Book Image

Windows 10 for Enterprise Administrators

By : Richard Diver, Manuel Singer, Jeff Stokes
Book Image

Windows 10 for Enterprise Administrators

By: Richard Diver, Manuel Singer, Jeff Stokes

Overview of this book

Microsoft's launch of Windows 10 is a step toward satisfying enterprise administrators' needs for management and user experience customization. This book provides enterprise administrators with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise. This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You'll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory. Lastly, you will learn modern mobile device management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and to impede attacks. By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.
Table of Contents (11 chapters)

Credential Guard

Credential Guard is unique to Windows 10 Enterprise and Windows Server 2016, and designed to protect against OS-level attempts to read credentials. It uses hardware and virtualization-based security to isolate secrets so that only privileged system software can access them. Credential Guard protects NTLM password hashes, Kerberos Ticket-Granting Tickets, and credentials stored by applications.

Usually, Windows stores secrets in the Local Security Authority (LSA), in process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. You can consider the isolated LSA as running like a small virtual machine...