Active Directory group policies, also called Group Policy Object (GPO), are one of my core topics. I have a lot to do with this in various projects and as a Microsoft trainer. As a result, I have accumulated a number of templates and links. This link collection should make your search a little easier. Only templates of the respective manufacturers or projects are listed here. I have deliberately avoided third-party guidelines.
The German Federal Office for Information Security (BSI) has published new documents on Microsoft Windows 10 and how to secure it. I looked at the BSI security recommendations for Windows 10 before I wanted to report on them. The background to this is that in the past, publications in this direction were sometimes more than outdated when they were published or they were very superficial.
The Microsoft Windows 10 Sandbox is a new security feature in Windows 10 Pro and Enterprise. The idea behind it is to try something out in a safe “sandbox”. For example, installing a potentially insecure application.
Let’s get started with the sandbox game….
This is part 2 of 4 of the article series. Part 1 is “Network installation with the Microsoft Deployment Toolkit – Part 1: Guidelines, preparation and setup”.
Configuring a Service Account
To access the network share, create computer accounts and perform other functions, a service account should be created for the MDT in Active Directory. This account must be given change permissions in the file system for the hidden share and the corresponding NTFS structure. It is actually sufficient to restrict write access for this user to the “Capture” folder. Read access is sufficient for the rest in this scenario.
For many smaller companies and organizations, operating system deployment is always a small to medium problem. Some use the pre-installed operating system, some install by hand, others clone the hard drives and a few use other tools. There are many methods and reasons. I compare the different methods and a few tools in the article “Possibilities of computer installations for companies“.
The Windows 10 Insider and Office Insider programs are again subject to changes. On Windows, rings will become channels, so it will be adapted to the Microsoft Edge Chromium Browser. This will also be the case for Microsoft teams. Microsoft Office already had channels, but the names and some other details will change.
Soon it is time, for Windows 7 the extended support ends on 14.01.2020. As with every end of operating system support the end comes “completely surprising”, okay, not really. At the beginning everything looks so far in the future, it is still x years time. But in the end, the problems appear.
I already saw this at the “surprising” end of XP. But there are also cases where migration is not so easy. Special problem areas can be interfaces to special Hardware. For instance, measuring workstations or production control systems. If a measuring instrument with current Windows 10 support directly costs a few tens of thousands of Euros, then you consider the investment.
This article discusses the different methods of computer installations for businesses. In technical terminology also called rollouts or deployments. Typically, such a concept is created when a large number of computer installations are required. Here are a few examples where it can be useful to rethink the previous way of working: