Active Directory group policies, also called Group Policy Object (GPO), are one of my core topics. I have a lot to do with this in various projects and as a Microsoft trainer. As a result, I have accumulated a number of templates and links. This link collection should make your search a little easier. Only templates of the respective manufacturers or projects are listed here. I have deliberately avoided third-party guidelines.
The German Federal Office for Information Security (BSI) has published new documents on Microsoft Windows 10 and how to secure it. I looked at the BSI security recommendations for Windows 10 before I wanted to report on them. The background to this is that in the past, publications in this direction were sometimes more than outdated when they were published or they were very superficial.
The Microsoft Windows 10 Sandbox is a new security feature in Windows 10 Pro and Enterprise. The idea behind it is to try something out in a safe “sandbox”. For example, installing a potentially insecure application.
Let’s get started with the sandbox game….
Let’s first look at the comparative figures between the last article from October 2019 and now. The Edge Bowser and Microsoft Office have seen the most changes.
This is part 2 of 4 of the article series. Part 1 is “Network installation with the Microsoft Deployment Toolkit – Part 1: Guidelines, preparation and setup”.
Configuring a Service Account
To access the network share, create computer accounts and perform other functions, a service account should be created for the MDT in Active Directory. This account must be given change permissions in the file system for the hidden share and the corresponding NTFS structure. It is actually sufficient to restrict write access for this user to the “Capture” folder. Read access is sufficient for the rest in this scenario.
For many smaller companies and organizations, operating system deployment is always a small to medium problem. Some use the pre-installed operating system, some install by hand, others clone the hard drives and a few use other tools. There are many methods and reasons. I compare the different methods and a few tools in the article “Possibilities of computer installations for companies“.
The Windows 10 Insider and Office Insider programs are again subject to changes. On Windows, rings will become channels, so it will be adapted to the Microsoft Edge Chromium Browser. This will also be the case for Microsoft teams. Microsoft Office already had channels, but the names and some other details will change.
Since I was often asked about my “coffee” BlueScreens pics, I make them available for download. I use them not only as wallpaper, but also for a little distraction in my presentation slides when it is time for a coffee break.