with Paypal
Book Details
Price
|
3.00 |
|---|---|
Pages
| 416 p |
File Size
|
15,051 KB |
File Type
|
PDF format |
ISBN
| 978-1-78646-282-4 |
Copyright©
| 2017 Packt Publishing |
Jeff Stokes is a Windows/Microsoft engineer currently employed at Microsoft. He
specializes in operating system health, reliability, and performance. He is skilled in
Windows deployment with Microsoft Deployment Toolkit (MDT) and has
exceptional skills in Virtual Desktop Infrastructure (VDI) and performance analysis.
He is an active writer and blogger and loves technology.
Thanks to all the people who have helped me get where I am today. Special thanks to
my wife, Ana, and my loving children, who have supported me through writing my
portions of this book. I’ve learned a lot from a lot of people through the years and
this book, I hope, is some sort of reflection of that accumulated knowledge. Clint
Huffman, Carl Luberti, Yong Rhee, and many, many Microsoft employees, current
and past as well. Special thanks to Ken Smith, who helped with some of the advanced
configuration chapters at the last minute; seriously, thank you, sir. And thanks to the
team at Packt Publishing and coauthors as well for their support and diligence in
helping make this a success.
Manuel Singer works as a senior premier field engineer for Windows Client at
Microsoft and is based in Germany. He has more than 10 years of experience in
system management and deployment using Microsoft technologies. He is specialized
in client enterprise design, deployment, performance, reliability, and Microsoft
devices. Manuel works with local and international top customers from the private
and public sectors to provide professional technical and technological support.
First and foremost, I would like to dedicate this book to my family, especially to my
wife, Renate, for her patience and continued support in allowing me the time to
research and write this book. She is the reason I can fulfill my dream and follow my
passion. I would also like to extend an acknowledgment to all the people who have
supported me throughout the writing of this book, especially the technical reviewers
for providing their efforts and time along with keen suggestions and
recommendations. Last but not least, I would like to thank the entire Packt
Publishing team for their support and guidance throughout the process of writing this book.
Richard Diver has been an IT professional for more than 20 years with experience
across multiple industries, technologies, and geographies. He is currently working as
a solutions architect with a focus on Microsoft cloud architecture, enterprise
mobility, and identity management solutions. This is his first time as an author,
though his previous book contributions include topics such as Sysinternals Tools,
Microsoft Office 365, and Microsoft Intune.
Richard has a deep passion for simplifying complex topics and visualizing and
sharing knowledge. He is a family man, with three daughters, and enjoys traveling,
reading, and public speaking at events and conferences.
Thank you, the coauthors, for giving me the opportunity to contribute to this book;
the experience has been good fun and I look forward to future opportunities. I would
also like to thank Sharon Raj and the Packt Publishing team for driving the efforts
required to pull a book like this together; your patience is immeasurable. Finally,
thanks to my family for the encouragement and support in all my technical
endeavors; I thank my wife, Dawn, and my three daughters, Charlotte, Lauren, and Jessica.
About the Reviewer
Iftekhar Hussain has been working with Microsoft for the last 9 years and has
worked in various positions involving helping customers secure, manage, and deploy
Windows and client management technologies.
He has over 12 years of experience providing high-value technology consulting to
top enterprise businesses, public sector organizations, governments, and defense with
architectural guidance, solution design and integration, and deployment strategies.
In his current role as a Windows cyber threat protection specialist, he helps
organizations enable better security for systems by acquiring and enabling various
capabilities to protect their environment from modern cyber threats and mitigating
strategies using various best practices from Microsoft.
I would like to thank my family for their unconditional support, love, and care, and
my colleagues at Microsoft for helping me learn and grow.
Preface
Microsoft’s launch of Windows 10 is a step toward satisfying Enterprise
administrator needs for management and user experience customization. This book
provides Enterprise administrators with the knowledge required to fully utilize the
advanced feature set of Windows 10 Enterprise. This practical guide shows
Windows 10 from an administrator's point of view.
Table of Contents
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Downloading the color images of this book
Errata
Piracy
Questions
1. Installation and Upgrading
Which branch to select?
Current Branch, also known as Semi-Annual Channel (Targeted)
Current Branch for Business, also known as Semi-Annual Channel
Support timeline before 1709
Support timeline since 1709
The Long-Term Servicing Branch
LTSB problem silicon support - potential risk with Zen, Cannonlake, and ne wer CPUs
Limitations of LTSB
Recommendations
New deployment methods
Why in-place upgrades?
Limitations and blocker of the in-place upgrade
Changing from BIOS/legacy mode to UEFI mode
Changing from Windows 32-bit/x86 to 64-bit/x64
Changing the base OS language
Changing primary disk partitioning
Using the Windows To Go or boot from VHD features
Image creation process (sysprep after upgrade not supported)
Certain third-party disk encryption products
Changing too many apps (bulk application swap)
Changing the environment
Traditional wipe and load
An alternative: provisioning
Improvements in deployment since Windows 10 1511
Windows 10 1607, also known as Anniversary Update
Windows 10 1703/1709, also known as Fall Creators Update
Tips and tricks for smooth in-place upgrade from 7, 8.1, or 10 to 10
Integrating cumulative updates into install sources
Updating graphics driver
Looking at Setupact.log and Setupapi.dev.log
Using Windows Upgrade Analytics aka Windows Upgrade Readiness
Selecting the deployment tools
Summary
2. Configuration and Customization
Introducing Windows as a service
Cortana
Security mitigation
Image customization
Imaging process
Customizing the image
Upgrade expectations
Internet Explorer 11 Enterprise Mode configuration
Windows 10 Start and taskbar layout
Audit mode
Tips
Virtual Desktop Infrastructure
Layering technologies
Security Compliance Manager
AppLocker
Microsoft Windows Store for Business, also known as Private Store
Microsoft telemetry
Windows Spotlight
Mandatory user profiles
Assigned Access, also known as kiosk mode
Bring Your Own Device scenarios
Windows libraries
User Experience Virtualization
Summary
3. User Account Administration
Windows account types
Account privileges
Local Admin Password Solution
Create policies to control local accounts
Password policy
Account lockout policy
Manage user sign in options
Mobile device management security settings
User Account Control
Windows Hello for Business
Manage options for Windows Hello for Business
Credential Guard
Privileged Access Workstation
Summary
4. Remote Administration Tools
Remote Server Administration Tools
Installing RSAT
RSAT usage
PowerShell
PowerShell setup
PowerShell usage
PowerShell in the Enterprise
Desired State Configuration
Windows Sysinternals tools suite
BgInfo
Configuring BGInfo
Deployment
Introducing PsTools
Installing PsTools
Using PsTools
Custom code repository
Summary
5. Device Management
Evolving business needs
Mobile device management
Changes to GPOs in Windows 10
Enterprise/Education - only GPOs
Known issues when upgrading the central policy store
Known issues with Group Policy Preferences/GPMC
Servicing and patching
Why cumulative updates?
Update delivery solutions
Windows Update
Windows Update for Business
Windows Server Update Services
SCCM and third-party solutions
Windows 10 servicing
Summary
6. Protecting Enterprise Data in BYOD Scenarios
Bring Your Own Device
What is BYOD?
Choose Your Own Device
Key considerations
Device choice
Ownership
Management responsibility
Comparing options
Protection options
Identity and access management
Connect to work or school
Microsoft Passport
Windows Hello
Credential Guard
Device Configuration
Application management
Provisioning packages
Windows Store for Business
Mobile Application Management
Information protection
BitLocker and device pin
Windows Information Protection
Document classification and encryption
Data loss prevention
Alternative options
Enable remote/virtual desktops - RDS/VDI
Enable virtual private networks
Publish applications via proxy
End user behavior analytics
OneDrive for Business
Work Folders
Work Folders compared to other sync technologies
Summary
7. Windows 10 Security
Today's security challenges
Windows Hello/Windows Hello for Business
Differences between Windows Hello and Windows Hello for Business
Virtualization-based security
Credential Guard
Device Guard
Windows Defender Application Guard for Microsoft Edge
Windows Defender Exploit Guard
Device Health Attestation
Windows Defender Security Center
New BitLocker options
Local Administrator Password Solution
AD preparation
Now to the installation
LAPS UI
Group Policy client-side extension
Group Policy configuration options
Summary
8. Windows Defender Advanced Threat Protection
Prerequisites
Windows Defender
Windows Defender Security Center
Windows Defender ATP
Plan - environment analysis
Deploy - service activation
Sign up and activate Windows Defender ATP
Portal configuration
Check service health
Check sensor status
Enable SIEM integration
Onboard endpoints
Configure sensor data
Additional configuration
Detect - using the ATP portal
Alerts queue
Machine list
Preferences setup
Endpoint management
Protect Post-breach response
Types of threats
Ransomware
Credential theft
Exploits
Backdoors
General malware
Potentially Unwanted Application
Take responsive actions
Taking responsive actions on a machine
Collecting an investigation package
Isolate a machine
Take responsive actions on a file or process
Request deep analysis
Stop and quarantine file
Block file
Pivot into Office 365
Summary
9. Advanced Configurations
Virtual desktops
VDI infrastructure best practices
VDI configuration considerations
The Windows ICD
Windows 10 Kiosk Mode
AutoPilot mode
The Set up School PCs application
Device lockdown
Custom Logon
Keyboard filter
Shell Launcher
Unbranded Boot
Unified Write Filter
Summary
10. RedStone 3 Changes
OneDrive – file on demand
Task Manager shows GPU usage graph
No SMB1
Ubuntu, openSUSE and SUSE LSE available as Linux subsystem
New features of Microsoft Edge
New Google Chrome to Microsoft Edge migration feature
Hyper-V improvements
Change of network profiles in GUI
Improved storage sense feature
Microsoft Fluent Design
My people app
Eye tracking
Controlled folder access
Summary
Bookscreen
What you need for this book
We recommend that you install and activate a copy of Windows 10 Enterprise in a
test environment. An Active Directory domain will be required in order to test new
Group Policy options. An Azure subscription will be required to test the following
features covered in this book:
Azure Active Directory domain join
Microsoft Intune for device management
Security center for Advanced Threat Protection (ATP)
You may also want an Office 365 subscription to see the complete integration
between Windows Defender ATP and Office 365 ATP.
Who this book is for
If you are a system administrator who has been given the responsibility of
administering and managing Windows 10 RedStone 3, then this book is for you. If
you have deployed and managed previous versions of Windows, that would be an
added advantage.