Active Directory group policies, also called Group Policy Object (GPO), are one of my core topics. I have a lot to do with this in various projects and as a Microsoft trainer. As a result, I have accumulated a number of templates and links. This link collection should make your search a little easier. Only templates of the respective manufacturers or projects are listed here. I have deliberately avoided third-party guidelines.
The KMS Client serial numbers help you only if you have a KMS Server or use Active Directory based activation. Read more about KMS in our article KMS Overview. This may not yet be translated.
Update: Now with Windows 10, Windows Server 2016, Office 2016
Update 2: Now with Windows 10 LTSB 2019, Windows Server 2019, Windows Server SAC, Office 2019
Update 3: Now with Windows Server 2022
Update 4: Now with Windows 11 and Office 2021
Especially in test environments, you often need an older release of Windows 10, but how can you set Windows to a target release? Many companies are currently still using Windows 10 1909, and the Enterprise Edition is still supported until 11.05.2022. Unfortunately, I can only defer the feature upgrade in Windows 10 for 365 days. This means that a newly installed Windows 10 1909 updates to 20H2.
The German Federal Office for Information Security (BSI) has published new documents on Microsoft Windows 10 and how to secure it. I looked at the BSI security recommendations for Windows 10 before I wanted to report on them. The background to this is that in the past, publications in this direction were sometimes more than outdated when they were published or they were very superficial.
The Microsoft Windows 10 Sandbox is a new security feature in Windows 10 Pro and Enterprise. The idea behind it is to try something out in a safe “sandbox”. For example, installing a potentially insecure application.
Let’s get started with the sandbox game….
Let’s first look at the comparative figures between the last article from October 2019 and now. The Edge Bowser and Microsoft Office have seen the most changes.
This is part 2 of 4 of the article series. Part 1 is “Network installation with the Microsoft Deployment Toolkit – Part 1: Guidelines, preparation and setup”.
Configuring a Service Account
To access the network share, create computer accounts and perform other functions, a service account should be created for the MDT in Active Directory. This account must be given change permissions in the file system for the hidden share and the corresponding NTFS structure. It is actually sufficient to restrict write access for this user to the “Capture” folder. Read access is sufficient for the rest in this scenario.
For many smaller companies and organizations, operating system deployment is always a small to medium problem. Some use the pre-installed operating system, some install by hand, others clone the hard drives and a few use other tools. There are many methods and reasons. I compare the different methods and a few tools in the article “Possibilities of computer installations for companies“.
The Windows 10 Insider and Office Insider programs are again subject to changes. On Windows, rings will become channels, so it will be adapted to the Microsoft Edge Chromium Browser. This will also be the case for Microsoft teams. Microsoft Office already had channels, but the names and some other details will change.