Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
218 Cards in this Set
- Front
- Back
|
Hardware requirements
|
CPU1ghz or faster support for PAE,NX,SSE2
HDD 16GB (32-bit) or 20GB (64-bit) RAM 1GB (32-bit) or 2GB (64-bit)\ Graphics Card DirectX9 graphics with WDDM driver |
|
|
Feature Requirements:Touch-tablet or monitor that supports multitouch
|
Snap: Screen resolution of at least 1366x768
Windows store native apps Screen resolution of at least 1024x768 |
|
|
The easy way to know if the computer meets the specs:
|
you can run the Windows 8 upgrade assistant (also lists the apps as well)
Compatibility details are used to show us what is or is not wrong |
|
|
Preparing for Windows 8 installation
|
Upgrade- installs on top of the operating system you already have
Windows 8 keeps your existing applications, files, and folder structures Migration-a clean of install of windows 8 on a fresh hard drive, then migrate settings, files, and applications from existing computer |
|
|
Migration Paths
Installation path Applications Windows Settings Personal Windows XP SP3 no no yes Vista no Yes Yes 7 Yes Yes Yes 8 Yes Yes Yes |
Migration Paths
Installation path Applications Windows Settings Personal Windows XP SP3 no no yes Vista no Yes Yes 7 Yes Yes Yes 8 Yes Yes Yes Notes: You cannot keep your windows settings or applications during a cross-language installation |
|
|
Upgrading Notes
|
Notes: You cannot keep your windows settings or applications during a cross-language installation
You cannot keep anything during a cross-architecture installation (32 to 64) all has to manually be re-installed You cannot upgrade from retail versions to volume license versions of Windows |
|
|
Improved in Windows 8
|
Enables booting computer into different operating systems
Can have multiple operating systems on multiple hard drives or hard drive partitions Useful for testing windows 8 without removing windows 7 |
|
|
Tips
|
Large hard drive? Use GUID. MBR is still good for smaller drives
Install earlier versions of an operating system if you want to set up a multi-boot PC |
|
|
Install drive->check the properties
(or shrink an existing hard drive partition ) |
Windows DVD->Install now
Custom install to go with a multi-boot |
|
|
Windows SmartScreen
Internet ExplorerScreen Do Not Track request |
Moving mouse to corner, charms bar
|
|
|
User state migration
|
Two methods
Easy transfer wizard(good for personal computers) User state migration toolkit(enterprise environments) |
|
|
USMT
|
Can be found on microsofts website
adk(assessment and deployment kit) 5.0 is good for xpsp3 and higher Can grab user data from 32-bit version of windows and put it on the 64-bit version, but can’t do the opposite also can’t use on a server environment select the tools that you require |
|
|
Try moving the files to the root directory
1)note what users are on the system 2)try to identify any custom folders on the root directory |
programs do not transfer
scan state is the tool that is used -Run the command prompt as an administrator C:\Usmt amd64- for 64 bit x86- for 32 bit dir /w Not all options for scanstate need to memorized XML files are used to identify what is taken |
|
|
Custom files
include.xml-> <migration urlid includefolder> important pattern type->File G:\somedatafolder\* [*] takes everything within a folder Unconditionalexclud pattern type->file {drivletters}\* [*] saves time scan state /l log file /o overwrite /i include (referencing the xml file selection) /v be verbose Pops out a file that can be used by easy transfer |
loadstate/ l log files again
/i is used for load state as well, same xml file (no exclude this time) /lac->local account create /lae->local account enable /v be verbose code 0 is good |
|
|
A little background
Virtualization can turn one computer into many Allows you to think of the two independently Allows you the ability to run multiple OS on a PC Client Hyper-V Windows Server 2012 Hyper-V These are the same in terms of virtualization technology and virtualization capabilities |
A little background
Virtualization can turn one computer into many Allows you to think of the two independently Allows you the ability to run multiple OS on a PC Client Hyper-V Windows Server 2012 Hyper-V These are the same in terms of virtualization technology and virtualization capabilities |
|
|
Client Hyper V Requirements
|
CPU
64-Bit system with virtualization and SLAT(Second Level Address Translation) support HDD Varies depend on the guest OS requirements (go with Windows 8 Hard Drive requirements) RAM 4 GB minimum, but total depends on VM’s created Licensing -License VM’s based on guest OS requirements Sysinternals-Coreinfo ( will let you know if you have SLAT) |
|
|
CoreInfo
|
Win+X->Command Prompt
CoreInfo -v View the virtualization assessment * is used to indicate that the devices supports virtualization technologies |
|
|
Setting up client Hyper-V
|
Turn Windows Features on or Off
or Search Charm->Add Feature Hyper-V is listed there You will have to restart |
|
|
PowerShell Cmdlet
|
PowerShell Method
Run as administrator Enable-WindowsOptionalFeature -online -FeatureName -Microsoft-Hyper-V -All (good method, one liner) Adding in a guest operating system |
|
|
Hyper-V Manager
The version of Windows 8 is a 64-Bit version (guests do not have to be 64-Bit, they can be 32-Bit) |
Hyper-V Manager
The version of Windows 8 is a 64-Bit version (guests do not have to be 64-Bit, they can be 32-Bit) |
|
|
Going through the process of creating a new guest Operating system
|
Configuring the virtual infrastructure
|
|
|
Virtual Switch Manager
MAC Address Range, a number of MAC Addresses within a machine |
New Virtual Network Switch
Three Types External-Commonly used when you want your virtual machine to act like any other computer on a network Internal-the host can ping the client, and the machines can talk to each Private-Can not talk to the virtual host, but they can talk to each other Can give the virtual switch any name Allow management operating system to share this network adapter- the bandwidth that you have will be shared with the virtual machines (slicing the adapter) VLAN ID, enable the Virtual LAN Identification for management Operating System (you then set the VLAN ID) |
|
|
Create a new virtual machine
|
Name
Location Assign Memory (Dynamic Memory-growing or decreasing based on what’s going Startup Memory, the memory used to get the machine going) Configure Networking (the switch we just created) Connect Virtual Hard Disk Name(vhdx {Maximum 64 TB}) Dynamically expanding disk, grow as you go Use an existing virtual hard disk Attach a virtual disk later Installing an operating system later ->Pick a boot dvd (physical drive) ->Image Iso ->Network-Based installation server |
|
|
You are going to be presented with a summary screen
|
Right Click->Start
You need to connect to the virtual machine now Media->Add ISO PowerOff ShutDown Save(like hibernating) Virtual Machine Connection Virtual Hard Disks Libraries\Documents\Hyper-V\Virtual hard disks (default location of the virtual hard drive) |
|
|
Working with Virtual Disks
|
The dynamically expanding disk does not dynamically shrink
Edit Disk can be used to shrink it Next->Select Disk-> Choose action Compact-This option compacts the file size of the virtual disk. Convert->Converts a virtual disk by copying the contents to a new virtual hard disk Expand-> expands the capacity of the virtual hard disk Shrink (deallocates the space available to the VHD{only available when the virtual machine is not running}) Snapshots GreatYou need to shut down the virtual machines |
|
|
Snapshots
Great |
ToolBar->Snapshot
Type Base configuration, select yes Right Click Snapshot, then apply If you have snapshots, do not use the edit disk wizard Right click, delete snapshots |
|
|
Hyper-V settings
|
Server
Virtual Hard Disks(default locations) Virtual Machines (where the virtual machine configurations are held) NUMA Spanning (None Uniform Memory Architecture) Allows you to run more machines at the same time) Storage Migrations(You can specify how many migrations can be run at the same time. 2 is the default) |
|
|
Native Boot
|
A VHD is used as the Primary OS (needs to be the same size or larger as what is allocated)
Page file is created outside a VHD (as opposed to inside the guest as within virtualization) No Host OS or hypervisor Native Hardware Performance Great for multi boot without multiple partitions Not intended to replace all image deployments Limits Bitlocker and how hibernation is supported Cannot native boot across a network share |
|
|
Why a VHD native boot
|
One file with a whole operating system hiding inside
|
|
|
What is a VHD
|
Microsoft Virtual Hard Disk Specification (VHD has been available to any third party under a royalty free license)
Simulates a physical hard drive Can vary in size and have multiple VHDx is Microsoft’s better, stronger,faster VHD format (only supported on Hyper-V 3.0 and later) |
|
|
Fixed size-Takes up the space
Dynamically expanding- only takes up what is used Differencing-Stores the difference from one VHD to another |
Fixed size-Takes up the space
Dynamically expanding- only takes up what is used Differencing-Stores the difference from one VHD to another |
|
|
Advantages to Native Boot
|
Quickly Move Between Hardware
Easily Backup the entire system Effectively test windows 8 on different hardware |
|
|
Tools
|
Diskpart (Create a partition, and attach a VHD)
DISM(Apply image files to a VHD) BCDBoot (Create a boot store, copy boot files to the system partition) BCDEdit(Modify an existing BCD store) |
|
|
Setting up native boot
|
To set this up
Elevated command prompt Use Diskpart Creating the virtual disk Diskpart->create vdisk file=C:\Win8.vhdx maximum=30760 type=expandable Working with the disk Diskpart->select disk file=c:\win8.vhdx Attaching the virtual disk Diskpart-> attach disk Creating a partition Diskpart->create partition primary Assigning a letter Diskpart-> Assign letter=j Formatting the disk Diskpart->format quick label=NativeVHD |
|
|
Installing Windows8 pro into the drive
|
DISM->Allows us to apply an image file offline
disk /get-wiminfo /wimfile:D:\Sources\Install.wim Provides us with some information Index : 1 Name : Windows 8 Pro (Supports client hyper-v) Description : Windows 8 Pro Size : blabla Multiple images exist disk /apply-image /imagefile:D:\Sources\Install.wim /index:1 /ApplyDir:J:\ (It’s now installing Windows 8 to that drive) Now it is time to detach that disk Diskpart-> Select vdisk file=C:\win8.vhdx Diskpart-> detach vdisk |
|
|
Modifying the boot order
|
Now we need to modify the boot of the computer, or editing the BCD store
How to perform a backup of the bookstore bcd edit /export C:\bcdbackup Win8 Native Boot? No refresh\reset |
|
|
BCDEdit - by itself gives a list of the current configuration
{current} means that this is the current |
BCDEdit - by itself gives a list of the current configuration
{current} means that this is the current |
|
|
Windows to go requirements
|
Certified USB 3.0 drives
USB Boot must enabled Windows 8 Enterprise Requires volume activation |
|
|
Windows to go differences
|
(Internal disks are unavailable{as well as the windows to go drive in Windows})
No TPM Needed (TPM is tied to a single PC) Pre-operating system boot password is used instead Hibernation is disabled NO WRE (Windows Recovery Environment) Put a fresh image on No refresh or reset Windows store is disabled |
|
|
How to set up windows to go
|
Windows to go, under settings
There is a wizard, then you find a windows install image (wim) You can set up bit locker password Will give you the option to boot from the USB computer configuration-administrative templates-windows component-windows to go startup options |
|
|
application compatibility toolkit
|
avoid downtime
checks an app for compatibility with windows 8 goes beyond app testing, goes into actually making the app work |
|
|
Common problems with migrating to new operating systems
|
UAC restrict
IE Protected mode-restricts the ability of a web app to write to anywhere but a users temporary files windows resource protection-enables applications to function proper, creates a temporary work area and allow an application to write to that location new os internal version number changing 64 bit versions(uses the WOW64 emulator) windows filtering platform |
|
|
Resolutions to application incompatibility
|
shims->deployed by the ACT to fix problems
Intercepts the call and re-directs the problems |
|
|
Common Shims that are used
|
Version-Lie
ForceAdminAccess WRPMitigation CorrectFilePaths |
|
|
Other compatibility resolution options
|
Other options
-Troubleshooter fails Go to properties, go to compatibility tab Options here go back to windows 98 also reduced color mode also 640x580 also display scaling privilege level change settings for all users |
|
|
start-program compatib-trouble shooter runs-(good for running apps in general)- we get to pick it
|
start-program compatib-trouble shooter runs-(good for running apps in general)- we get to pick it
|
|
|
compatibility administrator (32-bit for 32-bit programs, 64 for 64-bit)
|
To create a fix, right click new database, create new, application fix
Name of the program, file location It gives a bunch of compatibility mode shims, click click finish We can save our db To apply, click file, then install |
|
|
Virtualization can make an old app run on a new OS
|
Virtualize an old desktop os then run it on new PC(disk2vhd)
ools make it easy Hyper terminal Open client hyper v new virtual machine vmconnect.exe MAXIMUSV “XPPro” Make sure to run as administrator under shortcut, advanced |
|
|
Virtual Desktop Infrastructure (VDI)
Desktop OS is not on the local PC, it’s on the server Move from one PC to another PC, but have the same desktop Enhanced mobility, flexibility, and business continuity |
Virtual Desktop Infrastructure (VDI)
Desktop OS is not on the local PC, it’s on the server Move from one PC to another PC, but have the same desktop Enhanced mobility, flexibility, and business continuity |
|
|
Remote Desktop Services
|
Everything runs on a server OS as opposed to running the Windows Desktops on VDI
Scalable and efficient Reliable and Mature |
|
|
Remote Desktop Protocol
|
The power behind Windows 8 remoting
Access a RDS or another Desktop Rich and consistent experience |
|
|
Remote Desktop Client is the built-in RDP client
|
Remote Desktop Client is the built-in RDP client
|
|
|
RemoteApp
|
RDS Servers host applications
User virtualization to resolve app/OS compatibility issues App is integrated with the client desktop |
|
|
All about IE
|
Internet Explorer 10
Two different version Internet Explorer in the Windows UI Internet Explorer from the desktop Collectively these are known as Internet explorer 10 |
|
|
Internet explorer tile from the start screen, loads the web page
|
Address bar disappears
Scroll bar displays edge to edge Right-Click (App specific commands) Right-Click, in private tab Native IE specific settings, Bring up the settings charm, if in IE, will bring up IE charm Delete browser history Permissions Ask for location (Always allow) (Allow Once) (Never Allow) Clear location permissionsZoom Flip Ahead (Turn on flip ahead to go to the next page on a site. Your browsing history will be sent to Microsoft to improve how flip ahead works) Encoding If the text on a webpage doesn’t look like the correct language, you can try changing the encoding Select Encoding Automatically Unicode UTF-8 Left-to-right document Page tools from the bottom, will allow to view from the desktop IE on the desktop allows plug in support Home Page->Native UI, no way to set a home page, you have to set it on the desktop and the setting will be transferred A number of settings are shared Compatibility mode-> |
|
|
Improvements for IE
|
New Group Policy Settings
*Continues support from IE9 Group Policy Settings * New Settings for IE10 *Almost 1,500 tweakable settings Enhanced Security features *HTML5 sandbox *SmartScreen *Enhanced protected mode Add-on and add-on free experiences *Internet Explorer (native) runs add-on free *Internet explorer for the desktop supports add-ons(such as silverlight) Support for new and emerging web standandards *Html5 *CSS3 *Scalable Vector Graphics |
|
|
Group Policy Editor for IE
|
Computer Configuration(gpedit.msc->Administrative templates->Windows Components->Internet Explorer
Two of the new ones Security Features->Add-On Management Flash Support is now baked into Internet Explorer Enabled, it prevents applications from firing up flash technology ->Ajax Turn off WebSockets->Used to have bi-directional interaction with a server (runs over port 80) |
|
|
If you suspect a problem with the version of IE you are using
|
If you suspect a problem, F12, click the version that you would like to render it in
|
|
|
Compatibility View
|
Alt->Tools->Compatibility View Settings
Can add a site here Display All websites in compatibility view Display intranet sites in Compat View Download Updated Compatibility lists from Microsoft Windows Components->Internet Explorer->Use Policy List of Internet Explorer 7 sites Enabled->add sites |
|
|
Do Not Track can be found under advanced settings
|
Advanced->Always Send do not track header * asterik means that IE needs to be restarted
|
|
|
Internet Explorer Administration Kit
|
IEAK (Create custom, branded version of IE 10)
Supports different Windows versions and languages Perform full installations or customize existing installs |
|
|
Internet Explorer Customization Wizard
|
File Locations(Custom branding)
Target platform (Need to run a unique instance for each platform you plan on installing to) Clear full installation, click custom configuration You select this one for when IE is already installed Clear All Select what you want Click Synchronize |
|
|
IE User Experience
|
User Experience
Interactive installation-The standard setup experience. The user selects the type of installation, download site, and installation folder. The user sees all progress dialog boxes and error messages. Hands-free installation-All installation decisions are made for the user. The user sees all progress dialog boxes Completely Silent installation-All installation decisions are made for the users, the user does not see any dialog boxes Restart Default No restart Force Restart Browser UI Customize Title Bars (Put at the top) Toolbars Search Providers, can add or remove as needed Display Namve URL Favicon Can select default Select finish C:\Builds\date\brndonly\amd\en-us Inside there is an exe and an msi |
|
|
Hardware Issues
|
random lockups? Run the memory diagnostics
If you select restart now, it will reboot the PC Options for hitting F1 Basic Standard Extended Cache Default On Off Pass Counts (0 is infinite, more tests are more likely to cause issues to occur) Pop up notification will pop up Win+X -> Administrative Tools-> Windows Logs-> System-> Entry Results |
|
|
Problem reports->View All problem reports
|
Problem reports->View All problem reports
|
|
|
Windows memory diagnostics
|
roubleshooting Wizards->View detailed information
Publisher Destails Explore Additional options Advanced will allow the wizard to apply repairs automatically |
|
|
Device manager
|
Win+x->Device Manager
Expand a category Select a device Right-Click it, propertie |
|
|
Drivers
|
Driver-Driver Details (will allow you to see the files associated with a driver)
Details? Have quite a bit of those inf folder name etc Hardware IDs Resource I/O Range IRQ (Interrupt Request Levels) |
|
|
Volumes
|
Disk
Type Status Partition style Capacity |
|
|
Printing in windows 8
|
V3 Driver model existed before (hardcopy output)
Enhanced features not available to Windows Store Apps v3 drivers still work V4 printer driver model Apps to customize the experience Framework->requires much less for specific files for specific printers Automatic downloads |
|
|
Windows Store-> New Experience for printing
Devices->More |
Printer Drivers
Settings Rendering Notification Interface |
|
|
Windows store apps that can print
|
mail
photo news etc |
|
|
Windows Store apps that cannot printer
|
bind
sports travel skydrive weather messaging people calendar finance |
|
|
Manage Sharing
|
Render print jobs on client computers (done on this computer)
Additional drivers, good for clients |
|
|
Managing storage
|
Storage spaces
made up of storage pools, you divide the pool into storage spaces Each piece becomes a virtual drive Storage pool 3(2TB)=6TB 6(1TB) |
|
|
Storage pools can exceed available capacity (The physical catches up)
|
Create multiple storage spaces from the same storage pool
Pools can be dynamically expanded |
|
|
Taking advantage of storage spaces
|
Ideal for situations where files are scattered through multiple drives
Turns multipls drives into one storage pool Keep better track and organizations |
|
|
StorageSpaces
Features |
Use any drives on any interface
Administer through either the GUI or PowerShell Included with all versions of Windows8 Cost-Effect and expandable Supported storage types JBOD (just a bunch of disk) Not RAID Some USB |
|
|
Control Panel
|
Storage spaces
Create a storage space Three-Way mirror requires 5 drives |
|
|
BranchCache
|
What is it
WAN Optimization technology Reduces WAN traffic Caches remote content locally save time and money good for cloud content |
|
|
Improvements to BranchCache
|
Supports more than one hosted cache serve per office
Data de-duplication Simplified group poicy configuration |
|
|
BranchCache Requirements
|
Requires windows 8 enterprise windows server 2012
Older clients can’t take advantage of new features |
|
|
Two Modes for BranchCache
|
Hosted cache mode(desktops sharing)
distributed cache (pcs sharing) Hosted can fallback to distributed |
|
|
Content servers-The servers that have the data that clients want
At least one content server is required for branch cache to work |
Webservers
Fileservers application servers (using bits) |
|
|
best practices for BranchCache
|
Use group policy to enable branch cache for all clients
configure clients to fallback to distributed cache mode use multiple hosted cache servers at large remote sites |
|
|
three step process to enable BC on the client
|
manual way->netsh branch cache set service mode=distributed
group policy editor gpedit.msc Computer Configuration->Administrative Templates->Network->BranchCache (turning it on) Group policy overrides netsh Set BranchCache Distributed cache mode for a fallback Set BranchCache Hoste Cache Mode netsh branchcache show status |
|
|
Keeping data safe and secure
|
What is encryption
Takes one form of information into another, unreadable without a key Keeps confidential data New in Windows 8 Bitlocker EFS-remains the same from its version in Win8 |
|
|
Bitlocker
|
Pre-Provisioning
Allows you to enable Bitlocker before Windows is even installed User can change BitLocker passwords Encrypt only used space |
|
|
Turning on BitLocker
|
Start screen
Search for Bitlocker Click Turn on Bitlocker Will run checks before going through (What are BitLocker’s system requirements) |
|
|
If you don’t have a TrustedPlatformModule, you must allow BitLocker without compatible TPM option under require additional authentication at startup
|
Supported Bitlocker methods
1)PIN 2)USB startup drive |
|
|
ComputerConfiguration\AdministrativeTemplates\WindowsComponents\BitLocker Drive Encryption
|
ComputerConfiguration\AdministrativeTemplates\WindowsComponents\BitLocker Drive Encryption
|
|
|
Settings for Computer with a TPM
|
Configure TPM startup
Configure TPM startup PIN Configure TPM startup key Configure TPM startup key and PIN |
|
|
Setting up a backup key
|
Save to your microsoft account
Save to a usb flash drive Save to a file Print the recovery key |
|
|
Encrypt used disk space only(good for new PCs)
Encrypt entire drive(good for slower\older PCs) |
Encrypt used disk space only(good for new PCs)
Encrypt entire drive(good for slower\older PCs) |
|
|
Run BitLocker System Check
(Forces BitLocker to check) |
Run BitLocker System Check
(Forces BitLocker to check) |
|
|
EFS
|
Properties->Advanced->Encrypt Contents to Secure Data
Folder is now encrypted, looks green Folder is blue? You compressed it you knuckle head |
|
|
Backing up EFS Certs
|
Start Window
Search certificates Backup encryption certificates Create a new certificate, or use an existing certificate Backup location Backup the certificate and key now Location\Password You can update existing files and folders if you are using a different key. That way you are not using two keys Don’t use EFS alone, use bitlocker in conjuction |
|
|
Requirements for BItLocker
|
Requires TPM unless it is overwritten under group policy
Must be formatted with NTFS encryption adds overhead |
|
|
common concerns
|
PC’s without a TPM - only affects Bitlocker
Swap file is not encrypted - EFS Backup key - both |
|
|
BL vs EFS
|
Bitlocker EFS
Whole Drive Individual files and folders Uses TPM No Hardware, certificates User Independent Based on user Admin enables User enabled |
|
|
TCP\IP in a nutshell
|
defines rules for moving data across a network
protocol that powers the Internet Everything in TCP\IP is defined by documents Really a bunch of protocols rather than just |
|
|
Pieces of the TCP\IP protocol suite
|
MAC Address, serial number of your network device(burned into the device)
IP Address, subnet masks (which part is the group of computers, which is the host) Port Socket (a unique combination of IP address and port) |
|
|
Six ports to know
|
80 (HTTP)web sites, Hypertext Transfer Protocol
443 (HTTPS)secure websites 25 (SMTP) email, Simple Mail Transfer Protocol 143 (IMAP) Internet Message Access Protocol 110 (POP3) email, Post Office Protocol 3 21 (FTP) file transfer protocol |
|
|
IPv6 Latest version of IP
|
Solves the problem of not enough IP addresses faced by IPv4
Not interoperable with IPv4 Being adopted very slowly |
|
|
Nat64 devices are responsible for translating from IPv6 to IPv4
|
Nat64 devices are responsible for translating from IPv6 to IPv4
|
|
|
IPv4 vs IPv6
|
32-bit address 128-bit address
Around 4 billion addresses Over 340 undecillion addresses Best effort service ensures service quality Not disappearing soon Slowly gaining traction |
|
|
VPNs and direct access
|
Securely connect remote users to corporate resources
Extend the office network to wherever a user may be Use cheap Internet connections instead of expensive private connections |
|
|
Common VPN protocols
|
SSL Secure Sockets Layer (does not require any client software)
IPsec Internet Protocol Secuirty *Often combined with L2TP (Layer 2 Tunneling protocol) Uses either 3DES (Triple Data Encryption Standard) or AES Advanced Encryption Standard for encryption PPTP Point to Point Tunneling Protocol Configuring a VPN connection in Windows |
|
|
Improvements to VPN
|
Simplified deployment
Works behind NAT now Powershell and server core support supports multiple domains |
|
|
Requirements
|
Windows Server 2012 or Server 2008 R2
Windows 8 Enterprise, Windows 7 Enterprise, Windows 7 Ultimate Best case is Windows Server 2012 in the Data Center and Windows 8 clients out in the field |
|
|
Offline Domain Joining (Joining the domain over the Internet)
|
Two Factor Authentication
Authentication Method #1 + Authentication Method #2 ATM Card PIN Drivers License Password Finger Printer Hand Geometry |
|
|
Two Factor authentication requires two security factors before granting access
|
Types of Authentication Factors
Knowledge Factor - Something you know Possession Factor - Something you have Inherence Factor - Something you are |
|
|
Types of User Accounts
|
Domain Account - created by a Domain Administrator
Local Account Microsoft Account |
|
|
New User
|
Charms Bar
Settings Charm Change PC Settings Go to users Add a user Is it a child’s account, Turn on Family Safety to get reports of their PC use Computer Management Local Users and Groups Users New User User Name Full Name Description Password Confirm Password User properties options General Member Of Profile User Profile Profile Path Login script Home Folder Local Path Connect |
|
|
Microsoft Account
|
An account by names
Account exists up in the cloud Synchronizes settings between PCs Allows sharing content between users |
|
|
Microsoft Account vs local account
|
Works across Microsoft Sites and Services Create and manage locally
Synchronize Settings Settings stay private Purchase Windows store apps Install conventional desktop apps Easily share content online Cannot easily share content online |
|
|
Workgroup
|
Small collection of computers
Less than twenty computers(Microsoft recommendation) Each PC has its own accounts No control among PCs |
|
|
Homegroup
|
Eases file and printer sharing
Only works on a home network Relies on a shared password(workgroup requires no password) |
|
|
You must be part of a workgroup, but a home group is optional
|
You must be part of a workgroup, but a home group is optional
|
|
|
to create a homegroup
homegroup from the start Network type has to be set to private |
to create a homegroup
homegroup from the start Network type has to be set to private Options Documents Music Pictures Videos Printers and devices Media devices (Streaming to xboxes and such) Membership: (Contains the password) Search for home group, change home group password Change the password, walk through the wizard Option is given to print the password |
|
|
Domains and Forests
|
The foundation of Active Directory
Centralized organization and administration Every AD has a forest Every forest has a domain Domain->Forest->AD |
|
|
Trust Relationships
|
Transitive Trust (if one domain trusts another domain, and a third domain trusts that second domain, then the first domain trusts the third)
|
|
|
Easy resource access
|
Automatic and manual trusts
|
|
|
NetworkID Wizard
Select the option that describes your network PC Settings Your account, join microsoft account |
NetworkID Wizard
Select the option that describes your network PC Settings Your account, join microsoft account |
|
|
Domains vs Workgroups
|
Requires a server NO server needed
Easy Management PC individually managed Different Networks Same network Trusts home groups |
|
|
Windows Firewall
|
Network types in Windows 8
Public (Library, coffee shops) Private (Homegroup_ Domain(When your PC is a member of an AD domain) |
|
|
Network and Sharing
|
Network Type
Charms bar, settings charm, select network charm, turn on sharing (This allows us to change the network type) |
|
|
Port Firewall Exception
Deals with IP ports App Firewall exception (Only opens the window when the APP is running) Control Panel->Windows Firewall->Advanced Settings Windows Firewall-> Allowed Apps, Allows for Network types Rule Wizard would allow for us to select every options. |
Port Firewall Exception
Deals with IP ports App Firewall exception (Only opens the window when the APP is running) Control Panel->Windows Firewall->Advanced Settings Windows Firewall-> Allowed Apps, Allows for Network types Rule Wizard would allow for us to select every options. |
|
|
Windows 8 Tablets
|
A tale of two operating systems
Run existing Windows software Many products, Many OEMs |
|
|
Microsoft Surface Products
|
Windows 8 RT
Run on ARM processors, longer battery life Cannot Join AD of use Group Policy Office Home and Student 2013 (Doesn’t include Outlook) Windows 8 Pro Fast CPU, long battery life Can be domain joined Full Office and Office 365 Support |
|
|
Windows Mobility Center
|
Display brightness
Volume Battery Status Screen Orientation External Display Sync Center Presentation Settings |
|
|
UserConfiguration
|
Administrative Templates
Windows Components Windows Mobility Center Enabling it will disable access to Windows Mobility center |
|
|
Sync Center
|
Built in ability to sync devices to networks
Changes are integerated when connected back to the network Ideal for slow or inconsistent network connections |
|
|
Sync center
|
View Sync partnerships (can stop or schedule syncs)x
View Sync Conflicts View Sync results Set up new sync partnerships Manage offline files |
|
|
You need to set up enable manage offline files, otherwise you will receive an error stating that sync center cannot be set up
Then restart Always available offline for the network shares |
You need to set up enable manage offline files, otherwise you will receive an error stating that sync center cannot be set up
Then restart Always available offline for the network shares |
|
|
Start sync only if
|
the computer is not awake
computer has been idle for the computer is running on external power |
|
|
stop sync
|
if the computer wakes up from being idle
the computer is no longer running |
|
|
Exchange active sync
|
used by many windows 8 device
|
|
|
Protocol connecting mobile devices to Exchange
|
EAS configures mobile devices
device independent |
|
|
Administrators control how was works by creating policies
mobile devices pull policies from exchange server |
Administrators control how was works by creating policies
mobile devices pull policies from exchange server |
|
|
Recommended EAS Policies
|
Employees
Managers Executives and board members Employee policy the default policy require alphanumeric password Password expires every 7 days Force encryption on device and storage cards No attachments Managers Policy For middle management Require alphanumeric password Password expires every 14 days Allow attachments |
|
|
EMC Access
|
Microsoft
Exchange Organization Client Access Exchange ActiveSync Mailbox policies |
|
|
General
|
Allow non-provisionable devices
Refresh interval |
|
|
EAS Password
|
Require password
Require Alphanumeric password Enable password recovery require encryption require encryption on storage card allow simple password number of failed attempts allowed minimum password length time without user input before password must be re-entered password expiration |
|
|
EAS Sync
|
Sync Settings
Include past calendar items include past email items limit email size allow direct push when roaming allow html formatted email allow attachments to be downloaded to device max attachment size |
|
|
EAS Device
|
allow removable storage
allow camera allow wifi allow infrared allow internet sharing allow remote desktop allow desktop synch allow bluetooth Device Applications Allow browser allow consumer mail allow unsigned applications allow unsigned installation packages |
|
|
EAS PowerShell
|
PS commands Get-ActiveSyncMailboxPolicy {Policy to query}
|
|
|
gpedit.msc
|
User Configuration
Admin Templates Windows Components Store If enabled, will deny the store application |
|
|
What is app locker
|
Control how users can access and use files
Prevents malware and unwanted apps from running Define rules that work even after app updates |
|
|
AppLocker Rule collections
|
Executables
Scripts DLLS Installers Store Apps .appx (windows store applications) |
|
|
ApplLockers two-steps to success
|
1)Determine the file’s identity
2)Check if the file is in an allowed or denied list |
|
|
AppLocker requirements
|
2008r2
2012 winult and ent win8 ent |
|
|
application identity service must be running otherwise app locker will not work
|
application identity service must be running otherwise app locker will not work
|
|
|
Template location
|
Computer Config
Windows setting security settings application control policies applocker |
|
|
Applocker rule
|
Executable Rules
Windows Installer Rules Script Rules Packaged app rules DLL collection is missing by default {Right click app locker properties advanced enable DLL rule collection} |
|
|
Options for AppLocker
|
Enforcement
or audit audit will tell you would be denied |
|
|
If a file is not signed, create the following
|
file hash
path create file has rules for all files (group similar files) |
|
|
Applocker default rules
|
ensure system files will rule
cover all five rule collections #1 cause for systems not working after app locker enabled (if you break it, go into safe mode) |
|
|
Default executables rule
|
local admins can run all apps
everyone group members can run apps in the windows folder everyone group members can run apps in the program files folder |
|
|
Default script rules
|
local admins can run all scripts
same for mdi, default installer |
|
|
Sideloading Apps
|
Load Windows Store apps directly
|
|
|
Sideloading requirements
|
it requires Windows8 enterprise
PC must be domain joined (will not work on workgroup PCs0) allow all trusted apps to install group policy setting enabled apps must be digitally signed |
|
|
Office365 vs Office 2013
|
Subscription based single license
5 PCs per user only 1 pc per suser includes office apps, along with hosted service includes office apps only run apps from the cloud use only local apps |
|
|
SkyDrive
|
Word Document, automatically synchronized into the cloud
|
|
|
SkyDrive
free file storage online personal sharing with friends skydrive rpo share point library sync managed by organization collaborating with coworkers |
SkyDrive
free file storage online personal sharing with friends skydrive rpo share point library sync managed by organization collaborating with coworkers |
|
|
WET VS USMT
|
Windows Easy Transfer Tool User State Migration Toolkit
Consumer Focused Administrator Focused GUI Command line Wizard Driven Config files Single PC Many PCs Over the network you are going to need an easy transfer key |
|
|
WET
|
Customize, Let’s you pick what you want to transfer
Advanced options Allows you to map user accounts As well as mapping the drive See what was transferred See a list of apps you might want to install on your new pc (Provides an easy transfer reports) |
|
|
Folder redirection
|
Redirect common user folders to different locations
Get user files included in backup systems Access the same data from multiple locations works alone or with roaming user profiles |
|
|
Roams profiles
|
Moves user profile folders to network file share
take your settings with you Easy to link microsoft account Be careful moving between OS versions Windows RT cannot be joined to a domain |
|
|
User experience virtualization
|
Provides users a personal and consistent windows experience
Simple, flexible,and scalable UE-V Generator creates customization files quick and easy |
|
|
Action Center
|
Control Panel\All Control Panel Items\Action Center
|
|
|
Turn Windows Smart ScreenChange Settings
|
If you open the flag icon, it will alert you to the specific
|
|
|
Windows Defender
|
Guards against viruses, spyware, and other malware in real time
Not the Windows Defender in earlier versions Users familiar green,yellow, and red color codes to indicate status |
|
|
Windows defender will update itself in the background automatically
|
Windows defender will update itself in the background automatically
|
|
|
Real time protection vs on demand scans
|
Real time protection
On-Demand-checks for signs of infection |
|
|
Scheduling on-demand scans
|
Maintenance
Action Center\ Change maintenance settings |
|
|
Automatic updating for windows virus definitions
|
Change settings, check for updates but let me choose whether to download and install them (virus definition updates will not come automatically)
|
|
|
Scan options: Quick
Full Custom->Checks specific folders Update History-> Has a view details Settings |
Full
Custom->Checks specific folders Update History-> Has a view details Settings |
|
|
Windows defender does not automatically delete files, it just moves it into a quarantined area
|
Windows defender does not automatically delete files, it just moves it into a quarantined area
|
|
|
Settings
|
Real-time protection, can turn real-time protection on, turns a red bar on the top of the screen
Excluded files and locations-Allows us to pick locations on the drive we would like Win Defender to run programs Excluded File Types- same deal, just for file types excluded processes-executables advanced-allowing for scanning of compressed archives scan removable devices create a system restore point allow all users to view the full History results Remove quarantined files after - months maps-Allows users to report conditions in regards to malware]] don’t join basic membership advanced membership administrator-Turning on or off Windows Defender |
|
|
Windows Store updates can be found in the store (little number in the corner shows the number of apps that need to be installed)
|
Click updates or pulling out the charms bar, going to settings,"", and then app updates
|
|
|
Control Panel\System Security\Windows Update\Change Settings
|
Install automatically
download but let me choose check for updates never check for updates |
|
|
SmartScreen, under tools, smart screen filter, check website
|
Check this website
Turn off SmartScreen Filter Report unsafe website |
|
|
Windows SmartScreen
What do you want to do with unrecognized apps |
Get administrator approval
Warn before Allow |
|
|
Secure Boot and trusted boot
|
Secure Boot protects agains root kits and other boot hijackers
Takes software and installs itself before Windows Stores certificates for the OS on a chip Requires UEFI v.2.3.1 or newer Windows 8 logo certification requires secure boot support |
|
|
Trusted Boot
|
Prevents malware from changing Windows files
Stops malware from loading before protection systems run ELAM Uses a secure Windows file store to replace infected Windows components Does not require a windows 8 certified device |
|
|
Disaster recovery
|
Keeping versions with File History
Not a backup system (deals with versioning) Deals with “oops” Protects only certain files (by default) Libraries Desktop Contacts Favorites |
|
|
ontrol Panel
All Control Panel Items File History Options are restore personal files Select Drive to store previous versions(USB or Network Share) exclude folders advanced settings |
ontrol Panel
All Control Panel Items File History Options are restore personal files Select Drive to store previous versions(USB or Network Share) exclude folders advanced settings |
|
|
Versions
|
Save copies of files
(Every hour by default) Size of Offline Cache (5% of disk space by default) Keep Saved Versions (Forever by default) |
|
|
wHomeGroups
|
Create or join a home group (allows you to recommend this drive to other home group members)
|
|
|
Event logs
|
Open File History event logs to view recent events or errors
|
|
|
To restore a file
|
Click Home
Click History Opens the file history dialog |
|
|
What is Recovery Environment
|
Failover environment
Customizable Built from Windows Pre-installation Environment |
|
|
Refresh vs Reset
|
Preserves user files and settings User files and settings
removed Default and Windows Store Apps All Apps Removed Remain PC settings revert to defaults PC settings revert to defaults Restores Windows without losing Essentially a clean customizations install |
|
|
Managing Windows Clients with Windows Intune
|
Systems Management with a Twist (Cloud Based Service)
Management and software distribution for all of an organizations’s user devices Manage devices where they live Provide data protection Manage both corporate and personal devices |
|
|
Intune Features
|
Patch Management
MDM- Mobile device management Endpoint Protection- what devices have not run a scan in a while (Can initiate a scan from the console) AD Integration (Windows Azure AD) Web Portals (Two, one for admins, one for company users) System Center Configuration Manager Support |
|
|
Internet Explorer IE 10, will need access to desktop version due to using add-ins
|
Internet Explorer IE 10, will need access to desktop version due to using add-ins
|
|
|
accounts
|
Standard Microsoft account->Personal Account, not generally for work thing
Management account-> Typically assigned to the individual responsible for the accounts of an organization |
|
|
Identity Tab
|
-Check organizations users and groups
-AD is integrated with Windows Azure -Take user, assign Windows Intune license -Checkbox next to Windows Intune A Direct Manage.microsoft.com/Windowsintune |
|
|
Download and deploy the client software
|
Prepare
Download the software Open Double click the Windows Intune setup to run it Group policy will be able to automate this installation Will have to Additional items |
|
|
Linking a computer
|
Groups->All computers
Devices->Clients available (link user)->Select the user you would like to link the device |
|
|
Administration
|
Step 3, verify that computers are shown in windows intone and are linked to users
|
|
|
Windows Intune Center
|
Applications
Updates Enpoint Protection Remote Assistance |
|
|
Microsofts Desktop Optimization Pack
|
What is MDOP?
A product available to customers with Software Assurance Streamlines deployment management, and support Simplifies supporting Windows desktops |
|
|
Suite of Six different tools
|
MDOP Components
Virtualizations App-V (Application virtualization) UE-V(User Experience Virturalization) MED-V( |
|
|
Manage
|
AGPM (Advanced Group Policy Management Tool)
MBAM(Microsoft Bitlock Administration and Management) |
|
|
Microsoft BitLocker Administration and monitoring tool
|
Enforces bit locker policies
Monitors compliance Reports status |
|
|
Help the Help Desk with DaRT
|
Works even when Safe Mode doesn’t
Shift from reactive to proactive Multiple deployment methods |
|
|
DaRT to the Rescue
|
Create a disk
Select the tools to install The remote connection tool lets a help desk administrator run the DaRT tools remotely Allow remote connections *Let Windows choose an open port number |
|
|
Drivers
|
WinPE-Cmdlets
ScratchSpace Crash Analyzer Defender Includes the Windows 8 64-bit debugging tools Defender (for removing viruses) |
|
|
Create Image
|
It has a name
Create a wim Create ISO Create PowerShell script that recreates the DaRT image with the selected options (Duplicate the settings that were previously selected) Advanced editing Add or modify the files that will be used in the DaRT image that have been created |
|
|
Create a Bootable version
|
Blank Recordable CD,DVD, USB
Select the drive that you want to use |
|
|
Advanced Group Policy Management
|
Overcome common Group Policy management challenges
Role-based delegation Reviewer (compare GPOs, but not deploy them) Editor (Pull them out from the archive, edit them, put them back in) Approver (Review the submitted GPO changes, and deploy them) |
|
|
Advanced change control
|
Offline Editing
Cross-forest managment(normally it’s only within one forest) |
|
|
App-Virtualization
|
Streams applications on demand
Applications follow users not devices Isolate incompatible software Allows running of older versions of applications Ideal for situations calling for information only found on old applications helps virtual apps act like locally installed apps |
|
|
Microsoft Enterprise Desktop Virtualization
|
Removes barriers to Windows upgrade
Based on virtual PC Run XP and IE 6 and sites on Windows 7 No dedicated infrastructure required Not for Windows 8 |
|
|
UEV
|
Installers
1.0 1.0_SP1 (AnyCPU, x64, x86) If you know what platform you are running on, these run a little faster AgentSetupx64(installs the agent) ToolsSetupx64 (Installs the UEV generator) |
|
|
Users
Not microsoft account synchronization Event View Applications and Services Logs Microsoft UEV Agent Driver APP Agent Operational Verbose cd\ Get-UevConfiguration Get-UevTemplate |
Users
Not microsoft account synchronization Event View Applications and Services Logs Microsoft UEV Agent Driver APP Agent Operational Verbose cd\ Get-UevConfiguration Get-UevTemplate |
