PPTs Alumnos

09/12/2018
Module 1
Installing Windows 10
Module Overview
• Overview of Windows 10
• Planning your Windows 10 deployment
• Installing and deploying Windows 10
• Upgrading to Windows 10
• Windows 10 installation maintenance
• Managing volume activation
1
09/12/2018
Lesson 1: Overview of Windows 10
• What is new in Windows 10?

• What has changed since Windows 8.1?
• Overview of the Windows 10 Creators Update
• The benefits of Windows 10 for small and
medium-sized organizations
• Bring Your Own Device
• Windows 10 editions
What is new in Windows 10?
Windows 10 provides many new features and

improvements over Windows 7, including:
• Start screen and Start menu improvements
• Improved cloud integration
• New and enhanced recovery tools and options
• Windows To Go
• Client Hyper-V
• Support for multiple device types
• Bring Your Own Device support
• Mobility improvements
• Security enhancements
2
09/12/2018
What has changed since Windows 8.1?
Windows 10 provides significant enhancements

over Windows 8.1, including:
• Interface improvements
• Action Center
• Universal Windows Platform apps
• Microsoft Edge
• Consolidated settings
• Multiple update sources
Overview of the Windows 10 Creators Update
Windows 10 Fall Creators Update includes a number of

improvements, including:
• Windows AutoPilot
• Windows 10 Subscription Activation
• Windows 10 Automatic Redeployment
• Windows Defender Advanced Threat Protection
• Windows Hello for Business improvements
• BitLocker changes
• Windows Defender Security Center
• Co-management
• Group Policy-triggered auto-enrollment
• Kiosk management features
• AlwaysOn VPN
• Windows Update changes
• Microsoft Edge improvements
3
09/12/2018
The benefits of Windows 10 for small and

medium-sized organizations
There are many reasons for small and medium-

sized organizations to consider Windows 10:
• Easier for your users to use
• Continuous updates
• Improved device management
• Distribution of apps by using Windows Store
• More secure
Bring Your Own Device
4
09/12/2018
Windows 10 editions
Edition Consumer Availability
Windows 10 Home Individual/home use Everybody
Windows 10 Pro Organizations, advanced users Everybody
Windows 10 Enterprise Large enterprises Only available to Volume

Licensing customers
Windows 10 Enterprise Large enterprises Only available to Volume
Long-term servicing Licensing customers
channel
Windows 10 Education School staff, administrators, Only available through
teachers, and students academic Volume Licensing
Windows 10 Mobile Users of smaller, mobile, touch- Everybody
centric devices such as
smartphones and small tablets
Windows 10 Mobile Business customers on Only available through
Enterprise smartphones and small tablets Volume Licensing
Windows 10 editions
Windows 10 IoT:
• Windows 10 IoT Core
• Windows 10 IoT Enterprise
• Windows 10 IoT Mobile
5
09/12/2018
Lesson 2: Planning your Windows 10 deployment
• Requirements for installing Windows 10

• Determining the requirements for specific
Windows features
• Windows Assessment and Deployment Kit
• Determine hardware readiness
• Demonstration: Using MAP to determine
readiness for Windows 10
• Determining application compatibility
Requirements for installing Windows 10
Minimum recommended hardware:

• Processor: 1 GHz or faster processor or SOC
• RAM: 1 GB for 32-bit or 2 GB for 64-bit
• Hard disk space: 16 GB for 32-bit or 20 GB for
64-bit
• Graphics card: DirectX 9 or newer with WDDM
1.0 driver
• Display: 800 x 600
6
09/12/2018
Determining the requirements for specific Windows

features
Feature-specific requirements:
• Windows Hello requires biometric hardware
• Secure boot requires firmware that supports UEFI
• BitLocker requires TPM or a USB flash drive
• Client Hyper-V requires a 64-bit system with
second-level address translation capabilities and
an additional 2 GB of RAM
Windows Assessment and Deployment Kit
Tool Function
ACT Evaluate and mitigate application
compatibility issues
DISM Capture, deploy, service, and manage
Windows images
Windows SIM Create unattended installation answer files
Windows PE Minimal operating system used in Windows
deployment
Windows Customize and create provision packages
Configuration
Designer
USMT Migrate user settings
VAMT Graphical tool used to automate and manage
activation of Windows, Windows Server, and
Microsoft Office
7
09/12/2018
Determine hardware readiness
Use MAP Toolkit for Windows 10 to:

• Perform inventory of your organization’s
IT infrastructure
• Generate a report or proposal based on
Windows 10 Readiness Assessment
Demonstration: Using MAP to determine readiness

for Windows 10
In this demonstration, you will see how to:

• Create an inventory database
• View inventory data
8
09/12/2018
Determining application compatibility
• Application compatibility issues can cause the

following symptoms:
• An app failing to run
• Error messages
• Missing application functionality
• Data loss or corruption
• Mitigating application compatibility involves the

following phases:
Discover Rationalize Prioritize Test Mitigate
Determine application compatibility
Use ACT to test and verify your applications:

1. Build a test workstation running Windows 10 and
that has all the required apps installed
2. Run the apps to see if there are any issues in
functionality or behavior
3. Install ACT on the workstation
4. Open the Compatibility Administrator and run any
problematic apps within it
5. Create a custom database to hold test information
6. Create an application fix, if required
7. Save the fix to a distributable location or media
8. Distribute the application fix around your
organization
9
09/12/2018
Lesson 3: Installing and deploying Windows 10
• Installing and deploying options for Windows 10

• Installing Windows 10
• Demonstration: Installing Windows 10 (optional)
• Overview of Windows To Go
• Deployment using provisioning
• The process for enterprise deployment
Installing and deploying options for Windows 10
10
09/12/2018
Installing Windows 10
Demonstration: Installing Windows 10 (optional)
In this demonstration, you will see how to install

Windows 10 from local media
11
09/12/2018
Overview of Windows To Go
• Windows To Go:
• Comes as a feature in Windows 10 Enterprise
• Use it to start and run Windows 10 directly from an
external USB drive
• Before you use Windows To Go, you must create a
bootable USB drive with the Windows To Go
workspace in one of two ways:
• Manually create the Windows To Go USB drive from a
computer running Windows 10 Enterprise
• Use Configuration Manager to provision Windows To Go
Overview of Windows To Go
Creating a Windows To Go Image
12
09/12/2018
Deployment using provisioning
You can use Windows Configuration Designer to:

• View all of the configurable settings and policies
for a Windows 10 image or provisioning package
• Create Windows provisioning answer files
• Add non-Microsoft drivers, apps, or other assets
to an answer file
• Create variants and specify the settings that apply
to each variant
• Build a provisioning package
The process for enterprise deployment
1. Create Windows
PE media
13
09/12/2018
Lesson 4: Upgrading to Windows 10
• Supported upgrade paths

• Upgrade or migrate?
• Considerations for choosing between upgrade
and migrate
• Discussion: Common upgrade and migration
scenarios
• The process of upgrading to Windows 10
• The process of migrating to Windows 10
• Migrating user state
• Demonstration: Migrating user state with USMT
Supported upgrade paths
Initial OS Final OS Media (.iso file) Windows update

Windows 8.1 Update Windows 10 Direct upgrade Direct upgrade
Windows 8.1 RTM Windows 10 Direct upgrade Direct upgrade not
supported
Windows 8 Windows 10 Direct upgrade Direct upgrade not
supported
Windows RT Not supported Not supported
Windows 7 SP1 Windows 10 Direct upgrade Direct upgrade
Windows 7 RTM Windows 10 Direct upgrade Direct upgrade not
supported
• Some features might be removed when you upgrade to

Windows 10
14
09/12/2018
Upgrade or migrate?
In-place upgrade Migrate
Source and destination
computer
Windows 10
Upgrade
Collect Restore
user state user state
Existing computer Intermediate store
Windows as a service will provide new features and functionality

through the update process
Considerations for choosing between upgrade

and migration
Advantages of in-place upgrades:
• Retains user settings, application settings, and files
• Preserves installed applications
• Does not require additional storage space for migration files
• Affects user productivity minimally, and preserves user
settings and data
• Provides a simpler setup process
• Rollback is available in case of a problem
Disadvantages of in-place upgrades:

• Cannot start with standardized reference configurations
• Preserved applications may not work correctly after upgrading
• Remnant files or settings may contribute to performance and
security issues
• Does not allow for edition changes
• Is only available on supported operating systems
• Computer must meet minimum hardware requirements
15
09/12/2018
Considerations for choosing between upgrade

and migration
Advantages of migration:
• Offers the opportunity to clean up existing computers and
create more stable and secure desktop environments
• Allows for installation of any edition, regardless of the
previous version that was running
• Provides the opportunity to reconfigure hardware-level
settings before installation
• Malicious software does not migrate to the new installation
Disadvantages of migration:
• Requires the use of migration tools, such as USMT
• Requires reinstallation of applications
• Requires storage space for user settings and files to be
migrated
• May impact user productivity
Discussion: Common upgrade and migration

scenarios
What is the best upgrade process for each

scenario?
15 minutes
16
09/12/2018
The process of upgrading to Windows 10
1. Evaluate
5. Update
2. Back up
4. Verify 3. Upgrade
The process of migrating to Windows 10
1. Back up
5. Restore 2. Install
Windows 10
4. Install applications 3. Update
17
09/12/2018
Migrating user state
• User state separates user files, settings, and

environment from files and settings specific to the
installed Windows operating system
• User state consists of:
• User settings
• User registry
• User data
• Application data
• USMT is a scriptable command-line tool that provides

a highly customizable user-profile migration
experience for IT professionals
Scanstate [StorePath] [/i:[path\]FileName] [Options]
Loadstate [StorePath] [/i:[path\]FileName] [Options]
Demonstration: Migrating user state with USMT

• Prepare the source computer
• Complete the migration
18
09/12/2018
Lab A: Upgrading to Windows 10
• Exercise 1: Migrating user settings

• Exercise 2: Upgrading from Windows 8.1 to
Windows 10 (optional)
Logon Information
Virtual machines: 20698B-LON-DC1
20698B-LON-CL1
20698B-LON-CL3
User name: Adatum\Administrator
Password: Pa55w.rd
Estimated Time: 30 minutes
Lab Scenario
You are performing a trial Windows 10

deployment by performing a test upgrade of
a small group of devices, starting with a single
Windows 8.1 computer. You will also test the
feasibility of migrating user settings for those
users who will receive new hardware.
19
09/12/2018
Lab Review
• Which tools from Microsoft can help you

automate the deployment of Windows 10?
• You have a few computers running Windows Vista.
What is a supported method of upgrading the
computers to Windows 10?
Lesson 5: Windows 10 installation maintenance
• Using DISM for installation and image

maintenance
• Overview of Windows Configuration Designer
• Using provisioning packages to modify
Windows 10 installations
• Demonstration: Using Windows Configuration
Designer to create provisioning packages
20
09/12/2018
Using DISM for installation and image maintenance
• You can use Dism.exe to capture and apply images:

• Included in Windows 10 and Windows ADK
• Image can contain a volume or a folder hierarchy:
• Cannot capture files that are used by another process:
• Capture a Windows 10 volume from Windows PE
• Specify a compression level only when creating a Windows
image
• Dism /Capture-Image /ImageFile /CaptureDir
• Mount the image:
• After mounting, you copy or create folders and files in the
mount directory
• After all changes are complete, you save the changes with the
DISM command line or Windows PowerShell and then
dismount the image
Overview of Windows Configuration Designer
• Windows Configuration Designer is used to:

• Create provisioning packages to apply various and
potentially numerous settings to Windows devices
• Create answer files for provisioning packages
• Windows Configuration Designer is used by:

• System builders
• Organizational IT departments
21
09/12/2018
Using provisioning packages to modify Windows 10

installations
Demonstration: Using Windows Configuration

Designer to create provisioning packages

• Use Windows Configuration Designer features
• Create a provisioning package
• Apply a provisioning package
22
09/12/2018
Lab B: Maintaining a Windows 10 installation

with Windows Configuration Designer
• Exercise 1: Creating and configuring a Windows

Configuration Designer provisioning package
Logon Information
20698B-LON-CL1
Password: Pa55w.rd
Lab Scenario
You will evaluate Windows Configuration Designer

to see how it can be used to provision settings on
a Windows 10 device.
23
09/12/2018
Lab Review
• What type of project can you create in Windows

Configuration Designer?
Lesson 6: Managing volume activation
• What is activation?
• Technologies for volume license activation
• How does activation based on AD DS work?
• How KMS activation works
• Volume activation management
• Subscription models
24
09/12/2018
What is activation?
• Activation confirms product and product key status

• Activation establishes a relationship between the
product key and an installation on a specific device:
• Assures software integrity
• Provides full updates and support
• License compliance
• If hardware changes, reactivation is required

• Three main methods for activation:
• Retail
• OEM
• Microsoft Volume Licensing (volume activation)
Technologies for volume license activation
• Volume activation:
• Provides simple, security-enhanced activation for
enterprise organizations
• Addresses issues that are associated with VLKs in
previous Windows operating system versions
• Volume activation models:
• Active Directory-based activation
• KMS
• MAK
25
09/12/2018
How does activation based on AD DS work?
3
2
How KMS activation works
1. A KMS key is installed on the KMS host

2. The KMS host activates by contacting Microsoft-hosted
activation services
3. During installation, the KMS host automatically
publishes its existence and location in DNS in the form
of a SRV resource record
4. Client computers locate the KMS host dynamically by
using SRV resource records found in DNS and:
a. The client sends remote procedure calls to the KMS host on port
1688 over TCP/IP (the default setting)
b. The KMS host adds the client computer ID to a table and returns the
activation count to the client
c. The client evaluates the activation count against the license policy
and activates if the threshold is met
26
09/12/2018
How KMS activation works
KMS host returns the activation

count to the KMS client
Volume activation management
• VAMT:
• Allows you to manage activation of supported Microsoft
products centrally
• Helps identify products with problematic licensing states
• Volume Activation Management Tool console
• Volume Activation Services server role:

• Active Directory-based activation
• KMS
• Volume Activation Tools console snap-in
27
09/12/2018
Subscription models
Enterprise subscription plans are available for

Windows 10 Anniversary Update or newer
• Designed for small and medium-sized organizations
without an Enterprise Agreement
• Windows 10 Enterprise E3 and Windows 10 Enterprise E5
subscriptions
• Windows 10 Pro, Anniversary Update (or newer) seamlessly
upgraded to Windows 10 Enterprise
• Windows 10 Enterprise E5 subscription includes Windows Defender
Advanced Threat Protection
• Also available as part of the Secure Productive Enterprise
offering
Module Review and Takeaways
• Review Questions
28
09/12/2018
Module 2
Performing post-installation
configuration
Module Overview
• Overview of management tools

• Customizing the user interface
• Managing devices, device drivers, and services
• Configuring features, mobility, and power options
• Overview of Client Hyper-V
29
09/12/2018
Lesson 1: Overview of management tools
• The Settings app

• Using the Control Panel
• What is Windows PowerShell?
• Using Windows PowerShell
• Remote server administration tools
• Scheduling tasks
• Demonstration: Configuring a device
The Settings app
30
09/12/2018
Using the Control Panel
What is Windows PowerShell?
Windows PowerShell is an administrative tool that

provides:
• Operating-system integration
• Remote management functionality
• Script-based execution
31
09/12/2018
Using Windows PowerShell
• Windows PowerShell is a command-line shell

designed for system administration:
• Windows PowerShell drives provide access to:
o The file system
o The registry
o Variables in memory
• Cmdlets:
o Have a verb-noun format
o Might have parameters
o Example: Start-Service –Name “Application Identity”
• You can use Windows PowerShell to efficiently
perform bulk operations
Remote server administration tools
With RSAT, you can perform remote management

of your server infrastructure
RSAT includes:
• Management console snap-ins
• Windows PowerShell modules
32
09/12/2018
Scheduling tasks
Demonstration: Configuring a device

• Explore and use the Settings app
• Explore and use the Control Panel
• Open and use Windows PowerShell
33
09/12/2018
Lesson 2: Customizing the user interface
• The new user interface

• Demonstration: Navigating the user interface
• Customizing the new user interface
• Demonstration: Customizing the Windows 10
Start menu
• Configure Ease of Access
• Configure Notifications
• Configure Cortana
The new user interface
Changes to the user interface include

improvements to:
• The sign-in screen
• Start
• Action Center
• Settings
34
09/12/2018
35
09/12/2018
Demonstration: Navigating the user interface
In this demonstration, you will see how to navigate

the user interface
36
09/12/2018
Customizing the new user interface
You can perform the following customizations from

Start:
• Managing tiles from Start:
• Add tiles
• Remove tiles
• Pin items to taskbar
• Resizing tiles:
• Configure Live Tiles
• Grouping tiles
37
09/12/2018
38
09/12/2018
Demonstration: Customizing the Windows 10 Start menu
In this demonstration, you will see how to

customize Start
Configure Ease of Access
39
09/12/2018
Configure notifications
Configure Cortana
40
09/12/2018
Lesson 3: Managing devices, device drivers, and services
• Windows 10 architecture
• Device drivers, driver package, and drive store
• Tools for managing devices
• Signed drivers
• Demonstration: Managing device drivers
• Operating system services
• Identifying failed services
• Disabling services
Windows 10 architecture
Windows Store
apps
UWP apps Desktop apps Apps
.NET Framework /
Windows RT APIs
Win32 System
services
Executive services
Device drivers Operating

system
Windows kernel kernel
41
09/12/2018
Device drivers, driver package, and drive store
• Device drivers run in kernel mode and can access all

system resources
• Drivers enable interaction between the operating
system and hardware
The driver package is a set of device driver files

that include:
• Device setup information (.inf file)
• DLLs (.sys, .dll files)
• Driver catalog with signature (.cat file)
The driver store is a device driver repository and:
• The driver package must be added to the driver store first
• Is a trusted location from which users can install drivers
Tools for managing devices

• Use Device Manager to:
• View devices, their drivers,
details, settings, and events
• Enable and disable devices
• Install, update, uninstall, and roll
back device drivers
• Troubleshoot device issues
• Manage devices locally only
• Other tools include:

• Windows PowerShell
• DevCon.exe tool
• Remote Desktop or Windows

PowerShell remoting
42
09/12/2018
Signed drivers
• Windows 10:
• 32-bit warns you if a driver is not signed
• 64-bit requires signed drivers
• Driver signing does not modify driver functionality
Demonstration: Managing device drivers

• Update a device driver
• Roll back a device driver
• Install a driver into the driver store
43
09/12/2018
Operating system services
Operating system services:

• Load and run in the background without user
intervention
• Support application requests, for example, when
an application needs to open a file, it relies on a
system service to retrieve that file from the disk
• Can make calls to device drivers when a request is
sent to a physical device
Identifying failed services
Windows 10 provides a number of ways of locating

service-related problems:
• Event Viewer
• Log files
• Stop codes
• Action Center
44
09/12/2018
Disabling services
Depending on the circumstances, you can disable a

service in one of the following ways:
• Safe mode
• Command Prompt
• System Configuration tool
Lab A: Managing devices
• Exercise 1: Installing a device driver

• Exercise 2: Resolving the device driver problem
Logon Information
20698B-LON-CL1
Password: Pa55w.rd
45
09/12/2018
Lab Scenario
The help desk has received a number of trouble

tickets that relate to installation of device drivers.
Your manager has asked you to research why so
many problems relate to devices and to suggest a
possible solution. You must troubleshoot the
problems, and then implement a solution within
your corporate network.
Lab Review
• Why did you have to configure picture password

as a sign-in option?
• You want to install a driver into the driver store.
How would you go about doing that?
46
09/12/2018
Lesson 4: Configuring features, mobility, and power

options
• Adding Windows features

• Configuring regional settings
• Options for mobile devices
• Configuring power options
• Configuring power options with the Settings app
Adding Windows features
Control Panel:
Windows PowerShell:
• Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Dism.exe command-line tool:

• DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V
47
09/12/2018
Configuring regional settings
Configuring regional settings
48
09/12/2018
Options for mobile devices
• Includes:
• Laptops and notebooks
• Tablets
• Windows 10 Mobile
• Settings app
• Display, Power, Tablet mode
• Action Center
• Quick Actions
Configuring power options

Found in the Power & Sleep page of the System section in
the Settings app
Power plan Energy Screen brightness System activity
usage
Balanced Medium Can turn off display Measures ongoing activity,
after a specified and, when in use, continues
amount of time to provide full power to all
system components
Power Saver Least By default, after five Saves energy by reducing
minutes of inactivity, system performance
the display will power whenever possible
off
High Highest Sets the screen at its Keeps the system’s disk drive,
performance highest brightness memory, and processor
continuously supplied with
power
49
09/12/2018
Configuring power options with the Settings app
Configuring power options with the Settings app
50
09/12/2018
Lab B: Configuring features and power options
• Exercise 1: Turning on Windows features with

Control Panel
• Exercise 2: Managing installed Windows features
• Exercise 3: Configuring power options
Logon Information
20698B-LON-CL1
20698B-LON-CL4
Password: Pa55w.rd
Lab Scenario
You must configure the sales manager’s laptop to

optimize power options. In addition, the sales
manager requires you to install some additional
Windows features, so that she can present
demonstrations at customer sites.
51
09/12/2018
Lab Review
• In the lab, you used both Windows PowerShell

and Control Panel to manage Windows features.
What is the other tool that can you use?
Lesson 5: Overview of Client Hyper-V
• What is Client Hyper-V?

• Overview of nested virtualization
• How to install Client Hyper-V
• Client Hyper-V settings
• Virtual machine security
52
09/12/2018
What is Client Hyper-V?
• Client Hyper-V is a Windows 10 feature that enables virtualization

• Runs multiple operating systems on a single physical computer
• Client Hyper-V features:
• Shares features with Hyper-V in Windows Server 2012 R2
• Support for 32-bit and 64-bit VMs
• Client Hyper-V requirements:
• 64-bit processor with SLAT, DEP, and hardware-assisted virtualization
• 64-bit version of Pro, Enterprise, or Education editions of Windows 10
• At least 4 GB memory
• Client Hyper-V management tools:
• Hyper-V Manager
• Virtual Machine Connection tool
• Hyper-V module for Windows PowerShell
• Isolated user mode protects sensitive code from a possibly compromised
operating system kernel
Overview of nested virtualization
• Nested virtualization allows you to run Hyper-V

and deploy VMs within an existing guest VM that
run a compatible operating system
• Containers are isolated environments in which you
can deploy an application and its dependencies
• Windows Containers share the host operating
system’s kernel
• Hyper-V Containers have their own isolated
kernels
53
09/12/2018
How to install Client Hyper-V
• Client Hyper-V installs as a

Windows feature by using one of
the following methods:
• Turning Windows features on
or off in Control Panel
• Enable-
WindowsOptionalFeature
cmdlet
• Dism.exe command
• Restart is required after
installation
• Hypervisor is installed
• After the installation, additions to
the computer include:
• Hyper-V management tools
• Performance Monitor counters
• Event Viewer logs
• Windows Firewall rules
Client Hyper-V settings
54
09/12/2018
Virtual machine security
• Windows Defender Device Guard locks down a device so

that it only runs applications that are signed digitally
• Windows Defender Credential Guard provides a defense
against “pass the hash” attacks
• Device Health Attestation helps to ensure that devices
connecting to your networks meet security and
compliance requirements
• Virtual Machine Secure Boot protects the integrity of the
VM’s boot environment
• TPM allows the VM to use a host computer’s TPM and to
be encrypted using BitLocker
• Shielded VMs can only be run on hosts that support
encrypted VMs
55
09/12/2018
Module 5
Managing Windows 10 with
Group Policy
Module Overview
• Overview of Group Policy

• Configuring Windows 10 devices with GPOs
56
09/12/2018
Lesson 1: Overview of Group Policy
• How Group Policy is applied in an enterprise

environment
• Managing Group Policy inheritance
• Filtering Group Policy settings
• Determining Group Policy results
• Managing Group Policy from the desktop
• Demonstration: Configuring GPOs
How Group Policy is applied in an enterprise

environment
• Group Policy enables administrators to automate configuration of
Windows operating systems for users and computers
• A GPO is a collection of Group Policy settings that apply
configuration settings to a user, a computer, or both
• A GPO is stored in both SYSVOL and AD DS
• You can use Group Policy to:
Apply standard
configurations
Deploy software
Enforce security settings
Enforce a consistent
desktop environment
57
09/12/2018
Managing Group Policy inheritance
• The application of GPOs that are linked to each container

results in a cumulative effect called inheritance:
• Default precedence: Local  Site  Domain  OU  OU…
• View on the Group Policy Inheritance tab
• Link order (attribute of a GPO link):

• Lower number = higher on list = precedent
• Block Inheritance (attribute of a domain or OU):

• Blocks the processing of GPOs from above
• Enforced (attribute of GPO link):

• Enforced GPO links override Block Inheritance
• Enforced GPO settings override conflicting settings in lower
GPOs
Filtering Group Policy settings
• Security filtering:
• A GPO has an ACL that defines permissions to a GPO
(on the Delegation tab, click Advanced)
• By default, the Authenticated Users group has two
permissions: Allow Read and Allow Apply Group Policy
• Two ways of filtering:
• Scope only to users in selected global groups
• Scope to users except for those in selected groups
• WMI filters:
• Use WMI queries to filter which GPOs apply based on
settings on the local client
• WMI query example:
• Select * FROM Win32_OperatingSystem WHERE
Version="10.0.10240"
58
09/12/2018
Determining Group Policy results
Managing Group Policy from the desktop
• GPUpdate:
• Refresh policies manually by using this command
• GPResult:
• Use this command to show the cumulative settings
applied
• By default, standard users only see user settings
• RSoP.msc:
• Use this tool to view a graphical representation of the
policies that are applied
• This tool displays settings only from the Policies node
and not the Preferences node
59
09/12/2018
Demonstration: Configuring GPOs

• Create a GPO
• Link a GPO to an OU
• Configure block inheritance
• Configure security filtering
• Create an RSoP report
Lesson 2: Configuring Windows 10 devices with GPOs
• Overview of administrative templates

• Managing administrative templates in the
enterprise
• New administrative template settings in
Windows 10
• Common desktop settings to manage
• Common security settings to manage
• Demonstration: Configuring Group Policy settings
60
09/12/2018
Overview of administrative templates
Administrative templates provide you with the ability to control both

the environment of the operating system and the user experience
Administrative Templates Administrative Templates

sections for computers: sections for users:
• Control Panel • Control Panel
• Network • Desktop
• Printers • Network
• Server • Shared Folders
• Start Menu and Taskbar • Start Menu and Taskbar
• System • System
• Windows components • Windows components
Each of these main sections contains many subfolders to help

you further organize settings
Managing administrative templates in the enterprise
• ADMX files:
• Are language-neutral; ADML files provide the localized
language
• Are not stored in the GPO
• Are extensible through XML
• The central store:
• Is a central repository for ADMX and ADML files
• Is stored in SYSVOL and must be created manually
• Is detected automatically by Windows Vista and newer
or Windows Server 2008 and newer operating systems
• Extend administrative templates by creating new
templates or by downloading available templates; for
example, administrative templates for Microsoft Office
61
09/12/2018
New administrative template settings in Windows 10
• Windows 10 Creators Update has many new or

changed settings in Administrative Templates
• Some of these settings fall under the following
main categories:
• Microsoft Edge
• Windows Hello
• Windows Defender
• Windows Update
• Refer to the following spreadsheet for more

details:
• Windows10andWindows2016PolicySettings.xlsx
Common desktop settings to manage
• Desktop wallpaper
• Screen saver settings
• File Explorer settings
• Run these programs at user logon
• Display highly detailed status messages
• Windows Update settings
• Browser settings
62
09/12/2018
Common security settings to manage
• Account policies:
• Password and account lockout policies
• User rights:
• Allow log on locally, change the system time, force shutdown from a remote
system
• Security options:
• Accounts: Rename administrator account, Interactive logon: Do no display last
username
• System services:
• Control startup mode of services
• Windows Firewall with Advanced Security:
• Create new firewall rules, control firewall state, and export or import .wfw files with
firewall configurations
• Public Key policies:
• Automatic enrollment for computer certificates, Add trusted root certificates for
groups of computers, and Designate EFS recovery agent accounts
• AppLocker:
• Create AppLocker rules and configure AppLocker enforcement
Demonstration: Configuring Group Policy settings

• Configure some of the Administrative Template
settings for users and computers
• Configure security settings
63
09/12/2018
Lab: Configuring Group Policy Objects and settings
• Exercise 1: Managing Windows 10 by using

Group Policy
Logon Information

20698B-LON-CL1
20698B-LON-CL2
Password: Pa55w.rd
Lab Scenario
The IT department at A. Datum Corporation just

received the latest requirements for managing
computers that are running Windows 10. Some
departments in the company use more than 100
computers, and some of these computers require
specific settings. You are provided these
requirement details and you need to configure
Group Policy settings to achieve these
requirements.
64
09/12/2018
Lab Review
• Which policy settings do you deploy by using

Group Policy in your organization?
• Many organizations rely heavily on security group
filtering to scope GPOs rather than linking GPOs
to specific OUs. In these organizations, GPOs
typically are linked high in the Active Directory
logical structure—usually to the domain itself or
to a first-level OU. What advantages do you gain
by using security group filtering rather than GPO
links to manage a GPO’s scope?
• Best Practice
• Common Issues and Troubleshooting Tips
65
09/12/2018
Module 6
Implementing remote
management
Module Overview
• Using Remote Desktop

• Using Remote Assistance
• Remoting with Windows PowerShell
66
09/12/2018
Lesson 1: Using Remote Desktop
• Overview of Remote Desktop

• Redirecting local devices and resources
• Configuring Remote Desktop by using Group
Policy
Overview of Remote Desktop
• A built-in feature that

people use to access
computers from other
devices that support
RDP
• Used by administrators
to connect to remote
devices for
management purposes
67
09/12/2018
Redirecting local devices and resources
Configuring Remote Desktop by using Group Policy
68
09/12/2018
Lesson 2: Using Remote Assistance
• Using Remote Assistance to assist users

• Remote Assistance in Windows 10
• Solicited remote assistance
• Configuring Remote Assistance by using GPOs
Using Remote Assistance to assist users
Remote Assistance enables you to:

• View a remote desktop
• Create a chat session
• Control desktops remotely
69
09/12/2018
Remote Assistance in Windows 10
Solicited remote assistance
70
09/12/2018
Configuring Remote Assistance by using GPOs
Lesson 3: Remoting with Windows PowerShell
• Running cmdlets against remote computers

• Overview of Windows PowerShell remoting
• Remoting requirements
• Processing remote commands
• Constrained Windows PowerShell endpoints
• Managing Windows PowerShell remote sessions
• Running remote commands
• Demonstration: Using Windows PowerShell
remoting
71
09/12/2018
Running cmdlets against remote computers
When you run cmdlets against remote computers:

• Some cmdlets have a ComputerName parameter
• You do not have to configure the computers for
Windows PowerShell remoting or fulfill the system
requirements for remoting when you use cmdlets
that support the ComputerName parameter
Overview of Windows PowerShell remoting
• Remoting features of Windows PowerShell are built on

Windows Remote Management
• Run an individual command or create a persistent
connection or session to run a series of commands
• Remote administration is known also as remoting
• Three types of remoting:
• One-to-many (fan-out)
• One-to-one
• Many-to-one (fan-in)
72
09/12/2018
Remoting requirements
To enable remoting, use the following procedure:

1. Verify the status of the Windows Remote
Management service:
Winrm quickconfig
2. Enable remoting:
Enable-PSremoting -force
Processing remote commands
1. The local computer sends the Windows PowerShell command to the

remote computer by using the Windows Remote Management protocol
2. The command runs in Windows

PowerShell on the remote computer
3. Command results are sent back by using the Windows Remote Management
protocol, and they display in Windows PowerShell on the local computer
• All of the local input to a remote command is collected before

any of it is sent to the remote computer
• The output is returned to the local computer as it is generated
73
09/12/2018
Constrained Windows PowerShell endpoints
• Constrained Windows PowerShell Endpoints allow

you to limit which Windows PowerShell cmdlets
can be run during a remote Windows PowerShell
session
• Session Configuration files determine which
Windows PowerShell cmdlets can be run during
the session
Managing Windows PowerShell remote sessions
Two types of Windows PowerShell remote sessions:

• Temporary session:
• Start a temporary session by using the Invoke-Command
cmdlet with the ComputerName parameter
• A temporary connection is created for the command and the
connection closes when the command completes
• Persistent session:
• Open a new Windows PowerShell session on the remote
computer, connect to the computer, and then enter the session:
• The New-PSSession cmdlet creates the Windows PowerShell
session
• The Invoke-Command cmdlet enables cmdlets to be run
within the Windows PowerShell session
• You can run as many commands as desired during the session
• You must manually close the Windows PowerShell session by
using the Exit-PSSession cmdlet
74
09/12/2018
Running remote commands
• To run a remote command on multiple computers:

• Create a session object for multiple computers using
New-PSSession and specifying multiple computers
using the ComputerName parameter
• Use the ComputerName parameter to specify multiple
computers for Invoke-Command
• To run a local script on remote computers:

• Use the FilePath parameter of the Invoke-Command
cmdlet
Demonstration: Using Windows PowerShell remoting
In this demonstration, you will see a variety of ways

in which you can run Windows PowerShell cmdlets
on a remote computer
75
09/12/2018
Lab: Implementing remote management
• Exercise 1: Using Remote Desktop

• Exercise 2: Using Remote Assistance
• Exercise 3: Using Windows PowerShell remoting
Logon Information
20698B-LON-CL1
20698B-LON-CL2
Password: Pa55w.rd
Lab Scenario
The IT manager has called a meeting with the

help-desk staff. The manager explains that,
whenever possible, staff should use remote
management techniques to help resolve users’
computer problems. This helps resolve problems
more quickly and helps to reduce support costs.
She also asks about the practical aspects of using
Windows PowerShell remotely to manage client
computers that run on Windows 10. To determine
the best method for doing this, you will run tests
using both Windows PowerShell and Windows
PowerShell ISE.
76
09/12/2018
Lab Review
• What are some of the differences between

Remote Desktop and Remote Assistance?
• Which cmdlets can you run against a remote
computer if the computer has not been
configured to support remoting?
77
09/12/2018
Module 7
Managing storage
Module Overview
• Overview of storage options

• Managing disks, partitions, and volumes
• Maintaining disks and volumes
• Managing Storage Spaces
• Implementing and managing OneDrive
• Working with virtual hard disks
78
09/12/2018
Lesson 1: Overview of storage options
• Local and network storage options

• Network storage options
• Cloud-based storage
Local and network storage options
• Local hard disk:

• SSD
• Hard disk drive
• Virtual hard disk:

• .vhd (up to 2 TB)
• .vhdx (up to 64 TB)
• Server-based storage:
• File server
• NAS
• SAN
79
09/12/2018
Network storage options
NAS SAN
NAS device
Servers
Local area
network
(Ethernet)
Switches
File-level access
(CIFS, NFS)
File server
Network Storage devices
Cloud-based storage
• Microsoft OneDrive:
• 5 GB free storage
• Office 365 customers get at least 1 TB storage
• Automatic copy of camera roll from phones and tablets
• OneDrive and Windows 10:

• Synchronization of selected folders to devices
• No smart files
• Azure Storage:
• Blob storage
• Table storage
• Queue storage
• File storage
80
09/12/2018
Lesson 2: Managing disks, partitions, and volumes
• MBR and GPT disks

• Dynamic disks
• Disk Management tools
• Simple volumes
• Mirrored, spanned, and striped volumes
• Demonstration: Creating volumes
• Managing existing volumes
• Demonstration: Resizing a volume
• Managing removable storage
MBR and GPT disks
MBR disk:
• Contains the partition table for the disk and a small amount of
executable code called the master boot code
• Is on the first sector of the hard disk and is created when a
disk is partitioned
• Supports a maximum of four partitions of 2 TB each
GPT disk:
• Contains an array of partition entries describing the start and
end LBA of each partition on a disk
• Supports up to 128 partitions and a theoretical 18-exabyte
size
• Enhances reliability
• Supports boot disks on 64-bit Windows operating systems
and UEFI systems
81
09/12/2018
Dynamic disks
• Consist of multi-disk volumes:

• Spanned
• Striped
• Mirrored
• Can contain up to 1024 volumes

• Can be created from basic disks without data loss
• Require all volumes to be deleted when you
convert them to basic disks
• Can be managed by using DiskPart or Disk
Management
• There are no Windows PowerShell cmdlets for managing
dynamic disks
Disk Management tools
• Disk Management
• DiskPart
• Windows PowerShell 5.0
82
09/12/2018
Disk Management snap-in:

• GUI
• Manage disks and volumes, both basic and
dynamic, locally or on remote computers
• Simple partition creation
83
09/12/2018
DiskPart:
• Scriptable command-line utility:
• DiskPart /s script to run a DiskPart script
• Create scripts to automate disk-related tasks
• Always runs locally
• Run commands from the DiskPart command
prompt:
• list disk displays the disks on a system
• select disk disknumber is used to select the disk to
manage
• convert gpt converts the selected disk to the GPT
format
Windows PowerShell 5.0:

• Is the newest version of Windows PowerShell
• Has native disk management commands
• Can be used to script disk-related tasks
Cmdlets:
• Get-Disk selects a disk
• Initialize-Disk prepares a disk for use
• Set-Disk sets disk parameters, such as partition style
84
09/12/2018
• You can use DiskPart or Windows PowerShell to

convert partition styles
MBR GPT
Simple volumes
• A simple volume that encompasses available free space on a

single, basic, or dynamic hard disk drive
• Can be extended if contiguous space is free on the same disk
• If you extend the volume into noncontiguous space, the disk will
be converted to dynamic if it is a basic disk
85
09/12/2018
Mirrored, spanned, and striped volumes
Join areas of unallocated space on disks into a single logical disk

• Mirrored:
• Disk space is allocated once and used simultaneously
• Spanned:
• Disk space is added and used sequentially
• Striped:
• Disk space is allocated once and used equally across every physical disk in
the striped set
Demonstration: Creating volumes
In this demonstration, you will see how to create

volumes in Windows 10
86
09/12/2018
Managing existing volumes
• Resize a volume to create additional, unallocated

space to use for data or apps on a new volume
• Shrink simple and spanned dynamic disks to:
• Extend a simple volume on the same disk
• Extend a simple volume to include unallocated space on
other disks on the same computer
• Before shrinking:
• Defragment the disk
• Ensure that the volume you want to shrink does not
contain any page files
Demonstration: Resizing a volume

• Shrink a volume by using Windows PowerShell
• Extend a volume by using Disk Management
87
09/12/2018
Managing removable storage
• Removable storage is:

• Convenient
• Widely used
• You might need to format the device before use

• Removable storage is highly insecure:
• Consider implementing encryption for removable storage
• Consider blocking the use of removable storage for
highly sensitive environments by using GPOs
Lesson 3: Maintaining disks and volumes
• Monitoring storage usage

• Demonstration: Using Storage
• Disk fragmentation
• Demonstration: Performing disk maintenance
• File and folder compression
• Demonstration: Compressing files and folders
• What are disk quotas?
• Demonstration: Configuring disk quotas
88
09/12/2018
Monitoring storage usage
• The Storage feature:

• Presents an overview of storage usage by:
• Drive (internal, external, and OneDrive)
• 13 categories including System, Apps, Music, and Pictures
• Enables you to choose the drive to which you want to
save new files, such as:
• Apps
• Music
• Documents
• Videos
• Pictures
89
09/12/2018
90
09/12/2018
Demonstration: Using Storage
In this demonstration, you will see how to use

Windows 10 Storage
Disk fragmentation
• Disk fragmentation can:

• Lead to both fragmented files and fragmented free
space
• Lead to poor performance of a disk subsystem
• You can schedule defragmentation to run

automatically by default
• You can run defragmentation at
the command prompt
91
09/12/2018
Demonstration: Performing disk maintenance
In this demonstration, you will see how to

defragment drives
File and folder compression
The NTFS file system uses NTFS file compression to compress files,
folders, and volumes:
• Uses compression to save disk space
File prior to
• Does not use compression compression
for system files and folders
• Compression is configured as
an NTFS attribute
• NTFS calculates disk space
based on uncompressed
file size
• Applications that open a
compressed file only see the
uncompressed data File after
compression
92
09/12/2018
File and folder compression
A Within an NTFS partition B Within an NTFS partition
Copy Move
Inherits compression state Retains its original

of the target folder compression state
C From NTFS partitions To NTFS partitions
Copy
Move
Inherits compression state of
the target folder
D From NTFS partition To FAT partition
Copy
Move No compression
Demonstration: Compressing files and folders
In this demonstration, you will see how to compress

files in a folder
93
09/12/2018
What are disk quotas?
• A disk quota allows you to

limit disk space usage on a
volume for each user
• Disk quotas can help you:
• Track and restrict disk
consumption
• Proactively monitor available
space
• Determine who is consuming
available space
• Plan for storage-capacity
increase
Demonstration: Configuring disk quotas

• Enable disk quotas
• Create files
• Check disk quotas usage
94
09/12/2018
Lesson 4: Managing Storage Spaces
• What is the Storage Spaces feature?

• Features of Storage Spaces
• Scenarios for Storage Spaces
• Demonstration: Configuring Storage Spaces
What is the Storage Spaces feature?
• Use Storage Spaces to add physical disks of any type and

size to a storage pool, and then create highly available
virtual disks from the storage pool
• To create a storage space, you need the following:

• One or more physical disks
• A storage pool that includes the disks Disk drive
• Storage space that is created with disks from
the storage pool Storage space
• Disk drives that are based on storage spaces
Storage pool
Physical disks
95
09/12/2018
What is the Storage Spaces feature?
Features of Storage Spaces
Feature Options
Storage layout • Simple
• Two-way or three-way mirror
• Parity
Provisioning schemes • Thin vs. fixed provisioning
96
09/12/2018
Scenarios for Storage Spaces
• Thin-provisioning scenario:
• Easier storage growth
• Add disks when the need arises
• Reliable storage scenario:

• Fault tolerance
• No data loss
• High-performance scenario:
• Parity resilience gives better performance with SSDs
• Usable for video editing and other high disk I/O
scenarios
Demonstration: Configuring Storage Spaces

• Clear disks in Windows PowerShell
• Create a storage space
• Modify an existing storage space
97
09/12/2018
Lab: Managing storage
• Exercise 1: Adding a disk

• Exercise 2: Creating a simple volume
• Exercise 3: Creating a storage space
Logon Information
20698B-LON-CL2
User names: Adatum\Administrator
Adatum\Claire
Password: Pa55w.rd
Lab Scenario
Claire in the IT department has purchased several

storage devices and she wants you to make them
available for use in her Windows 10 device.
You have bought a number of hard disk drives and
SSDs, and your task is to create a storage solution
that can fully utilize these new devices. You decide
to implement a storage solution based on the
Storage Spaces feature.
98
09/12/2018
Lab Review
• When would you use a spanned volume instead of

a simple volume? Is there a better solution in
Windows 10?
Lesson 5: Implementing and managing OneDrive
• What is OneDrive?
• Enabling OneDrive
• Sharing data with OneDrive
• Synchronizing settings with OneDrive
99
09/12/2018
What is OneDrive?
Microsoft provides two user-based cloud storage solutions:

• OneDrive:
• A consumer-oriented solution that is free to use
• Allows 5 GB per user
• Is available for all platforms
• IT administrators cannot manage the data
• OneDrive for Business:
• Is a business-oriented solution based on a SharePoint
platform
• Allows 1 TB per user
• Is part of Office 365 or SharePoint Online
• IT administrators manage the data
• Provides more advanced file management and
synchronization options
Enabling OneDrive
• You must have a Microsoft account to sign in to

OneDrive
• The OneDrive app for desktop provides options
for file and folder sync
• In the online version of OneDrive, you can:
• Buy more storage
• Access the Recycle Bin
• Access file version history
• Configure sharing
• You can restrict access to OneDrive by using

Group Policy, or by creating a URL block list on the
edge firewall
100
09/12/2018
Sharing data with OneDrive

• You can share files and folders publically, or
securely share with specific individuals or groups
• You can grant individuals or groups permissions to
a file or folder via email invite
• You can post links to social media
• You can publish items directly to social media
• OneDrive has three default folders:

• Documents. This folder is not shared
• Pictures. By default, this folder is not shared
• Public. Everyone can view items in this folder
Synchronizing settings with OneDrive
101
09/12/2018
Lesson 6: Working with virtual hard disks
• What is a virtual hard disk?

• Creating and managing virtual hard disks
• Configuring boot from a virtual hard disk
What is a virtual hard disk?
• Virtual hard disks are files that you can use the same
way as physical hard disks
• You can:
• Configure .vhd, .vhdx, or .vhds files
• Configure computers to start from a virtual hard disk
• Transfer virtual hard disks from Client Hyper-V servers,
and start computers from a virtual hard disk
• Use virtual hard disks as a deployment technology
102
09/12/2018
Creating and managing virtual hard disks
• You can create and manage virtual hard disks with:

• Hyper-V Manager
• Disk Management
• Diskpart.exe
Configuring boot from a virtual hard disk
You can configure Windows 10 to startup from a

virtual hard disk:
1. Create an MBR-based virtual hard disk
2. Create a simple volume on the disk
3. Apply the Windows 10 deployment image
4. Configure your computer to startup from the
virtual hard disk
5. Restart your computer
103
09/12/2018
Module 8
Managing files and resources
104
09/12/2018
Module Overview
• Overview of file systems

• Configuring and managing file access
• Managing shared folders
• Work Folders
• Managing printers
Lesson 1: Overview of file systems
• The FAT file system

• The NTFS file system
• The ReFS file system
105
09/12/2018
The FAT file system
• Supported by most operating systems

• Used for small volumes with simple folder
structure
• Often used for removable media
• Windows 10 supports FAT, FAT32, and exFAT
• Maximum volume size, cluster size, and number of files
• Does not support security and other NTFS
features
The NTFS file system
• Default file system in Windows 10

• Supports many features not available
with FAT:
• Security and auditing
• Large volumes
• Quotas
• Compression
• Encryption
• Reliability
• Other advanced features
106
09/12/2018
The ReFS file system
• Provides the highest level of resiliency and

scalability
• Can be used only on mirrored storage spaces:
• Automatically detects and corrects
errors
• Two-way or three-way mirror
• Supports security and auditing

• Does not support:
• Compression
• Quotas
• Encryption
• Volume shrinking
Lesson 2: Configuring and managing file access
• Tools used for managing files and folders

• File and folder permissions
• Overview of permission inheritance
• Demonstration: Securing files and folders with file
permissions
• Effective permissions
• Copying and moving files
107
09/12/2018
Tools used for managing files and folders
108
09/12/2018
• Command prompt
• cd or chdir to change the parent directory
• del, md, move, and other commands to manage files
and folders
• icacls to display and modify permissions
• Set-Location, Remove-Item, and other cmdlets
• Same aliases as command-prompt commands
• Set-ACL to manage file permissions
File and folder permissions
• Control access on the NTFS and ReFS file systems

• Can be added for groups, users, and computers
• Cumulative for group members
• Can be assigned to:

• Files
• Folders
• Volumes (root folder)
• Permissions can be:

• Allow
• Deny (takes precedence)
• Basic and advanced
109
09/12/2018
File and folder permissions
Overview of permission inheritance
110
09/12/2018
Demonstration: Securing files and folders with

file permissions

• Configure file permissions
• Identify the difference between basic and
advanced file permissions
• Manage permission inheritance
Effective permissions
111
09/12/2018
Effective permissions
Copying and moving files
Copy
Copy
Move
Move
• When you copy files and folders, they always

inherit the permissions of the destination folder
• When you move files and folders within the same
volume, they keep their explicit permissions
• When you move files and folders to a different
volume, they inherit the permissions of the
destination folder
112
09/12/2018
Copying and moving files
(C:) (D:) Full Control
Users Data
None
Mary Move
Modify
FileA
Public
Copy
FileA
Move
Group 1
Lesson 3: Managing shared folders
• What are shared folders?

• Methods available to share folders
• Shared folder properties
• Discussion: Combining shared folder and NTFS file
permissions
• Demonstration: Sharing folders
113
09/12/2018
What are shared folders?
• Shared folders are accessible over a network

• You can share only volumes and folders
• Share permissions control access over a network
• They do not apply if users access the content locally
• You must have administrative permissions to
create a share
• There are many ways to view shared folders:
• File Explorer
• The Shared Folders snap-in
• Net view\\computername
• The Get-SmbShare cmdlet
• You can access a shared folder by using its UNC
address
Methods available to share folders
You can share folders by using several methods,

including:
• File Explorer
• The Shared Folders (Computer Management)
snap-in
• Commands at a command prompt
114
09/12/2018
File Explorer
Shared Folders (Computer Management)
115
09/12/2018
Command prompt
Windows PowerShell
Shared folder properties
116
09/12/2018
Shared folder properties
Discussion: Combining shared folder and NTFS

file permissions
• Can users read File1?
• Can users write to File1?
• Can users take ownership of
File1?
Folder1 File1
117
09/12/2018
Demonstration: Sharing folders

• Share a folder
• Configure share properties
• Access a share
Lab A: Creating, securing, and sharing a folder
• Exercise 1: Creating, securing, and sharing a folder
Logon Information
20698B-LON-CL1
20698B-LON-CL2
Adatum\Annie
Adatum\Beth
Password: Pa55w.rd
118
09/12/2018
Lab Scenario
In your organization, users in the Marketing and

IT departments share computers and require
permissions to shares on those computers. In
this lab, you will create shared folders by using
Network File and Folder Sharing and Advanced
Sharing. You will then configure permissions such
that users can access content only on their
departmental share. You also will test local and
network permissions to the shared folder, and
then use the Effective Permissions tool to verify
user permissions.
Lab Review
• When you share a folder, what is the difference

between using Network File and Folder Sharing
and using the Advanced Sharing feature?
• Can you view effective access permissions on
NTFS and FAT32 volumes?
119
09/12/2018
Lesson 4: Work Folders
• What are Work Folders?

• Components of Work Folders
• Configuring Work Folders
• Demonstration: Enabling Work Folders
What are Work Folders?
• Allow users to access their individual data

• Users can access only their own Work Folders
• Enable data to be stored centrally on traditional file
servers
• File servers must be running Windows Server 2016 or newer
• Allow users to use multiple devices for access, regardless
of whether the devices are domain-joined
• Allow access to company data from any location with
network connectivity
• A local copy is available on the device, which users can access
when there is no network connectivity
• Ensure compliance with the company policy
• Access control, quotas, file screening, classification, and more
• You can encrypt local data copy and wipe it remotely
120
09/12/2018
Components of Work Folders

• A Work Folders server
• Install the File and Storage Services role
• Add an additional access protocol
• Use Server Manager for a consolidated view of sync activity
• A sync share
• Multiple sync shares per Work Folders server
• Users can associate with a single sync share
• Define a device policy per sync share
• User devices
• Files stay in sync across all user devices
• Local changes sync to the server and then to other devices
• Windows 10 and Windows 8.1 support Work Folders
• Windows 7, Android, iPad, and iPhone clients are available
Components of Work Folders
• Data directory
• Version tables
• Upload staging
directory
• User limited to a single Work Folder

• Client always initiates a sync
• Device that applies the change is responsible for
version conflict resolution
• Data directory • Data directory

• Version database • Version database
• Download staging • Download staging directory
directory
121
09/12/2018
Configuring Work Folders
• Create a sync share on a file server

• You must install the Work Folders role service first
• You can deploy Work Folders in three ways:

• Manual
• Automatic discovery of the server, based on user email address
• Users need to enter the Work Folders server URL manually
• Opt-in
• Settings are delivered by using Group Policy, Configuration
Manager, or Microsoft Intune
• Users decide if they want to use Work Folders on a device
• Mandatory
• Settings are delivered by using Group Policy, Configuration
Manager, or Microsoft Intune
• No user action is required
Demonstration: Enabling Work Folders
In this demonstration, you will see how to deploy

Work Folders on a:
• Domain-joined Windows 10 device
• Workgroup Windows 10 device
122
09/12/2018
Lab B: Implementing Work Folders
• Exercise 1: Configuring Work Folders
Logon Information
20698B-LON-CL1
20698B-LON-CL4
Adatum\Annie
Admin
Password: Pa55w.rd
Lab Scenario
A. Datum Corporation uses the Active Directory

environment. Many users access company data on
company-owned computers, but an increasing
number of users bring their own devices to work.
They want to be able to access the same data by
using company-owned devices and their own
devices. Your task is to implement the Work
Folders feature, which will enable users to sync
their data between their devices.
123
09/12/2018
Lab Review
• Can a user access the same Work Folders from

domain-joined devices and workgroup devices?
• Can the same user connect to multiple Work
Folders?
Lesson 5: Managing printers
• Overview of printing components

• What are Type 4 printer drivers?
• Demonstration: Installing and sharing a printer
• Managing client-side printing
• Managing print server properties
124
09/12/2018
Overview of printing components
• Printing device
• A physical device that creates the print job output
• Printer port
• A port through which the printing device is connected
• Printer
• Windows 10 representation of the printing device
• Printer driver
• Used for communicating with the printing device and
processing print jobs
What are Type 4 printer drivers?
Benefits of Type 4 printer drivers:

• A single Type 4 driver can support
multiple devices
• Driver files are isolated,
preventing file-naming
conflicts
• Clients download drivers
from Windows Update
• Driver packages are smaller
and install faster
• You can deploy a printer
driver and the printer
user interface independently
125
09/12/2018
Demonstration: Installing and sharing a printer

• Add a printer
• Share a printer
• Modify a printer’s security
• Configure advanced properties
Managing client-side printing
Typical client-side printing tasks that you can manage:

• Modifying a printer’s properties
• Selecting a default printer
• Viewing and managing a print queue
• Pausing or resuming a printer
• Pausing, resuming, restarting, or canceling a print job
• Reordering print jobs in a print queue
126
09/12/2018
Managing client-side printing
Managing print server properties
You can use Print Management to manage print

servers:
• Add and delete printers, and add and manage drivers
• Manage print queues, and modify printer status
• Create custom filters
127
09/12/2018
Lab C: Managing printers
• Exercise 1: Managing and using a printer
Logon Information
20698B-LON-CL1
20698B-LON-CL2
Adatum\Beth
Password: Pa55w.rd
Lab Scenario
Marketing users want to add and share their local

printer. You need to show them how to use
Devices and Printers and Print Management to
add, share, and manage a printer. You also need to
demonstrate how to limit who can use a shared
printer.
128
09/12/2018
Lab Review
• How can you list printers with a connection to a

computer?
• By default, who can print on a newly created
printer?
• How can you determine which printer is the
default printer?
129
09/12/2018
Module 9
Deploying and managing apps
Module Overview
• Overview of apps in Windows 10

• The Microsoft Store and Microsoft Store for
Business
• Automating app deployment
• Configuring web browsers
130
09/12/2018
Lesson 1: Overview of apps in Windows 10
• Types of Windows 10 apps

• Managing app startup
Types of Windows 10 apps
• Desktop app installation:

• Is performed by using .exe or .msi installer files
• Can be automated
• Can be replaced by distributed app installation and execution methods in
larger environments
• Windows Store apps:
• Run on Windows 8 and later
• Can be installed from the Windows Store or sideloaded
• Universal Windows apps:
• Can install on multiple hardware platforms
• Desktop App Converter (in preview) can convert desktop apps to universal
apps
• RemoteApp apps:
• Enable apps to run remotely but display locally
• Enable apps to run on clients that do not meet app hardware requirements
• App-V apps:
• Apps stream to the desktop
• Enable multiple versions of apps to run without conflict
131
09/12/2018
Managing app startup
Lesson 2: The Microsoft Store and Microsoft

Store for Business
• What is the Microsoft Store?

• Updating Microsoft Store apps
• Microsoft Store for Business
• Managing access to the Microsoft Store
• Overview of sideloading apps
• Demonstration: Sideloading Microsoft Store apps
132
09/12/2018
What is the Microsoft Store?
Updating Microsoft Store apps
133
09/12/2018
Updating Microsoft Store apps
Microsoft Store for Business
• Microsoft Store for Business is a

portal that provides users
access to corporate apps
• Organizations must have an
Azure AD tenant
• Apps can be purchased from
the store for individuals or in
volume for the organization
• Apps are only supported on
Windows 10 devices
• Organizations can house their
LOB apps in a private store
• Developers can be allowed to
upload custom apps for your
organization
134
09/12/2018
Managing access to the Microsoft Store
• Users must sign in with a

Microsoft account to
download apps
• Preventing access to the
Windows Store requires:
• Editing the registry
or
• Blocking Microsoft accounts
• AppLocker can control
installation and execution
of certain apps from the
Windows Store
• App updates are installed
automatically by default
Overview of sideloading apps
135
09/12/2018
Demonstration: Sideloading Microsoft Store apps

• Enable sideloading
• Install a certificate
• Sideload an app
• Remove an installed Windows Store app
Lab A: Deploying and managing Microsoft Store apps
• Exercise 1: Sideloading an app
Logon Information
20698B-LON-CL1
LON-CL1\Admin
Password: Pa55w.rd
136
09/12/2018
Lab Scenario
Users in the Research department use a modern

app that was developed in-house. You want to
make this app available for all users, so you decide
to sideload the app to test its deployment.
Lab Review
• In the lab, you used a self-signed certificate for

validating the source of the app that you wanted
to sideload. What is wrong with using a self-
signed certificate?
137
09/12/2018
Lesson 3: Automating app deployment
• Installing desktop apps manually

• Installing desktop apps automatically
• Deploying and managing apps with GPOs
• Using Windows Configuration Designer to
deploy apps
• Demonstration: Deploying a universal app by
using Windows Configuration Designer
Installing desktop apps manually
138
09/12/2018
Installing desktop apps automatically
You can automate application installation in

Windows 10 by using:
• Group Policy software installation
• Microsoft Deployment Toolkit
• Configuration Manager
• Microsoft Intune
Deploying and managing apps with GPOs
Assign software
Advantages:
during
• No additional costs
computer
• No client software
configuration
required
• Quick and easy to Software
use distribution share
• Reduced IT training
costs
Disadvantages:
• No control over the
time taken for Publish software
installation and Assign software by using Programs
restart during user and Features
• Reporting limited to configuration
event log
• Only MSI installation Publish software
programs By using Extension
activation
139
09/12/2018
Using Windows Configuration Designer to deploy apps
Demonstration: Deploying a universal app by

using Windows Configuration Designer

• Create a package
• Configure the app
• Build the package
140
09/12/2018
Lab B: Deploying apps with Windows

Configuration Designer
• Exercise 1: Configuring a provisioning package

• Exercise 2: Deploying the package
• Exercise 3: Verifying deployment
Logon Information
20698B-LON-CL1
Adatum\Claire
Password: Pa55w.rd
Lab Scenario
You must deploy apps to users in the A. Datum

organization. These users already have their
Windows 10 computers, so you must use an
automated method to update their devices with
the chosen apps. You decide to test the process of
creating and deploying a provisioning package to
deploy the required apps.
141
09/12/2018
Lab Review
• Why was it necessary to deploy a certificate with

the app?
Lesson 4: Configuring web browsers
• Internet Explorer 11
• Privacy features in Internet Explorer 11
• Security features in Internet Explorer 11
• Managing add-ons
• Compatibility View
• Demonstration: Configuring and using Internet Explorer 11
• The Microsoft Edge browser
• Managing extensions
• Microsoft Edge productivity features
• Demonstration: Configuring and using Microsoft Edge
• Discussion: Which browser should you use?
142
09/12/2018
Internet Explorer 11
Privacy features in Internet Explorer 11
143
09/12/2018
Security features in Internet Explorer 11
Internet Explorer includes a number of security

features such as:
• SmartScreen Filter
• ActiveX controls and management
• Cross-Site Scripting Filter
• Data Execution Prevention
• Enhanced Protected Mode
Managing add-ons
• Internet Explorer 11 is built to function without

add-ons
• Internet Explorer for the desktop supports
HTML5 and Adobe Flash by default
• The Manage Add-ons feature allows users to:
• Enable and disable add-ons
• Add and remove add-ons
144
09/12/2018
Compatibility View
Compatibility View helps display a webpage as it is

meant to be viewed
Demonstration: Configuring and using Internet

Explorer 11

• Configure Compatibility View
• Delete browsing history
• Configure InPrivate Browsing
• View the add-on management interface
• Manage downloading with Download Manager
145
09/12/2018
The Microsoft Edge browser
Managing extensions
146
09/12/2018
Microsoft Edge productivity features
• Pinned tabs
• Paste and go
• Improved battery life
• Windows Hello authentication
• Website notifications
• OneDrive synchronization of favorites
• Reading view
Demonstration: Configuring and using

Microsoft Edge

• Open a webpage
• Pin a tab
• Load a webpage that requires an ActiveX control
• Configure settings
• Download a file
• Make a web note
147
09/12/2018
Discussion: Which browser should you use?
Which browser should you use?
5 minutes
Lab C: Configuring Microsoft Edge
• Exercise 1: Configuring and using Microsoft Edge
Logon Information
20698B-LON-CL1
Adatum\Claire
Password: Pa55w.rd
148
09/12/2018
Lab Scenario
Users in your organization need access to

Microsoft Edge. You decide to configure and test
this new browser against your company intranet
on a local web server.
Lab Review
• In the lab, you were unable to get complete

functionality from the A. Datum Intranet website
by using Microsoft Edge. What was the reason?
What was the solution?
149
09/12/2018
Module 10
Securing Windows 10
150
09/12/2018
Module Overview
• Managing user accounts

• Configuring UAC
• Implementing and managing BitLocker
Lesson 1: Managing user accounts
• What is defense in depth?

• What is a user account?
• Configuring local accounts
• Configuring domain accounts
• Demonstration: Managing user accounts
• Using a Microsoft account
• Managing and helping to secure sign-in
experiences
• Discussion: Using a Microsoft account in
Windows 10
151
09/12/2018
What is defense in depth?
Defense in depth involves:

• Applying multiple layers of security
• Guarding against a malicious user that breaches
one or more of your security layers while trying to
access confidential data
• Applying additional security layers
What is a user account?
Windows 10 supports the following types of user

accounts:
• Local accounts
• Domain accounts
• Azure AD accounts
• Microsoft accounts
152
09/12/2018
Configuring local accounts
Configuring domain accounts
The Account section of the Active Directory

Administrative Center’s Create User window
153
09/12/2018
Demonstration: Managing user accounts

• Create a local user account
• Delete a domain user account
• Create a new domain user account
• Move the domain user account
Using a Microsoft account
154
09/12/2018
Managing and helping to secure sign-in experiences
Windows 10 includes a number of features that you

can use to improve the user sign-in experience,
including:
• Windows Hello
• Windows Defender Credential Guard
Discussion: Using a Microsoft account in Windows 10
• When would you use a domain account?

• Under what circumstances would you not be able to use a domain account on a
Windows 10 device?
• What is the benefit of using a Microsoft account?
• The staff at a military base has a special computer that they use to encrypt
orders. They want to install Windows 10 on it. However, due to security issues,
the computer cannot connect to a network. What kind of account should you
use?
• Contoso, Ltd. has a vigorous Office 365 and Azure cloud-service presence, and
their on-premises AD DS infrastructure is tied to Azure AD. What steps can the
organization take to ensure that its users do not have to sign in to Windows 10
on one account, and then into Office 365 and Azure on another?
20 minutes
155
09/12/2018
Lesson 2: Configuring UAC
• What is UAC?
• How UAC works
• Configuring UAC notification settings
• Demonstration: Configuring UAC
What is UAC?
UAC is a security feature that simplifies the ability

of users to run as standard users and perform
typical tasks. UAC does the following:
• Prompts users for administrative credentials if the
task requires administrative permissions
• Allows you to configure the control that a user has
with respect to UAC prompts and consents
156
09/12/2018
How UAC works
In Windows 10, what happens when a user performs

a task that requires administrative permissions?
Standard users: Administrative users:
• UAC prompts the • UAC prompts the
user for credentials user for
that have permission to
administrative complete the task
permissions
UAC: how does it work?
Tasks that require UAC elevation include:

• Install and uninstalling • Adding or removing a user
applications account
• Installing a device driver • Copying or moving files into
• Installing Windows updates the Program Files or
• Configuring parental controls
Windows directory
• Scheduling automated tasks
• Installing an ActiveX control
• Restoring system-backup files
• Opening Windows Firewall
• Configuring automatic
• Changing a user’s account
type updates
• Browsing to another user’s
• Modifying UAC settings
directory
• Configuring Remote Desktop
access
157
09/12/2018
Configuring UAC notification settings
Demonstration: Configuring UAC

• View the current UAC settings
• Configure the UAC settings
• Test the UAC settings
• Reconfigure the UAC settings
• Test the UAC settings again
158
09/12/2018
Lab A: Configuring user accounts
• Exercise 1: Managing user accounts

• Exercise 2: Configuring UAC
Logon Information
20698B-LON-CL1
Adatum\Claire
.\Admin
.\Claire
Password: Pa55w.rd
Lab Scenario
Your manager, Claire Roberson, is travelling to

visit some of the smaller branch offices to review
their IT infrastructure. You must configure her
Windows 10 PC with a new local user account
and configure appropriate UAC settings.
159
09/12/2018
Lab Review
• In the lab, you configured UAC to switch to the

secure desktop. What advantage does this offer?
Lesson 3: Implementing and managing BitLocker
• Discussion: What are the common data-related

security threats?
• Possible mitigations for common data-related
threats
• What is BitLocker?
• BitLocker requirements
• BitLocker modes
• Using Group Policy settings to configure BitLocker
• Demonstration: Configuring and using BitLocker
• Recovering BitLocker-encrypted drives
• The Microsoft BitLocker Administration and
Monitoring tool
160
09/12/2018
Discussion: What are the common data-related

security threats?
Describe common security threats to data, such as:

• Users who access sensitive files to which they should not have access
• Competitors who gain access to your organization’s sensitive files
• Data that a user publishes to the internet, either inadvertently or intentionally
• Private information that a user utilizes inappropriately, either inadvertently or
maliciously
Discuss the possible ways in which data exposure can occur, such as:
• Lost or stolen laptop computers and USB drives
• Malware infection of your corporate network or individual devices
• Accidental release of data
Discuss scenarios that have been in the media recently, in which private data
became public, either maliciously or inadvertently
15 minutes
Possible mitigations for common data-related threats
Common data security threats include:

• An unauthorized user-accessing information on a
file share
• An unauthorized user accessing data from a lost
or stolen USB drive
• A lost or stolen laptop that is storing confidential
information
• A user sends protected content in an email to an
unintended recipient inadvertently
161
09/12/2018
What is BitLocker?
BitLocker encrypts the data that is stored on the

operating system and other volumes by:
• Providing offline data protection
• Protecting all data stored on the encrypted
volume
• Verifying the integrity of early startup components
and boot-configuration data
• Ensuring integrity of the startup process
BitLocker To Go allows encryption of removable

media, such as USB drives
BitLocker requirements
BitLocker has the following hardware requirements:

• A BIOS or UEFI environment that is compatible
with a TPM 1.2 or newer device or that supports
USB devices during computer startup
• Enough space on the hard disk for BitLocker to
create two partitions
162
09/12/2018
BitLocker modes
Windows 10 supports two modes of BitLocker

operation:
• TPM mode:
• Locks the normal startup process until a user optionally
supplies a personal PIN and/or inserts a USB drive that
contains a BitLocker startup key
• Performs system-integrity verification on startup
components
• Non-TPM mode:
• Uses Group Policy to allow BitLocker to work without a
TPM
• Locks the startup process similar to TPM mode, but the
BitLocker startup key must be stored on a USB drive
• Provides limited authentication
Using Group Policy settings to configure BitLocker
Group Policy provides the following settings for

BitLocker:
• Turn on BitLocker backup in AD DS
• Configure the recovery folder on Control Panel
Setup
• Enable advanced startup options on Control Panel
Setup
• Configure the encryption method
• Prevent memory overwrite on restart
• Configure the TPM validation method used to seal
BitLocker keys
163
09/12/2018
Demonstration: Configuring and using BitLocker

• Configure BitLocker-related Group Policies
• Enable BitLocker on a volume
• Unlock a BitLocker-encrypted volume
Recovering BitLocker-encrypted drives
• When a BitLocker-enabled computer starts:

• BitLocker checks the operating system for conditions that indicate
a security risk
• If a condition is detected:
• BitLocker enters recovery mode and keeps the system drive locked
• The user must enter the correct recovery password to continue
• The BitLocker recovery password:

• Is a 48-digit password that unlocks a system in recovery mode
• Is unique to a particular BitLocker encryption:
• Can be stored in AD DS
• If stored in AD DS, you can search for it by using either the drive label
or the computer’s password
164
09/12/2018
The Microsoft BitLocker Administration and

Monitoring tool
Microsoft BitLocker Administration and Monitoring

simplifies the following BitLocker management
tasks:
• Deployment and encryption key recovery
• Centralized compliance monitoring and reporting
• Provisioning encrypted drives
• Supporting encrypted drives within an
organization
Lab B: Managing data security
• Exercise: Using BitLocker
Logon Information
20698B-LON-CL1
Password: Pa55w.rd
165
09/12/2018
Lab Scenario
Your manager wants to ensure that volumes that

contain critical data are locked. Unfortunately,
several of the computers in your office lack TPM
chips, so you want to explore the functionality of
using BitLocker without a TPM chip.
Lab Review
• In the lab, you implemented BitLocker. Why was it

necessary to configure the GPO settings?
166
09/12/2018
• Review Question
Module 11
Implementing remote connectivity
167
09/12/2018
Module Overview
• Overview of remote connectivity options

• Implementing VPNs
• Implementing DirectAccess
Lesson 1: Overview of remote connectivity options
• Discussion: When to use remote access

• Remote access options
• Overview of network policies
168
09/12/2018
Discussion: When to use remote access
• Do you allow users to connect to your

network resources remotely? If so, how?
• What are your business requirements
for using remote access?
10 minutes
Remote access options
• VPN
• DirectAccess
• Routing
• Web Application Proxy
169
09/12/2018
Overview of network policies
Start
Yes No Go to the next

Are there policy
Does connection attempt
policies to Yes match policy conditions?
No process?
Yes Is the remote access permission

for the user account set to Deny
Access?
No
No Yes Reject
Reject connection
connection Is the remote access attempt
attempt permission for the Is the remote access permission
Yes user account set to No for the user account set to Deny
Allow Access? remote access permission?
Yes Accept
connection
No attempt
Does the connection
attempt match the user
object and profile settings?
Lesson 2: Implementing VPNs
• Overview of VPNs
• VPN tunneling protocols
• VPN authentication methods
• Demonstration: Creating a VPN connection
• Advanced VPN options
• Deploying VPN connection profiles
170
09/12/2018
Overview of VPNs
A VPN provides a point-to-point connection between components of a

private network, and through a public network such as the internet
Corporate headquarters
Large branch
office
Small branch
office
VPN
VPN server
server
VPN
server
Medium branch
office VPN
Home office
with VPN client
VPN
server Remote user with VPN client
VPN tunneling protocols
Windows 10 supports four VPN tunneling protocols

Tunneling Firewall Description
protocol access
PPTP TCP port 1723 Provides data confidentiality, but not
and IP Protocol data integrity or data authentication
ID 47
L2TP/IPsec UDP port 500, Uses either certificates or pre-shared
UDP port 1701, keys for authentication; certificate
UDP port 4500, authentication is recommended
and IP protocol
ID 50
SSTP TCP port 443 Uses SSL to provide data
confidentiality, data integrity, and data
authentication
IKEv2 UDP port 500 Supports the latest IPsec encryption
algorithms to provide data
confidentiality, data integrity, and data
authentication
171
09/12/2018
VPN authentication methods
PAP:
• Uses plaintext passwords
• Used typically if the remote access client and remote
access server cannot negotiate a more secure form of
validation
• Is the least secure authentication protocol; it does not
protect against:
• Replay attacks
• Remote client impersonation
• Remote server impersonation
CHAP:
• Is a challenge-response authentication protocol that
uses the industry-standard MD5 hashing scheme
• Is an improvement over PAP because the password is not
sent over the PPP link
• Requires a plaintext version of the password to validate
the challenge response, and does not protect against
remote server impersonation
172
09/12/2018
MS-CHAPv2:
• Is an upgrade of MS-CHAP, provides two-way
authentication, also known as mutual authentication
• Is the remote access client that receives verification that
the remote access server to which it is dialing in has
access to the user’s password
• Provides stronger security than CHAP
EAP:
• Allows for arbitrary authentication of a remote access
connection through the use of authentication schemes,
known as EAP types
• Offers the strongest security by providing the most
flexibility in authentication variations
173
09/12/2018
Demonstration: Creating a VPN connection

• Create a new VPN connection
• Configure the VPN connection
• Test the connection
Advanced VPN options
Windows 10 VPN advanced features:

• VPN Reconnect
• Always On
• App-triggered VPN
• Traffic Filters
• Lock-down VPN
174
09/12/2018
Deploying VPN connection profiles
• CMAK:
• Allows you to customize users’ remote connection
experience by creating predefined connections on
remote servers and networks
• Creates an executable file that can be run on a client
computer to establish a network connection that you have
designed
• You can distribute CMAK profiles to client computers
by using:
• An operating system image
• Removable media
• Software distribution tools, such as Configuration Manager
Lab: Implementing a VPN
• Exercise 1: Deploying a VPN server

• Exercise 2: Creating a VPN connection
Logon Information
20698B-LON-RTR
20698B-LON-CL1
Adatum\Claire
Password: Pa55w.rd
175
09/12/2018
Lab Scenario
A. Datum uses VPN access for users who are

working remotely or traveling. You must set up a
VPN connection for Claire, who has received a new
Windows 10 laptop and is about to visit remote
office sites.
Lab Review
• How can you determine which VPN protocol the

connections that you established in this lab
exercise are using?
• You used a network policy with a condition of
membership of a Windows Group during the lab.
What would have happened if Claire had not
belonged to the Research group?
176
09/12/2018
Lesson 3: Implementing DirectAccess
• Overview of DirectAccess
• DirectAccess components
• Establishing DirectAccess in Windows 10
• Demonstration: Configuring DirectAccess
Overview of DirectAccess
Features of DirectAccess:
• Connects automatically to a corporate network over a
public network
• Uses various protocols, including HTTPS, to establish IPv6
connectivity
• Supports selected server access and IPsec authentication
• Supports end-to-end authentication and encryption
• Supports management of remote client computers
• Allows remote users to connect directly to intranet servers
177
09/12/2018
DirectAccess components
Internet websites
AD DS
domain
NRPT/ Internal clients controller
Consec DNS server
IPv6/IPsec
DirectAccess
External clients server
Internal network
resources
Network
location server
PKI deployment
Establishing DirectAccess in Windows 10
• A DirectAccess connection is initiated if:

• The computer cannot contact an NLA server
• The computer can contact www.msftncsi.com or perform
DNS lookup on dns.msftncsi.com and get expected
response
• NRPT specifies which DNS servers on the internal
network DirectAccess client use for internal
network name resolution
• When a direct IPv6 connection cannot be
established, DirectAccess uses Teredo, 6to4,
or IP-HTTPS to establish a connection
178
09/12/2018
Demonstration: Configuring DirectAccess

• Create a security group for DirectAccess client
computers
• Configure DirectAccess by running the Getting
Started Wizard
• Verify client configuration
179
09/12/2018
Module 12
Maintaining Windows 10
Module Overview
• Updating Windows 10
• Monitoring Windows 10
180
09/12/2018
Lesson 1: Updating Windows 10
• Windows 10 servicing options

• Methods for applying updates to Windows 10
• Windows Update settings in Windows 10
• Available Group Policy settings for configuring
Windows Update
• Demonstration: Configuring Windows Update
• Using a WSUS server to deploy updates
• Windows Update for Business
Windows 10 servicing options
Servicing option Application Availability

Semi-Annual Channel Twice per year feature All the main editions
update release of Windows 10
Long-Term Servicing Long-term Only available on the
Channel deployment of Enterprise LTSC
selected Windows 10 servicing option of
editions with minimal Windows 10
feature updating
181
09/12/2018
Windows 10 servicing options
Windows 10 update types:

• Feature updates. These are full builds of
Windows 10 such as Windows 10 Fall Creators
Update. These are released two to three times
a year
• Quality updates. These are cumulative monthly
updates that supersede the previous month’s
quality update
Methods for applying updates to Windows 10
You can apply application updates and operating

system updates in several ways, including:
• Manually, as part of a reactive maintenance
process
• Automatically, as part of a proactive maintenance
process, by using:
• Windows Update
• System Center 2012 R2 Configuration Manager
• You can go back to the previous version for a

number of days after the upgrade
182
09/12/2018
Windows Update settings in Windows 10
183
09/12/2018
184
09/12/2018
Available Group Policy settings for configuring

Windows Update
185
09/12/2018
Demonstration: Configuring Windows Update

• Configure Windows Update manually
• Configure Windows Update by using GPOs
Using a WSUS server to deploy updates
Microsoft
Automatic update
updates website
Server running
WSUS
Test clients
LAN
Internet
Automatic
updates
186
09/12/2018
Using a WSUS server to deploy updates
Set up the production environment
Phase 1: Assess
Phase 4: Deploy Update Phase 2: Identify

management
• Approve and schedule • Discover new updates

updates • Determine if updates
• Review process Phase 3: are relevant
Evaluate and
plan
• Test updates
• Determine how to update the
production environment
Windows Update for Business
Windows Update for Business delivers updates differently than

WSUS, and has the following characteristics:
• Distribution rings
• Deferring updates:
• Quality Updates. Defers updates up to 30 days and pauses
for up to 35 days
• Feature Updates. Defers updates up to 365 days and pauses
for up to 60 days
• Non-deferrable updates. Antimalware and antispyware
• Maintenance windows
• Delivery Optimization
• Integration with:
• System Center Configuration Manager
187
09/12/2018
Lesson 2: Monitoring Windows 10
• Event Viewer
• Demonstration: Monitoring Windows with Event
Viewer
• Reliability history
• Performance considerations
• Performance monitoring
• Demonstration: Monitoring performance
Event Viewer
188
09/12/2018
Demonstration: Monitoring Windows with

Event Viewer

• Explore custom views
• Create a custom view
Reliability history
189
09/12/2018
Performance considerations
• You should monitor the following four main

hardware components on a Windows 10 device:
• Processor
• Disk
• Memory
• Network
• A performance bottleneck occurs when a

computer is unable to service the current
requests for a specific resource
Performance monitoring
You can configure a performance baseline to help

you with:
• Evaluating your computer’s workload
• Monitoring system resources
• Noticing changes and trends in resource use
• Testing configuration changes
• Diagnosing problems
190
09/12/2018
Demonstration: Monitoring performance

• Open Performance Monitor
• Add new values to the chart
• Create a data collector set
• Examine a report
Lab: Maintaining Windows 10
• Exercise 1: Configuring updates for a single device

• Exercise 2: Configuring updates with GPOs
• Exercise 3: Monitoring reliability and performance
Logon Information
20698B-LON-CL1
Password: Pa55w.rd
191
09/12/2018
Lab Scenario
You need to ensure that your users’ Windows 10

devices are kept up-to-date with security and
operating system updates and fixes. You want to
configure the Windows Update settings for
multiple computers from a central point. You
decide to configure Windows Update settings by
using GPOs.
Additionally, it is important to ensure that the
Windows 10 devices are operating correctly, and
you discover any problems quickly. By using a
proactive approach to supporting your users, you
can help satisfy this requirement.
Lab Review
In the lab, you collected performance data for

specific system objects. Which object(s) and
counter(s) in Performance Monitor indicate how
busy the computer’s CPU is?
192
09/12/2018
Module 13
Recovering Windows 10
193
09/12/2018
Module Overview
• Recovering files
• Performing system recovery
Lesson 1: Recovering files
• File recovery methods in Windows 10

• File History
• Demonstration: Using File History to recover files
• Backup and Restore (Windows 7)
• Previous Versions
• Demonstration: Using Previous Versions to recover
files
• Recovering files in OneDrive
194
09/12/2018
File recovery methods in Windows 10
• Some of the reasons for performing backups:

• Protect against accidental file deletion
• Provide recovery from a virus infection
• Provide previous versions of files and folders
• Protect against total computer data loss
• Help ensure data availability
• Windows 10 features:
Work Folders
• Folder Redirection, Offline Files System image
• Backup and Restore (Windows 7) Wbadmin.exe
Copying files
• Sync with OneDrive
• File History
• Azure Backup can be used with Windows 10
File History
• File History saves backup copies of user files

• Configure and manage by using Control Panel or the Backup
section in the Settings app
• By default, profile folders and libraries are protected
• You can protect additional folders by:
• Adding them to protected libraries
• Using the Backup option in the Settings app
• You can save backup copies on a local drive, a removable
drive, or a network location
• File History copies protected files hourly and stores copies
indefinitely by default
• You can preview and restore backup copies:
• You can restore to the original or alternate location
195
09/12/2018
File History
File History
9:00
8:00
11:00
10:00
Restore 8:00
Demonstration: Using File History to recover files

• Configure File History
• Add an additional folder to File History
• Use File History to recover a deleted file
196
09/12/2018
Backup and Restore (Windows 7)
• Graphical backup tool in Windows 10

• Uses Volume Shadow Copy Service for creating backups:
• On a local disk, external disk, or network location
• First backup contains all data, and later backups contain changes only
• Can back up folders, libraries, and volumes
• Backup is in .vhdx format
• You can use it for creating a system image and a system
repair disk
• Creates restore points, which are used by Previous Versions
• Restores data at an original or alternate location
Previous Versions
• Enables users to view and restore previous versions

of files, folders, and volumes
• Data comes from File History and restore points:
• Each time when File History runs
• When Backup and Restore (Windows 7) backs up a file
197
09/12/2018
Demonstration: Using Previous Versions to

recover files

• Use Backup and Recovery (Windows 7) to create a
restore point
• Configure data for which you create a restore point
• Revert a file to a previous version
Recovering files in OneDrive
198
09/12/2018
Lesson 2: Performing system recovery
• Overview of system recovery procedures

• Driver rollback
• System Protection and restore points
• Demonstration: Using a restore point to roll back
device configuration
• Advanced startup options
• Tools available in Windows RE
• Demonstration: Using advanced startup options
• Discussion: Recovering devices
Overview of system recovery procedures
• The operating system is separate from the data:

• You can recover, reinstall, or upgrade it without
affecting data
• Device recovery features in Windows 10:
• Driver rollback
• System Protection and System Restore
• Startup Recovery
• Reset this PC
• System Image Recovery
• Command prompt
199
09/12/2018
Driver rollback
• Nondestructive operation, but it requires restart

• Reinstalls a previous version of a device driver:
• Not available if the device driver has never been updated
• Only active and functional drivers are backed up
• Supports one level of rollback:

• If you perform a rollback, you cannot roll back again
• Driver roll back is not available for printers

• Multifunction devices are handled on an individual
function basis (printer, scanner)
• Can be performed from safe mode:
• If the malfunctioning driver is preventing normal
operation
Driver rollback
200
09/12/2018
System Protection and restore points
• Create snapshots of computer configuration:

• Snapshots are called restore points
• Restore points do not include user data
• You can use restore points to:
• Perform driver rollbacks
• Protect against accidental program deletion
• Restore Windows configurations to earlier states
• Restore points are created before system changes:
• Automatic: app, driver, or Windows updates
• Scheduled: can be created based on a schedule
• Manual: on-demand, before applying a restore point
• If turned off, all restore points are deleted
201
09/12/2018
Microsoft Problematic Manual Restore computer

Office app restore to state before
Actions installation installation point problematic app
was installed
T1 T2 T3 T4
Timeline
Computer state
Microsoft Microsoft Office Microsoft
Microsoft Office problematic app Office
Office problematic changes between
app T2 and T3
Demonstration: Using a restore point to roll back

device configuration

• Turn on System Protection
• Create a restore point manually and automatically
• Revert to a previous restore point
202
09/12/2018
Advanced startup options
• Enable debugging
• Enable boot logging
• Enable low-resolution video
• Enable Safe Mode
• Enable Safe Mode with Networking
• Enable Safe Mode with Command Prompt
• Disable driver signature enforcement
• Disable early launch anti-malware protection
• Disable automatic restart after failure
• Launch recovery environment
Tools available in Windows RE
Tool Function
Reset this PC Lets you choose to keep or remove your
files and reinstalls Windows 10
System Restore Returns your computer to an earlier state
System Image Recovery A system image that was created earlier

replaces everything on a computer
Startup Repair Detects and repairs most common startup
issues
Command Prompt Resolves problems with a service or device
driver, and it runs diagnostic tools
Go back to the previous Preserves personal files, but changes to
build apps and settings are lost
203
09/12/2018
204
09/12/2018
Demonstration: Using advanced startup options

• Start a computer in the recovery environment
• Use tools that are available in the recovery
environment
• Use safe mode as one of the startup options
Discussion: Recovering devices
What device recovery method should you

use in the event of a system failure?
5 minutes
205
09/12/2018
Lab: Troubleshooting and recovery
• Exercise 1: Using File History to recover files

• Exercise 2: Using Previous Versions to recover files
• Exercise 3: Recovering a device with a restore point
• Exercise 4: Using advanced startup options to recover a
device
Logon Information
20698B-LON-CL1
20698B-LON-CL2
Password: Pa55w.rd
Lab Scenario
You are a help desk technician at A. Datum

Corporation. Users complain that they cannot
access previous versions of documents that they
modified or deleted by mistake. You want to
show technicians how they can configure the
Previous Versions feature in Windows 10. You also
want to show end users how they can use the
Previous Versions feature to access previous
versions of documents. Finally, you need to
demonstrate to technicians how they can use
advanced startup options to diagnose and
troubleshoot a Windows 10 device.
206
09/12/2018
Lab Review
• What must you do if you want to use the Previous

Versions feature in Windows 10?
• In Windows 10, how can you access advanced
startup settings such as safe mode?
• Where can you access the Refresh your PC option
in Windows 10?
207
09/12/2018
Course Evaluation
• Your evaluation of this course will help Microsoft

understand the quality of your learning
experience.
• Please work with your training provider to access
the course evaluation form.
• Microsoft will keep your answers to this survey
private and confidential and will use your
responses to improve your future learning
experience. Your open and honest feedback is
valuable and appreciated.
208

PPTs Alumnos

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

PPTs Alumnos

Hochgeladen von

Copyright:

Verfügbare Formate

09/12/2018

Lesson 1: Overview of Windows 10

• What is new in Windows 10?

What is new in Windows 10?

Windows 10 provides many new features and

What has changed since Windows 8.1?

Windows 10 provides significant enhancements

Overview of the Windows 10 Creators Update

Windows 10 Fall Creators Update includes a number of

The benefits of Windows 10 for small and

There are many reasons for small and medium-

Bring Your Own Device

Windows 10 Enterprise Large enterprises Only available to Volume

Lesson 2: Planning your Windows 10 deployment

• Requirements for installing Windows 10

Requirements for installing Windows 10

Minimum recommended hardware:

Determining the requirements for specific Windows

Windows Assessment and Deployment Kit

Determine hardware readiness

Use MAP Toolkit for Windows 10 to:

Demonstration: Using MAP to determine readiness

In this demonstration, you will see how to:

Determining application compatibility

• Application compatibility issues can cause the

• Mitigating application compatibility involves the

Discover Rationalize Prioritize Test Mitigate

Determine application compatibility

Use ACT to test and verify your applications:

Lesson 3: Installing and deploying Windows 10

• Installing and deploying options for Windows 10

Installing and deploying options for Windows 10

Demonstration: Installing Windows 10 (optional)

In this demonstration, you will see how to install

Creating a Windows To Go Image

Deployment using provisioning

You can use Windows Configuration Designer to:

The process for enterprise deployment

Lesson 4: Upgrading to Windows 10

• Supported upgrade paths

Supported upgrade paths

Initial OS Final OS Media (.iso file) Windows update

• Some features might be removed when you upgrade to

Existing computer Intermediate store

Windows as a service will provide new features and functionality

Considerations for choosing between upgrade

Disadvantages of in-place upgrades:

Considerations for choosing between upgrade

Discussion: Common upgrade and migration

What is the best upgrade process for each

The process of upgrading to Windows 10

The process of migrating to Windows 10

4. Install applications 3. Update

Migrating user state

• User state separates user files, settings, and

• USMT is a scriptable command-line tool that provides

Demonstration: Migrating user state with USMT

In this demonstration, you will see how to:

Lab A: Upgrading to Windows 10

• Exercise 1: Migrating user settings

You are performing a trial Windows 10

• Which tools from Microsoft can help you

Lesson 5: Windows 10 installation maintenance