Book Image

Windows 10 for Enterprise Administrators

By : Richard Diver, Manuel Singer, Jeff Stokes
Book Image

Windows 10 for Enterprise Administrators

By: Richard Diver, Manuel Singer, Jeff Stokes

Overview of this book

Microsoft's launch of Windows 10 is a step toward satisfying enterprise administrators' needs for management and user experience customization. This book provides enterprise administrators with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise. This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You'll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory. Lastly, you will learn modern mobile device management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and to impede attacks. By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.

Related Content you might be interested in

Current Title:

Small book image
Windows 10 for Enterprise Administrators
Richard Diver | Manuel Singer | Jeff Stokes
Sep, 2017 | 314 pages
Small book image
Microsoft Exam MD-100 Windows 10 Certification Guide
Jeroen Burgerhout
May, 2020 | 442 pages
Small book image
Mastering Windows Security and Hardening
Mark Dunkerley | Matt Tumbarello
Jul, 2020 | 572 pages
Small book image
Installing and Configuring Windows 10: 70-698 Exam Guide
Bekim Dauti
Jan, 2019 | 490 pages
Table of Contents (11 chapters)
Preface
Preface
What this book covers
What you need for this book
Who this book is for
Conventions
Reader feedback
Customer support
Free Chapter
1
Installation and Upgrading
Installation and Upgrading
Which branch to select?
New deployment methods
Improvements in deployment since Windows 10 1511
Tips and tricks for smooth in-place upgrade from 7, 8.1, or 10 to 10
Selecting the deployment tools
Summary
2
Configuration and Customization
Configuration and Customization
Introducing Windows as a service
Cortana
Security mitigation
Image customization
Upgrade expectations
Security Compliance Manager
Microsoft Windows Store for Business, also known as Private Store
Microsoft telemetry
Summary
3
User Account Administration
User Account Administration
Windows account types
Account privileges
Local Admin Password Solution
Create policies to control local accounts
Manage user sign in options
Mobile device management security settings
User Account Control
Windows Hello for Business
Credential Guard
Privileged Access Workstation
Summary
4
Remote Administration Tools
Remote Administration Tools
Remote Server Administration Tools
PowerShell
Windows Sysinternals tools suite
Summary
5
Device Management
Device Management
Evolving business needs
Mobile device management
Changes to GPOs in Windows 10
Servicing and patching
Summary
6
Protecting Enterprise Data in BYOD Scenarios
Protecting Enterprise Data in BYOD Scenarios
Bring Your Own Device
Protection options
Alternative options
Summary
7
Windows 10 Security
Windows 10 Security
Today's security challenges
Windows Hello/Windows Hello for Business
Virtualization-based security
Credential Guard
Device Guard
Windows Defender Application Guard for Microsoft Edge
Windows Defender Exploit Guard
Device Health Attestation
Windows Defender Security Center
New BitLocker options
Local Administrator Password Solution
Summary
8
Windows Defender Advanced Threat Protection
Windows Defender Advanced Threat Protection
Prerequisites
Windows Defender
Plan - environment analysis
Deploy - service activation
Onboard endpoints
Detect - using the ATP portal
Protect Post-breach response
Summary
9
Advanced Configurations
Advanced Configurations
Virtual desktops
The Windows ICD
Windows 10 Kiosk Mode
AutoPilot mode
Device lockdown
Summary
10
RedStone 3 Changes
RedStone 3 Changes
OneDrive – file on demand
Task Manager shows GPU usage graph
No SMB1
Ubuntu, openSUSE and SUSE LSE available as Linux subsystem
New features of Microsoft Edge
New Google Chrome to Microsoft Edge migration feature
Hyper-V improvements
Change of network profiles in GUI
Improved storage sense feature
Microsoft Fluent Design
My people app
Eye tracking
Controlled folder access
Summary

Credential Guard

As already described in the Windows Hello section, the PtH vulnerability has become a very common threat. Hacker tools such as Mimikatz can dump the system memory and debug your LSASS.exe, containing all the currently active credentials, including hashes. When PtH was weaponized, Windows 7 was already mainstream, and the design of Windows 8.0 was also completed. They could not react/redesign their kernel to prevent this memory dump. Every service was able to dump your Local Security Authority Subsystem (LSASS). With Windows 8.1, a new protected process level (PPL) was introduced. When RunAsPPL was activated, the LSASS process would run with a higher protection level (system level) and therefore no longer be accessible by illegal/corrupt services. But Mimikatz evolved and found a weak spot with device drivers. Even when running in the PPL, LSASS could be accessed...

Previous Section
End of Section 5
Next Section