Book Image

Windows 11 for Enterprise Administrators - Second Edition

By : Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver
Book Image

Windows 11 for Enterprise Administrators - Second Edition

By: Manuel Singer, Jeff Stokes, Steve Miles, Thomas Lee, Richard Diver

Overview of this book

Windows 11 comes with a plethora of new security measures, customizability, and accessibility features that can help your organization run more smoothly. But, without a proper introduction to this new version of Windows, it’s easy to miss the most important improvements, along with configuration options that will make migrating to Windows 11 frictionless. Windows 11 for Enterprise Administrators helps you understand the installation process, configuration methods, deployment scenarios, and management strategies. You’ll delve into configuring Remote Server Administration Tools for remote Windows Server and Azure Active Directory management. This edition emphasizes PowerShell's role in automating administrative tasks, and its importance in Windows 11 and Windows Server management. It also provides comprehensive insights into Windows 11 updates, including Version 21H2 and 22H2, contrasting them with Windows 10, ensuring your knowledge stays current with the latest enhancements in the Windows ecosystem. By the end of this book, you'll be well-equipped with Windows 11's vital technologies and potentials, enabling you to adeptly oversee and implement these attributes within your company.
Table of Contents (13 chapters)
9
Chapter 9: Advanced Configurations

Account privileges

Each account can be assigned a range of specific privileges, from a standard user account (with no systems access) to a full local administrator account. Gaining access to administrative rights on the Windows operating system is one of the key attack vectors that needs to be prevented in every organization and even on personal PCs. Administrative rights are required when changing configurations or installing software, both of which should not be carried out by users, and therefore all user accounts should be restricted to standard user accounts only.

Where there is a genuine need for a user to be granted local admin rights on a computer, they should never be assigned to the user’s main account that they use for gaining access to email, documents, and websites. This leads to the potential for a user to open a document, or click on a hyperlink, that contains malware. A better design approach is to create a local user account specific to this user and provide...