Beruflich Dokumente
Kultur Dokumente
Module 1
Installing Windows 10
Module Overview
• Overview of Windows 10
• Planning your Windows 10 deployment
• Installing and deploying Windows 10
• Upgrading to Windows 10
• Windows 10 installation maintenance
• Managing volume activation
1
09/12/2018
2
09/12/2018
3
09/12/2018
4
09/12/2018
Windows 10 editions
Edition Consumer Availability
Windows 10 Home Individual/home use Everybody
Windows 10 Pro Organizations, advanced users Everybody
Windows 10 editions
Windows 10 IoT:
• Windows 10 IoT Core
• Windows 10 IoT Enterprise
• Windows 10 IoT Mobile
5
09/12/2018
6
09/12/2018
Feature-specific requirements:
• Windows Hello requires biometric hardware
• Secure boot requires firmware that supports UEFI
• BitLocker requires TPM or a USB flash drive
• Client Hyper-V requires a 64-bit system with
second-level address translation capabilities and
an additional 2 GB of RAM
Tool Function
ACT Evaluate and mitigate application
compatibility issues
DISM Capture, deploy, service, and manage
Windows images
Windows SIM Create unattended installation answer files
Windows PE Minimal operating system used in Windows
deployment
Windows Customize and create provision packages
Configuration
Designer
USMT Migrate user settings
VAMT Graphical tool used to automate and manage
activation of Windows, Windows Server, and
Microsoft Office
7
09/12/2018
8
09/12/2018
9
09/12/2018
10
09/12/2018
Installing Windows 10
11
09/12/2018
Overview of Windows To Go
• Windows To Go:
• Comes as a feature in Windows 10 Enterprise
• Use it to start and run Windows 10 directly from an
external USB drive
• Before you use Windows To Go, you must create a
bootable USB drive with the Windows To Go
workspace in one of two ways:
• Manually create the Windows To Go USB drive from a
computer running Windows 10 Enterprise
• Use Configuration Manager to provision Windows To Go
Overview of Windows To Go
12
09/12/2018
1. Create Windows
PE media
13
09/12/2018
14
09/12/2018
Upgrade or migrate?
In-place upgrade Migrate
Source and destination
computer
Windows 10
Upgrade
Collect Restore
user state user state
15
09/12/2018
Disadvantages of migration:
• Requires the use of migration tools, such as USMT
• Requires reinstallation of applications
• Requires storage space for user settings and files to be
migrated
• May impact user productivity
15 minutes
16
09/12/2018
1. Evaluate
5. Update
2. Back up
4. Verify 3. Upgrade
1. Back up
5. Restore 2. Install
Windows 10
17
09/12/2018
18
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL3
User name: Adatum\Administrator
Password: Pa55w.rd
Estimated Time: 30 minutes
Lab Scenario
19
09/12/2018
Lab Review
20
09/12/2018
21
09/12/2018
22
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User name: Adatum\Administrator
Password: Pa55w.rd
Lab Scenario
23
09/12/2018
Lab Review
• What is activation?
• Technologies for volume license activation
• How does activation based on AD DS work?
• How KMS activation works
• Volume activation management
• Subscription models
24
09/12/2018
What is activation?
• Volume activation:
• Provides simple, security-enhanced activation for
enterprise organizations
• Addresses issues that are associated with VLKs in
previous Windows operating system versions
• Volume activation models:
• Active Directory-based activation
• KMS
• MAK
25
09/12/2018
3
2
26
09/12/2018
• VAMT:
• Allows you to manage activation of supported Microsoft
products centrally
• Helps identify products with problematic licensing states
• Volume Activation Management Tool console
27
09/12/2018
Subscription models
• Review Questions
28
09/12/2018
Module 2
Performing post-installation
configuration
Module Overview
29
09/12/2018
30
09/12/2018
31
09/12/2018
RSAT includes:
• Management console snap-ins
• Windows PowerShell modules
32
09/12/2018
Scheduling tasks
33
09/12/2018
34
09/12/2018
35
09/12/2018
36
09/12/2018
• Resizing tiles:
• Configure Live Tiles
• Grouping tiles
37
09/12/2018
38
09/12/2018
39
09/12/2018
Configure notifications
Configure Cortana
40
09/12/2018
• Windows 10 architecture
• Device drivers, driver package, and drive store
• Tools for managing devices
• Signed drivers
• Demonstration: Managing device drivers
• Operating system services
• Identifying failed services
• Disabling services
Windows 10 architecture
Windows Store
apps
UWP apps Desktop apps Apps
.NET Framework /
Windows RT APIs
Win32 System
services
Executive services
41
09/12/2018
42
09/12/2018
Signed drivers
• Windows 10:
• 32-bit warns you if a driver is not signed
• 64-bit requires signed drivers
43
09/12/2018
44
09/12/2018
Disabling services
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User name: Adatum\Administrator
Password: Pa55w.rd
45
09/12/2018
Lab Scenario
Lab Review
46
09/12/2018
Control Panel:
Windows PowerShell:
47
09/12/2018
48
09/12/2018
• Includes:
• Laptops and notebooks
• Tablets
• Windows 10 Mobile
• Settings app
• Display, Power, Tablet mode
• Action Center
• Quick Actions
49
09/12/2018
50
09/12/2018
Lab Scenario
51
09/12/2018
Lab Review
52
09/12/2018
53
09/12/2018
54
09/12/2018
• Review Questions
55
09/12/2018
Module 5
Managing Windows 10 with
Group Policy
Module Overview
56
09/12/2018
57
09/12/2018
• Security filtering:
• A GPO has an ACL that defines permissions to a GPO
(on the Delegation tab, click Advanced)
• By default, the Authenticated Users group has two
permissions: Allow Read and Allow Apply Group Policy
• Two ways of filtering:
• Scope only to users in selected global groups
• Scope to users except for those in selected groups
• WMI filters:
• Use WMI queries to filter which GPOs apply based on
settings on the local client
• WMI query example:
• Select * FROM Win32_OperatingSystem WHERE
Version="10.0.10240"
58
09/12/2018
• GPUpdate:
• Refresh policies manually by using this command
• GPResult:
• Use this command to show the cumulative settings
applied
• By default, standard users only see user settings
• RSoP.msc:
• Use this tool to view a graphical representation of the
policies that are applied
• This tool displays settings only from the Policies node
and not the Preferences node
59
09/12/2018
60
09/12/2018
• ADMX files:
• Are language-neutral; ADML files provide the localized
language
• Are not stored in the GPO
• Are extensible through XML
• The central store:
• Is a central repository for ADMX and ADML files
• Is stored in SYSVOL and must be created manually
• Is detected automatically by Windows Vista and newer
or Windows Server 2008 and newer operating systems
• Extend administrative templates by creating new
templates or by downloading available templates; for
example, administrative templates for Microsoft Office
61
09/12/2018
• Desktop wallpaper
• Screen saver settings
• File Explorer settings
• Run these programs at user logon
• Display highly detailed status messages
• Windows Update settings
• Browser settings
62
09/12/2018
• Account policies:
• Password and account lockout policies
• User rights:
• Allow log on locally, change the system time, force shutdown from a remote
system
• Security options:
• Accounts: Rename administrator account, Interactive logon: Do no display last
username
• System services:
• Control startup mode of services
• Windows Firewall with Advanced Security:
• Create new firewall rules, control firewall state, and export or import .wfw files with
firewall configurations
• Public Key policies:
• Automatic enrollment for computer certificates, Add trusted root certificates for
groups of computers, and Designate EFS recovery agent accounts
• AppLocker:
• Create AppLocker rules and configure AppLocker enforcement
63
09/12/2018
Logon Information
Lab Scenario
64
09/12/2018
Lab Review
• Review Questions
• Best Practice
• Common Issues and Troubleshooting Tips
65
09/12/2018
Module 6
Implementing remote
management
Module Overview
66
09/12/2018
67
09/12/2018
68
09/12/2018
69
09/12/2018
70
09/12/2018
71
09/12/2018
72
09/12/2018
Remoting requirements
3. Command results are sent back by using the Windows Remote Management
protocol, and they display in Windows PowerShell on the local computer
73
09/12/2018
74
09/12/2018
75
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL2
User name: Adatum\Administrator
Password: Pa55w.rd
Estimated Time: 45 minutes
Lab Scenario
76
09/12/2018
Lab Review
• Review Questions
77
09/12/2018
Module 7
Managing storage
Module Overview
78
09/12/2018
• Server-based storage:
• File server
• NAS
• SAN
79
09/12/2018
NAS SAN
NAS device
Servers
Local area
network
(Ethernet)
Switches
File-level access
(CIFS, NFS)
File server
Network Storage devices
Cloud-based storage
• Microsoft OneDrive:
• 5 GB free storage
• Office 365 customers get at least 1 TB storage
• Automatic copy of camera roll from phones and tablets
• Azure Storage:
• Blob storage
• Table storage
• Queue storage
• File storage
80
09/12/2018
MBR disk:
• Contains the partition table for the disk and a small amount of
executable code called the master boot code
• Is on the first sector of the hard disk and is created when a
disk is partitioned
• Supports a maximum of four partitions of 2 TB each
GPT disk:
• Contains an array of partition entries describing the start and
end LBA of each partition on a disk
• Supports up to 128 partitions and a theoretical 18-exabyte
size
• Enhances reliability
• Supports boot disks on 64-bit Windows operating systems
and UEFI systems
81
09/12/2018
Dynamic disks
• Disk Management
• DiskPart
• Windows PowerShell 5.0
82
09/12/2018
83
09/12/2018
DiskPart:
• Scriptable command-line utility:
• DiskPart /s script to run a DiskPart script
• Create scripts to automate disk-related tasks
• Always runs locally
• Run commands from the DiskPart command
prompt:
• list disk displays the disks on a system
• select disk disknumber is used to select the disk to
manage
• convert gpt converts the selected disk to the GPT
format
Cmdlets:
• Get-Disk selects a disk
• Initialize-Disk prepares a disk for use
• Set-Disk sets disk parameters, such as partition style
84
09/12/2018
Simple volumes
• If you extend the volume into noncontiguous space, the disk will
be converted to dynamic if it is a basic disk
85
09/12/2018
86
09/12/2018
87
09/12/2018
88
09/12/2018
89
09/12/2018
90
09/12/2018
Disk fragmentation
91
09/12/2018
The NTFS file system uses NTFS file compression to compress files,
folders, and volumes:
• Uses compression to save disk space
File prior to
• Does not use compression compression
for system files and folders
• Compression is configured as
an NTFS attribute
• NTFS calculates disk space
based on uncompressed
file size
• Applications that open a
compressed file only see the
uncompressed data File after
compression
92
09/12/2018
Copy Move
Move
Inherits compression state of
the target folder
D From NTFS partition To FAT partition
Copy
Move No compression
93
09/12/2018
94
09/12/2018
Physical disks
95
09/12/2018
Feature Options
Storage layout • Simple
• Two-way or three-way mirror
• Parity
Provisioning schemes • Thin vs. fixed provisioning
96
09/12/2018
• Thin-provisioning scenario:
• Easier storage growth
• Add disks when the need arises
• High-performance scenario:
• Parity resilience gives better performance with SSDs
• Usable for video editing and other high disk I/O
scenarios
97
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL2
User names: Adatum\Administrator
Adatum\Claire
Password: Pa55w.rd
Estimated Time: 45 minutes
Lab Scenario
98
09/12/2018
Lab Review
• What is OneDrive?
• Enabling OneDrive
• Sharing data with OneDrive
• Synchronizing settings with OneDrive
99
09/12/2018
What is OneDrive?
Enabling OneDrive
100
09/12/2018
101
09/12/2018
• Virtual hard disks are files that you can use the same
way as physical hard disks
• You can:
• Configure .vhd, .vhdx, or .vhds files
• Configure computers to start from a virtual hard disk
• Transfer virtual hard disks from Client Hyper-V servers,
and start computers from a virtual hard disk
• Use virtual hard disks as a deployment technology
102
09/12/2018
103
09/12/2018
• Review Questions
Module 8
Managing files and resources
104
09/12/2018
Module Overview
105
09/12/2018
106
09/12/2018
107
09/12/2018
108
09/12/2018
• Command prompt
• cd or chdir to change the parent directory
• del, md, move, and other commands to manage files
and folders
• icacls to display and modify permissions
• Windows PowerShell
• Set-Location, Remove-Item, and other cmdlets
• Same aliases as command-prompt commands
• Set-ACL to manage file permissions
109
09/12/2018
110
09/12/2018
Effective permissions
111
09/12/2018
Effective permissions
Copy
Copy
Move
Move
112
09/12/2018
Users Data
None
Mary Move
Modify
FileA
Public
Copy
FileA
Move
Group 1
113
09/12/2018
114
09/12/2018
File Explorer
115
09/12/2018
Command prompt
Windows PowerShell
116
09/12/2018
Folder1 File1
117
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL2
User names: Adatum\Administrator
Adatum\Annie
Adatum\Beth
Password: Pa55w.rd
Estimated Time: 30 minutes
118
09/12/2018
Lab Scenario
Lab Review
119
09/12/2018
120
09/12/2018
• Data directory
• Version tables
• Upload staging
directory
121
09/12/2018
122
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL4
User names: Adatum\Administrator
Adatum\Annie
Admin
Password: Pa55w.rd
Estimated Time: 30 minutes
Lab Scenario
123
09/12/2018
Lab Review
124
09/12/2018
• Printing device
• A physical device that creates the print job output
• Printer port
• A port through which the printing device is connected
• Printer
• Windows 10 representation of the printing device
• Printer driver
• Used for communicating with the printing device and
processing print jobs
125
09/12/2018
126
09/12/2018
127
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL2
User names: Adatum\Administrator
Adatum\Beth
Password: Pa55w.rd
Estimated Time: 15 minutes
Lab Scenario
128
09/12/2018
Lab Review
• Review Questions
129
09/12/2018
Module 9
Deploying and managing apps
Module Overview
130
09/12/2018
131
09/12/2018
132
09/12/2018
133
09/12/2018
134
09/12/2018
135
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User names: Adatum\Administrator
LON-CL1\Admin
Password: Pa55w.rd
Estimated Time: 25 minutes
136
09/12/2018
Lab Scenario
Lab Review
137
09/12/2018
138
09/12/2018
Assign software
Advantages:
during
• No additional costs
computer
• No client software
configuration
required
• Quick and easy to Software
use distribution share
• Reduced IT training
costs
Disadvantages:
• No control over the
time taken for Publish software
installation and Assign software by using Programs
restart during user and Features
• Reporting limited to configuration
event log
• Only MSI installation Publish software
programs By using Extension
activation
139
09/12/2018
140
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User names: Adatum\Administrator
Adatum\Claire
Password: Pa55w.rd
Estimated Time: 30 minutes
Lab Scenario
141
09/12/2018
Lab Review
• Internet Explorer 11
• Privacy features in Internet Explorer 11
• Security features in Internet Explorer 11
• Managing add-ons
• Compatibility View
• Demonstration: Configuring and using Internet Explorer 11
• The Microsoft Edge browser
• Managing extensions
• Microsoft Edge productivity features
• Demonstration: Configuring and using Microsoft Edge
• Discussion: Which browser should you use?
142
09/12/2018
Internet Explorer 11
143
09/12/2018
Managing add-ons
144
09/12/2018
Compatibility View
145
09/12/2018
Managing extensions
146
09/12/2018
• Pinned tabs
• Paste and go
• Improved battery life
• Windows Hello authentication
• Website notifications
• OneDrive synchronization of favorites
• Reading view
147
09/12/2018
5 minutes
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User names: Adatum\Administrator
Adatum\Claire
Password: Pa55w.rd
Estimated Time: 20 minutes
148
09/12/2018
Lab Scenario
Lab Review
149
09/12/2018
• Review Questions
Module 10
Securing Windows 10
150
09/12/2018
Module Overview
151
09/12/2018
152
09/12/2018
153
09/12/2018
154
09/12/2018
20 minutes
155
09/12/2018
• What is UAC?
• How UAC works
• Configuring UAC notification settings
• Demonstration: Configuring UAC
What is UAC?
156
09/12/2018
157
09/12/2018
158
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User names: Adatum\Administrator
Adatum\Claire
.\Admin
.\Claire
Password: Pa55w.rd
Estimated Time: 15 minutes
Lab Scenario
159
09/12/2018
Lab Review
160
09/12/2018
15 minutes
161
09/12/2018
What is BitLocker?
BitLocker requirements
162
09/12/2018
BitLocker modes
163
09/12/2018
164
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User name: Adatum\Administrator
Password: Pa55w.rd
165
09/12/2018
Lab Scenario
Lab Review
166
09/12/2018
• Review Question
Module 11
Implementing remote connectivity
167
09/12/2018
Module Overview
168
09/12/2018
10 minutes
• VPN
• DirectAccess
• Routing
• Web Application Proxy
169
09/12/2018
Start
• Overview of VPNs
• VPN tunneling protocols
• VPN authentication methods
• Demonstration: Creating a VPN connection
• Advanced VPN options
• Deploying VPN connection profiles
170
09/12/2018
Overview of VPNs
VPN
server Remote user with VPN client
171
09/12/2018
PAP:
• Uses plaintext passwords
• Used typically if the remote access client and remote
access server cannot negotiate a more secure form of
validation
• Is the least secure authentication protocol; it does not
protect against:
• Replay attacks
• Remote client impersonation
• Remote server impersonation
CHAP:
• Is a challenge-response authentication protocol that
uses the industry-standard MD5 hashing scheme
• Is an improvement over PAP because the password is not
sent over the PPP link
• Requires a plaintext version of the password to validate
the challenge response, and does not protect against
remote server impersonation
172
09/12/2018
MS-CHAPv2:
• Is an upgrade of MS-CHAP, provides two-way
authentication, also known as mutual authentication
• Is the remote access client that receives verification that
the remote access server to which it is dialing in has
access to the user’s password
• Provides stronger security than CHAP
EAP:
• Allows for arbitrary authentication of a remote access
connection through the use of authentication schemes,
known as EAP types
• Offers the strongest security by providing the most
flexibility in authentication variations
173
09/12/2018
174
09/12/2018
• CMAK:
• Allows you to customize users’ remote connection
experience by creating predefined connections on
remote servers and networks
• Creates an executable file that can be run on a client
computer to establish a network connection that you have
designed
• You can distribute CMAK profiles to client computers
by using:
• An operating system image
• Removable media
• Software distribution tools, such as Configuration Manager
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-RTR
20698B-LON-CL1
User names: Adatum\Administrator
Adatum\Claire
Password: Pa55w.rd
Estimated Time: 30 minutes
175
09/12/2018
Lab Scenario
Lab Review
176
09/12/2018
• Overview of DirectAccess
• DirectAccess components
• Establishing DirectAccess in Windows 10
• Demonstration: Configuring DirectAccess
Overview of DirectAccess
Features of DirectAccess:
• Connects automatically to a corporate network over a
public network
• Uses various protocols, including HTTPS, to establish IPv6
connectivity
• Supports selected server access and IPsec authentication
• Supports end-to-end authentication and encryption
• Supports management of remote client computers
• Allows remote users to connect directly to intranet servers
177
09/12/2018
DirectAccess components
Internet websites
AD DS
domain
NRPT/ Internal clients controller
Consec DNS server
IPv6/IPsec
DirectAccess
External clients server
Internal network
resources
Network
location server
PKI deployment
178
09/12/2018
• Review Questions
179
09/12/2018
Module 12
Maintaining Windows 10
Module Overview
• Updating Windows 10
• Monitoring Windows 10
180
09/12/2018
181
09/12/2018
182
09/12/2018
183
09/12/2018
184
09/12/2018
185
09/12/2018
Microsoft
Automatic update
updates website
Server running
WSUS
Test clients
LAN
Internet
Automatic
updates
186
09/12/2018
Phase 1: Assess
187
09/12/2018
• Event Viewer
• Demonstration: Monitoring Windows with Event
Viewer
• Reliability history
• Performance considerations
• Performance monitoring
• Demonstration: Monitoring performance
Event Viewer
188
09/12/2018
Reliability history
189
09/12/2018
Performance considerations
Performance monitoring
190
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
User name: Adatum\Administrator
Password: Pa55w.rd
191
09/12/2018
Lab Scenario
Lab Review
192
09/12/2018
• Review Questions
Module 13
Recovering Windows 10
193
09/12/2018
Module Overview
• Recovering files
• Performing system recovery
194
09/12/2018
• Windows 10 features:
Work Folders
• Folder Redirection, Offline Files System image
• Backup and Restore (Windows 7) Wbadmin.exe
Copying files
• Sync with OneDrive
• File History
File History
195
09/12/2018
File History
File History
9:00
8:00
11:00
10:00
Restore 8:00
196
09/12/2018
Previous Versions
197
09/12/2018
198
09/12/2018
199
09/12/2018
Driver rollback
Driver rollback
200
09/12/2018
201
09/12/2018
Computer state
Microsoft Microsoft Office Microsoft
Microsoft Office problematic app Office
Office problematic changes between
app T2 and T3
202
09/12/2018
• Enable debugging
• Enable boot logging
• Enable low-resolution video
• Enable Safe Mode
• Enable Safe Mode with Networking
• Enable Safe Mode with Command Prompt
• Disable driver signature enforcement
• Disable early launch anti-malware protection
• Disable automatic restart after failure
• Launch recovery environment
Tool Function
Reset this PC Lets you choose to keep or remove your
files and reinstalls Windows 10
System Restore Returns your computer to an earlier state
203
09/12/2018
204
09/12/2018
5 minutes
205
09/12/2018
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL2
User name: Adatum\Administrator
Password: Pa55w.rd
Estimated Time: 60 minutes
Lab Scenario
206
09/12/2018
Lab Review
• Review Questions
207
09/12/2018
Course Evaluation
208