Book Image

Windows 10 for Enterprise Administrators

By : Richard Diver, Manuel Singer, Jeff Stokes
Book Image

Windows 10 for Enterprise Administrators

By: Richard Diver, Manuel Singer, Jeff Stokes

Overview of this book

Microsoft's launch of Windows 10 is a step toward satisfying enterprise administrators' needs for management and user experience customization. This book provides enterprise administrators with the knowledge needed to fully utilize the advanced feature set of Windows 10 Enterprise. This practical guide shows Windows 10 from an administrator's point of view. You'll focus on areas such as installation and configuration techniques based on your enterprise requirements, various deployment scenarios and management strategies, and setting up and managing admin and other user accounts. You'll see how to configure Remote Server Administration Tools to remotely manage Windows Server and Azure Active Directory. Lastly, you will learn modern mobile device management for effective BYOD and how to enable enhanced data protection, system hardening, and enterprise-level security with the new Windows 10 in order to prevent data breaches and to impede attacks. By the end of this book, you will know the key technologies and capabilities in Windows 10 and will confidently be able to manage and deploy these features in your organization.
Table of Contents (11 chapters)

Device Guard

You can run your system in two ways. One is trusting everything until there is evidence it is malicious. The evidence needs to be provided by, for example, your antivirus solution. This is a method of the past that could hardly keep up with the over 390,000 daily newly generated malware. The other is you trust only known software/executables/scripts.

But have you ever tried to whitelist all executables of your image with software restriction policies or AppLocker? First you need to inventory all executables and then create a policy based on a digital certificate, hash, or path. There are a huge number of executables. And not all are digitally signed. So you need to fall back to filenames and hashes. But what if you use an application that creates unsigned randomly named executables in your temporary folder during runtime? You have to punch a huge security hole into...