Pass Microsoft Windows 10 MD-100 Exam in First Attempt Easily

Introduction of Active Directory Domains, Remote Access, and Microsoft Cloud

1. A foundation for Microsoft Active Directory Domains

So I want to start out by doing a drawing to help everybody understand some of the fundamentals of where the industry was, where it is, and kind of where things are flowing right now, especially from the standpoint of Microsoft. So I want to kind of take you back in time a little bit and help you understand—it'll really help you understand—where things are moving right now if you can also sort of look at where things were at one time. So if you went back far enough, then, of course, I'm not going to go back too far. You had the 1960s. You had mainframes.

And as we moved into the 1970s, you also had mainframes, these massive computers that were like room-size or at least refrigerator-size in most cases. And then, as we moved into the 1980s and standardisation occurred in computers, the pricing of computers went down, and companies could actually afford to get what is called a personal computer. And of course, with the invention of that concept, you had what was called peer-to-peer networking. So this little thing that I'm drawing is going to represent a few personal computers. Let's say that in your organization, your company has 1000 computers.

Okay? And again, I'm drawing this out. A lot of times people ask me, "Why don't you just have it all drawn out?" Because I'm going to draw a bunch of things, and it kind of gets overwhelming when there are a bunch of things on the screen. So I like to kind of draw it out as I talk. Okay, so we start out with a bunch of computers. Let's say we have 1000 computers now, looking at it from an IT person's standpoint. As we moved into the 1980s and companies wanted to share resources with each other, there were different companies that played a role in this. Microsoft played a role in it with DOS and the land manager. And then a company called Novelplay had a huge role in it. Of course, there was also UNIX. And then we moved into the 1990s, and this became more and more popular as time went on. And as companies grew and started needing to be able to manage more and more computers, they needed a system for doing that.

And at the time, all we had was what was known as a peer-to-peer network, which meant every computer was sort of on its own; every computer was its own boss. And that meant that you had to sit down and configure each computer individually. Imagine doing that with 1000 computers. One solution to that was to create scripts—log-on scripts—that would automate the process of setting these computers up. But it was still a lot of work. And if you had to change one thing on one machine, you had to change it on the other.

And every computer had to have usernames and passwords that were separate from the others. And it just got crazy. So what Microsoft did, and again, we were kind of focused on Microsoft here, is they created the concept of what is called a domain. Their concept was based on some concepts that Novell had implemented and Unix had implemented. And by the time we reached the late 1990s,by the time we reached the late 1990s, microsofthad released Nt Four and had domains and thegoal of a domain with centralization. Microsoft has created a new directory service and a new concept for domains. In fact, the symbol of what is called a Microsoft domain is the symbol of a triangle. OK? So they created this triangle, this domain, and the domain would act sort of as the security boundary for your company, all right? for your computers. So your computers would go inside the security boundary. You had 1,000 computers here. Part of the security boundary, of course, is something that you do need to deal with, and that is servers that could help you manage these computers. So with that, Microsoft had what was called a domain controller.

The domain controller is a server that has a special database. All right? This little cylinder-looking thing that I'm drawing is going to be the symbol of a database right here. and that database is called Active Directory. Okay? Ad Active Directory is the directory service structure that manages our Microsoft domains. Now that directory service is where your user accounts, password groups, and all of that stuff is going to live. And with the creation of domain controllers came these things called group policy objects. GPOs allow us to deploy restrictions and settings out to all these machines. So I have the ability to implement this thing called the GPO. And the GPOs can apply to all of these computers, and they get configured based on the GPO. And of course, generally speaking, when it comes to a domain controller, a DC, you want to have more than one of those. And why do you want to have more than one domain controller to manage everything?

Well, it's kind of the same reason that we want If you go to the grocery store and get a cartload of groceries, check out, and take your cart load of groceries to the front of the store to check out, the last thing you want to see is one cashier open, one cash register open to check you out. What do you want to see when you get up there? You want to see a lot of open aisles of cash registers with people working those cash registers so I can check out and buy my stuff and leave. What I don't want to do is get to the front and find only one cash register open and a line of people waiting to get out. Well, here's the thing. All of these computers right here, these 1000 computers that I have, need to talk to these domain controllers. If I only have one, then you've got one machine that's basically having to manage everybody. so you want more than one.

There are basically two main reasons why we have more than one of anything, right? redundancy, also known as fault tolerance and load balancing. So if one domain controller fails, we've got another one running. And the other reason is for performance. We don't want all of these clients and all of these machines to have to just go to one domain controller. We prefer that they visit several places. Now, the other great thing about domain controllers, when you think about domain controllers, is that domain controllers replicate. So, let's say that this little smiley face guy that I'm going to create here, okay, kind of a jacked up smile, this little smiley face guy that I'm going to create here, is a user account, all right? So what will happen is that your user account will be deleted. You created this user account on this domain controller.

Guess what? It's going to replicate to this other domain controller over here, and it synchronises that way through what is known as Active Directory replication. So this little arrow that I'm drawing is just kind of indicating to you that they're replicating together and all that stuff. So if you were to come to me and say, "Why do I need to have a domain?" Why not just stick with the old style, which is peer-to-peer networking? This is what I would tell you. I would say centralization. That's why I can tell you why ActiveDirectory is so important in one word: centralization. A lot of people would say security is important, but centralization is why this is such a key thing we use in our environments. I can manage everything I want using these domain controllers I want.My company can actually have multiple domains. There's this thing called trees and forests. I'm not going to get into that right now, but I can manage my infrastructure using Active Directory. Now, there are some other key fundamentals to understand about Active Directory. First off, the naming system that Active Directory uses, the domains used for managing everything, is based on the DNS domain name system. Okay? Your domain's name will have to be named based on a DNS style name. But on top of that, you have to have a server that's going to manage all that.

So we have to have something called a DNS server, a domain name system server. And what's that going to do? Well, we need domain name servers for the same reason you have an address book with your phone. You don't really like having to memorise lots of phone numbers, right? So you have an address book, you're able to type somebody's name and their phone number in, and then later you can access their name and get access to the phone number and make the call. Well, DNS does that, except it does it for IP addresses. All these devices have IP addresses, and they're going to be registered into your DNS database. Saying that database implies that there must also be a database on that DNS server. The DNS database is often called a zone database.

It's often called a namespace database. We had to have DNS. Now what's going to happen is that these computers are all going to boot up, including if I had a server; these computers are all going to boot up, and they're going to register with DNS, including this file server guy here that I'm making. I'm going to call him a file server. So they're going to boot up, and they're all going to register their names in DNS. The domain controllers are going to register. The file servers are going to register. Everything's going to register inside DNS. This is a topic known as dynamic DNS. And this is going to allow computers to all register. Now what happens is that every one of these machines—your client computers and your servers—all have to locate DNS by their IP settings. And they're going to ask DNS who these guys right here are so that they can all authenticate.

So these clients, when they boot up, are going to say, "Hey, DNS, do you happen to know who my domain controllers are for my environment?" And DNS is going to reply back with this information, known as service records SRV information). and it's going to point the client to these domain controllers. The other great thing about Active Directory is that Active Directory supports the ability to point people to the nearest domain controller so that they can log on and get authenticated. The authentication system that Active Directory uses is based on a protocol called Kerberos. When you hear that name, protocol, I want you to think language. It's basically like the language they speak. And Active Directory security and querying language are built off of two protocols, really. One of them is LDAP (Lightweight Directory Access Protocol), which is essentially a query language, and the other is Kerberos, which will be the security authentication language that it employs.

Okay? So as we moved into the year 2000, Active Directory was released. And this is the big thing everybody's doing. And of course, the big thing, too, is that we also have to have an Internet connection. So this little cloud thing that I just made here is going to be my Internet connection. And so we've got an Internet connection coming into our company here, and we're also going to have to protect our Internet. So we're going to have a firewall. So this little guy right here will be my firewall. And my firewall is connected to my internal network as well as my outside Internet connection. Of course, routing is involved there and all that stuff as well. All right, so the Internet is the big thing. Everybody wants to be on the Internet, be secure, and build access resources. Microsoft is making technologies that are available to do this, though LDAP and Kerberos are both internal-based technologies that are not really stuffed. something that you are exposed to on the Internet, which is why you have to have protection and all of that.

2. A foundation for Remote Access, DMZs, and Virtualization

So occasionally, you might find yourself in a situation where somebody from the outside world needs to get in. And there are two real ways to approach that. One would be somebody who is part of the company, like maybe this guy here. And he needs to access resources inside the network here. So maybe the file server or some of these clients or something like that So what we could do is set up this thing called a Raz server, or Ras Remote Access Service. Raz supports something called a virtual private network). VPNs would allow people to remotely connectin, securely encrypted to that Rasp server. They could then access things like the file server and other things like that. And so, that's all wonderful and great.

The one thing VPN users must do is authenticate; they must prove their identity. What about this situation, though? What if your company wanted to host a Web server? All right, they want to host a Web server like this little box that I'm drawing here. And they need to make that Web server available to people anonymously. In other words, individuals who are not employees of our company. Well, you run into a slight issue there. The issue you run into is where do you put this web server? If you put this web server here on the internalnetwork with your stuff, you're basically letting someone who isnot part of your company, you're letting someone who isnot part of your company access that web server. If this person right here is not an employee and is just an anonymous person on the Internet, we don't want that person to be able to gain access to this web server. Hackers can do this thing called pivoting. Pivoting is where a hacker gains control over this server and then is able to actually pivot to other servers.

So that would be a bad thing. We don't want that. So one thing we could do is store this Web server on the outside. We could store it out here, outside our firewall. Of course, the problem you run into there is that you've not left the server any protection. Basically, the server is outside your firewall. And at that point, it's completely exposed to things on the Internet. So the general rule of thumb that everyone followed was that they would get another firewall. So you'd get a second firewall. just going to copy this guy right here. And we would put that firewall right here. And that is called a DMZ, a demilitarised zone, also known as a perimeter network. And what you would then do is put rules in place on these firewalls so that people out here could get in through this firewall and access the server.

But you have this firewall acting as an additional layer of protection to stop things from getting in from the outside world to the inside world. Okay? So this was a pretty traditional approach. This is the way we've done things for years. We've centrally managed things through ActiveDirectory domains in the Microsoft world. And it's a fantastic solution that has worked flawlessly. Another thing that we've had for years is the concept of having internal servers that do different jobs. For example, we might have an Exchange Server, which is an email server that Microsoft supports. It's their email product, actually. And we'd have an on-premise email server where people could check their email and everything from the outside to the inside. There were some things you had to implement to do that. Another thing we had was SQL Server. SQL is Microsoft's database product. So we'd have SQL Server handling databases for us, and we would have something called SharePoint, which allows us to set up some different types of sites that employees can use for things. And we could do Skype for Business—all of these different things. Skype for Business has been Microsoft's voice-over-IP product for the longest time. And we would have—I'll just put "Skype for Business" to represent that we would have all of these servers in our internal environment. And guys, this is the traditional approach. The way we've done things for decades, if not years, is the way things have always been done. So now what I want to talk about is moving into the future. As time went on, as we moved into the end of the 2000s and the early 2000s, there was a concept known as "virtualization."

Now I want to warn you guys that the concept of virtualization is not a new one. A lot of people think it is; it's actually not. The term "virtualization" has been around since the 1970s. There actually was a Unix-based operating system that had a thing called a hypervisor that could do virtualization. It's just that virtualization really didn't blossom until the early 2000s, when a company called VMware discovered and created some really awesome features that could allow companies to take advantage of something called elasticity. So I want to talk about that for a minute, the concept of virtualization.

So what I'm going to do is move these servers over here for just a minute. We're going to move them out of the way. And what happened was that, using the concept of this company called VMware, they discovered that instead of us having to buy four different servers, they could create a way for us to take one physical server with a lot of power, a lot of performance, CPU, memory storage, and put all of that on this one server. And the server is known as a hypervisor in Microsoft World, which is the world we're living in right now; it's called HyperV. Okay? So there's VMware, which is a third party, and there's Microsoft HyperV, which is sort of what we learn about in this course. So HyperV's hyper-virtualization allows us to virtualize these servers. Think about it. If you can emulate hardware, okay, CPU, memory, storage, and networking, then you could technically set up and operate systems that run on that emulated hardware.

Well, those are called guest operating systems. These right here are virtual machines running guest operating systems. Of course, the scary thing about that, the thing a lot of people freak out about, is they're like, "Well, if one of those servers fails, okay, if the Hyper-V server fails, I should say if it fails, you lose all access to all your servers." Well, see, that's the beauty of virtualization. It's very easy for us to actually just get two servers, okay? And we can do something called clustering, where we connect these together and have a duplicate. Now, if one server fails, we still have that other server. In fact, these two servers can actually even be in two completely different offices if we want, okay? So I can have them in two different branch offices if I want.

So notice that this is going to save us a lot of money on hardware and all of that. Here's the other beautiful thing about virtualization that they created. It's called elasticity. Elasticity involves the ability for your virtual machines to be able to request more resources when other virtual machines aren't using them. So, for example, if the Exchange Server is using, let's say, 20 gigs of RAM and the SQL Server needs 30 gigs of RAM, And the Exchange Server currently does not need all that extra RAM; it can release that memory that it's not using. And the SQL Server can use it, benefit from it. And then if the SQL Server no longer needs that memory, it can release that memory, and the Exchange Server can get it. And this is what elasticity is all about. And what you're going to find is this. This is the forerunner of cloud computing.

3. A foundation of the Microsoft Cloud Services

Okay? So I want to talk with you now about the concept of cloud computing. Okay? So first and foremost, the concept of cloud computing is really not a new concept concept.A lot of people think it is a new concept. It's not. First off, the term "cloud" has been around for a very long time. Although the term "cloud" now definitely means a few different things than it used to 20 years ago, the concept of "cloud computing" now is that you are hosting something as a service on the Internet. Now, this is not a new concept. I like to use this analogy, okay? Essentially, think about the cars that I own. So I have a wife, and I have some daughters.

My daughters have their own vehicles. And so I've got to deal with a bunch of vehicles in my driveway. And of course, my vehicles sometimes break metimes brSo let's say that I want to manage the repairs on my vehicle myself. My vehicle. What I could do is purchase all the equipment needed to make myself an auto mechanic shop out of my garage. I could turn my garage into an auto mechanicshop, and I could deal with the repairs myself. I could get a hydraulic lift. I could buy all the tools. I could get all the training and everything that's needed to do these auto mechanic procedures myself, okay? Or instead of me spending the money to do all that and get all the knowledge and keep the equipment updated and all that, I could pay an auto mechanic shop that does that job as a service, okay? And I don't have to deal with it, guys.

That's what cloud computing is. You're basically paying somebody else. You're paying for a service to be hosted for you. So here's what's happened. Companies like Amazon, Microsoft, and IBM have built these huge data centres full of equipment. So you're talking about lots of server blades. You're talking tonnes of processing power, tons of RAM, and tonnes of storage. You're talking about the best fiber-optic network equipment—load-balancing equipment, firewall equipment. Everything is built in these warehouses that have been placed strategically all over the world, okay? so that they get a tremendous amount of redundancy. And so from there, these data centers are what make up what these companies are calling their cloud.

This is connected. These clouds are connected to the Internet. All these data centres are connected to the Internet. and they're all connected together. and it's an ever-changing thing. It can grow. It can shrink. Different locations can be opened up. Now, Microsoft's main cloud technology is called Azure. Now, I'd like to introduce you to an acronym related to IaaS. IaaS is infrastructure as a service. And Microsoft Azure is Microsoft's infrastructure as a service product. I also want to throw out that "show" about how I pronounce the word Azure. Some of you guys may pronounce it "Azure." Azure One time I actually went out and tried to research the proper way to say that word, and I was watching the developer videos of the Microsoft guys who created it. And guess what? They all pronounce it differently, too.

Some people call it Azure. Some of them refer to it as "your Azure." So, tomato, tomato. But Azure is Microsoft's infrastructure-as-a-service cloud product. And what it is is that, basically, you will get access to their cloud if you get an Azure tenant subscription, and you can host virtual machines out on their cloud. So if I wanted to, I could actually host all of these things that you see on premise. I could host them on their cloud if I wanted to, in their cloud environment. And they give me access to a directory service called Azure AD (Azure Active Directory) that's going to let me link to all of my user accounts, passwords, and all that. If I wanted to link these two together, MyOnPrem Active Directory and Azure Active Directory, I could, but I'm not going to get into that just yet. So I get access to virtual machines. I get access to Azure ads. And the great thing about it is that I just pay for what I use. I pay for the CPU usage I use, the RAM I use, storage, networking, and some of the appliances like load balancers and things like that that I use. And they give me access to all that. Now there are two other cloud terms that I want to introduce you to. The first is PaaS and the second is access toPaaS is platform as a service, okay? And SaaS is software as a service. Now. Microsoft originally referred to their PaaS and SaaS technologies as PaaS and SaaS, respectively. They were calling it Office 365. But this confused everybody because when you hear the term "Office 365," everybody thinks of Word, Excel, PowerPoint, and all that. This cloud environment is a lot more than that. So what they ended up doing in the last year or so was renaming this to Microsoft 365. So what you're going to find is that when they are referring to the IaaS portion of their cloud, they use the term "Azure."

When they're referring to the PaaS and SaaS version of their cloud, they're talking about Microsoft tion of tSo what do you get with those? So platform as a service means they're hosting a software-based platform for you that you can use, manage, deploy, and all that. So for example, I get Office 365. I get the platform behind that for deploying Office 365. But I also get something called Office Online, which is the software-as-a-service version of that, which is where I have apps that users can access in the cloud. I also get the Exchange Online platform. So I get Exchange, email, and all that stuff hosted in the cloud. I get SharePoint online. Okay.

So I essentially get SharePoint made available to my people. I get Skype for Business, which of course is now called Teams, which is their big collaboration technology that you're going to use for collaborating and chatting, video conferencing, voice over IP, and all that good stuff. As part of the deal, I get this thing called Intune, which is Microsoft's MDM technology that gets into the concept that you can control smartphones, tablets, laptops, and even desktops in your own environment. And this is very similar to what SCCM does, if you know what that product is: System Center Configuration Manager. But it doesn't necessarily completely replace that. It's a cloud solution for managing your devices. And you even get a feature called Autopilot that I'm going to talk more about, which is being able to automate the deployment of your computers. Okay? So you get a tremendous amount of capability. You get something called "Security as a Service," where you get access to all these tools for managing classifications and encryption and being able to do eDiscovery for forensics and evidence collection. There are so many things they're giving you.

I don't have enough room, honestly, in my little cloud diagram to draw everything that you get because you just get so much. You also get one drive for business. I'll just put Ford B-One Drive for Business, which is a cloud storage solution. You get so many things with it, and it acts as a subscription service. Now, the other thing I want to mentionis that you can link your on PremEnvironment, which is Ads'your on Prem Environment iscalled from Active Directory standpoint, is called cription sstands for active Directory domain services. Okay? Active Directory Domain Services. That's what that acronym stands for. And so what you can do is connect Active Directory Domain Services with Azure AD if you want, and you can synchronise things. I can set up a server called Azure Ad Connect. All right? Azure AD Connect is a special server that you can use to synchronise your on-premises Active Directory user accounts' passwords into the cloud.

Now, do you have to have a separate server? It can actually be a domain controller, but it is recommended that it be a separate server. Okay. And that server is going to synchronise whatever you want. Do you have to synchronise all of your user password groups out to the cloud? Absolutely not. You have control over what actually gets synchronized. They call this a hybrid solution. A hybrid solution is where we link our on-premises Active Directory with our cloud scenarios and cloud functions and synchronise whatever we want to synchronize. This gives you an idea of where Microsoft is going. Microsoft is definitely heading towards the cloud now. Are they just abandoning everything on premise? Absolutely not. We still have access to all of that stuff. It's still available. But what they're trying to encourage everybody to do is utilise their cloud environment. Now, one thing I want to point out real quick—that's different. With Azure, the IaaS service that they're using, you're going to pay for the usage of the CPU, the memory, and the storage. With Microsoft 365, you're just paying a subscription fee for these products, and you can use them as much as you want. There is no such thing as CPU memory limitation.

You're going to actually find that the two technologies complement each other. So when you actually get a Microsoft 365 account, you're going to still have access to some of the Azure stuff. and if you want to host things like VMs and all that, you can. So the great thing about the cloud is that, with the creation of virtualization and elasticity, this is what cloud computing really is all about. You're able to host this stuff online, and it can use elasticity. You need more CPU.

Power. It can give it to you instantly. You need more RAM; it can give it to you instantly. You need more storage, whatever it is; they can scale you out. And then when you're not using all those resources, they can scale you back. Okay? So hopefully this gives you a really good foundational understanding of where things were in the past, where we are now, and where Microsoft is going. And, as you can see, their heads are in the clouds right now, as they say. They're definitely trying to coerce people into moving into clouds, and even in all their different exams and courses, this is sort of the big thing that they're focused on right now. It's.

Hide

Deploying Windows

1. Understanding the different editions of Windows 10

Here. There are several options, including Home Professional Professional Workstations Enterprise Enterprise LTSC. Which is the long-term servicing channel? Essentially. It's able to push updates off for a longer period of time, but I'll talk about that later. There is pro-education and then there is education. Okay? And the highest-level products that you see there are the ones labelled Enterprise and the one that just says Education. You have the most features out of those. We're going to take a deeper look at some of these features as we go along here as well. But there are even a few offshoot versions of Windows 10 that are not listed here.

These are the main core additions that you're going to find out there in most environments. Now, if we take a deeper look, we're going to start with the Home Edition. And the home edition you'll notice comes with Cortana, which is Microsoft's AI. That's artificial intelligence. It's like a little search engine, and you can work with Cortana on things and have Cortana search for things, add things to your calendar, schedule alarm clocks for you, and all sorts of other things that you can do there. And Cortana just acts as an artificial intelligence when it comes to working with you on different things and searching for things. You have an Edge Web browser now. The Edge Web browser is Microsoft's newer browser. It was put out to sort of replace Internet Explorer. They rewrote this browser from the ground up. There was no underlying Internet Explorer code. And of course, eventually they actually decided to go with Chromium, which is Google Chrome, as their web browser. So they've actually created a version of Edge. Now the newest version of Edge is actually built on Chromium, which is based on Google Chrome. You have the tablet mode, which allows you to jump back and forth between desktop mode and tablet mode. This is especially helpful if you have a Surface tablet touchscreen.

You've got especially helwhich is Microsoft's biometric technology. This will support things like facial recognition and other biometric technologies. You can receive updates and features directly from Microsoft, and some of those updates can be deferred to a certain extent. You have photos, mail, a calendar, music, and video; that's stuff we've always had. That's just the normal entertainment features that come with Windows Ten. We have the Universal Windows Apps and store.So this allows us to go to the Microsoft Store. If we have a Microsoft account and we can get free apps, we can purchase apps. It's just like any other app store, and it's cross-platform supported, which means we can jump between desktop, laptop, and Surface tablet, and we can use our apps across those different platforms. Then you've got Windows 10 Pro.

Windows Ten Pro comes with more business-oriented features. So not only do we have all of the Homebase features, but we've got these business-oriented features as well. We have Windows Autopilot. Windows Autopilot is going to allow us to control the deployment and installation features of a Windows Ten computer. Now, it doesn't actually deploy an image down to a Windows Ten computer, but it can provision an existing copy of Windows. So this allows companies to go and purchase a bunch of computers from somebody like Dell or an OEM. And those computers, as they arrive and get booted up on your network, can actually talk to the cloud, determine that they're supposed to be configured by Autopilot, and Autopilot will configure what is known as the "out of box experience," the OBE, and then configure settings.

And with the help of this thing called Intune, you can have all sorts of applications and software downloaded and installed on somebody's machine, as well as updates. So that does a lot. I'm going to talk a little bit more about that. You have Windows Update for work. This gives us more control over updates in our environment. You have Domain Join, which again lets you join a Microsoft Active Directory domain and take advantage of centralization. You have azure. Ad join. That's the cloud side of things, where you can link Windows Ten to the cloud and take advantage of those services. We have Group Policy Management for controlling restrictions and settings on people's machines. We also have BitLocker, which will encrypt our hard drives and our partitions. We have HyperV, which is a hypervisor. This is Microsoft's virtualization product.

This allows us to deploy VMs and install VMs on our machine. So you can actually install HyperV on your Windows 10 Pro computer, and you can run VMs and virtual machines. And this is great for testing. This is also great if you needed to run some kind of older legacy application; you could put a legacy operating system on there and do it through HyperV if you needed to. Finally, there is the Windows Store for business. This is a private store that your company can set up related to the Microsoft Store, where they can purchase apps for their employees and then make those available through the Windows Store for business. And this is what Microsoft calls the modern deployment method for apps. And it's also known as "self service," meaning users can go to the store and download the apps that are available and install those apps. Normally, users cannot install applications on their computers, but if you make apps available through the store, the users can go and get those apps. Now one thing I want to say about that store immediately, though, is that it's not necessarily for us to sell things. We're not looking to sell apps in the store. We are purchasing apps for our employees, and those employees can go and download apps that have been made available to them. Now, in Windows 10 enterprise, you get everything that Pro had, everything that Home had, and then you get some more advanced features. You get Direct Access, which is kind of like a VPN. It allows computers to establish a connection—whether they're on their own network or whether they're outside the network. They can determine which environment they're in, and they can establish a secure connection, remote access-wise, to their company's network. We have the always-on VPN, which is similar to direct access.

There are a few differences there that we'll get into more, but the Always-On VPN is also a VPN connection that can detect different situations that a computer is in. And, believe it or not, Always on VPN is gradually replacing Direct Access; we'll go into more detail later. You have a window to go. Windows To Go allows me to install Windows 10 on a flash drive. So I can actually install Windows 10 on a flash drive and carry it around in my pocket, and I can plug it into a computer and boot off that flash drive. And I've got Windows 10 with me right there on that USB drive. I have an app blocker. This is a feature that came out originally with Windows Seven. It allows me to use group policies to control the applications that you're allowed to run on your computer. GPO provides you with a start screen. So the start screen that Windows 10 has, you can completely control that using group policy objects. If you've got Windows 10 Enterprise computers, you have Windows Defender App Control.

This is sort of what is replacing AppLocker, a newer way to deal with controlling the apps that people can install. And you can actually do more with Defender App Control than you can with AppLocker. You have application guard windows and application guard defender. This makes it so applications can run in a containerized environment, which is a virtual container that is protected from malware penetrating it as well as malware making its way out of this container. This is something that I'm not going to spend a lot of time on right now. But one thing I will say about Application Guard is that it requires the Edge web browser. When you're browsing websites, you have to use Edge to open apps through the web, and it really enforces that. That's another feature that AppGuard has. And the Application Guard feature itself is a newer feature that's just come out over the last year or so. So then you have App-V Application Virtualization, and that feature is where you are installing an application and all of its files into a single container, known as a virtualization container.

It's basically a file that contains all of your application files. And that file can be encrypted and protected, and it can control exactly who can run it, when they can run it, and if they're allowed to run it offline. This feature has actually been around for a few years. This is not really a new feature, but it may be new to you. You may not have heard of it before. You have the user experience of virtualization as well. This feature has been sort of replacing the concept of roaming profiles, if you know what that is. This allows users to jump between different Windows machines and then have all of their settings and things follow them wherever they go. In other words, if I sit down at a Windows 10 computer and log on with my account, set my application settings for Word and Excel the way I like them, and configure things the way I want them, and then go over to another Windows 10 computer with my same account, those settings can be over there with me as well.

They'll follow me. So this is what they call the UEV user experience. Virtualization will do for me. Now, lastly, we have what is called Windows Ten S mode. S Mode was released to be a more secure version of Windows Ten. It's actually a lighter-weight version of Windows 10 because it's very restrictive. The S mode is a Windows 10 mode that only allows apps that are installed through the App Store. So it's kind of like your smartphone, right? A lot of your smartphones, like an Apple smartphone, for example, only let you install apps through the App Store. It's kind of like that. Android is a little bit looser on that end than Apple, but it has the same kind of concept. Well, Microsoft released Windows 10 S Mode to do that same restriction, which is to control what apps get installed and make it so you can only install apps through the App Store. You also have to use the Edge Web browser.

Now, originally when they released this, when you put your computer in that mode, you couldn't get out of it, and it made a lot of people mad. Eventually, Microsoft did release a way to get out of it. So if your Windows 10 computer is in S mode and you buy a computer that's automatically in S mode for Windows 10, you can actually download an app that will turn off S mode. It's kind of funny. Your S mode is only going to allow you to download apps from the App Store, and you actually have to download an app that removes S mode.

Okay, so S mode is a mode that Windows 10 can be put in, and some of the newer computers are being sold and Surface tablets are being sold in that mode. But Microsoft did make it so you can get out of it because a lot of people are still wanting to be able to run regular applications that they download, even though that is a security risk. Microsoft tried to force their hand on that, and I think eventually, with enough complaints, they made it where we could disable that if we wanted. So hopefully that helps everyone understand the various editions of Windows 10 in general.

2. The different deployment types and tools used in Windows 10 deployments

So to start with, we're going to just break down some of the different deployments. The first type of deployment you have is called a fresh install. This is also sometimes referred to as a "high touch" installation. I've also heard it referred to as an HTI high touch) deployment. So the idea of a high touch installation isthis is sort of just like a traditional. I'm going to go get a copy of Windows 10 on a DVD and put it in my computer, and I'm going to install from there. And just while we're there, we baby the entire computer through the entire installation. And as you can imagine, if you were trying to do a lot of computing that way, this was going to take a very long time. If my boss walked up to me and said, "Hey, I need you to deploy 50 new computers as quickly as possible," running around with 50 DVDs is probably not going to be the fastest way to do it.

Of course, another option would be having Windows 10 on a flash drive and running around and putting flash drives in with Windows 10 and installing that way. Again, that's a high-touch installation that's going to take you a long time to go through, and it wouldn't be a very pleasant thing to do if you had to do a bunch of computers at one time. Now if I'm just doing one computer and it's my own computer and I don't have what's known as imaging set up, then yes, we can do it and get it done. It's not going to take too long for one computer. But if you had to do a bunch of computing, that's where things get interesting. Then you've got imaging. Okay? So imaging is going to use different tools to do this. And the first style of imaging is called a light-touch touch Installation.LTI, also known as Limited Touch Deployment, Now, with that, you're going to download something called the Windows 8 K. the Windows Assessment and Deployment Toolkit. And then there's also something called the MDT. the Microsoft Deployment Toolkit. Both of these are free. The Windows Eightyk comes with a whole bunch oftools that allow us to control the deployment process. And the MDT is sort of a little workbench that we can graphically sit at and deal with all of our deployment assets in one place. I'm going to talk more about both of these issues that are coming up here. The lightly touched installation, though, is going to let us deploy a bunch of computers at one time. But we are going to have to put our hands on the keyboards, right? We're going to have to power the computers up, put our hands on the keyboard, select a few options, and then away it will go.

We can definitely do things faster this way than if we were to try to do a high-touch installation. So if I was installing 50 computers, for example, I could definitely go through this route a lot faster. Okay? Now if you've got the money, you can actually utilise what is known as a "zero touch" installation. So this is imaging using the MDT, the Microsoft Deployment Toolkit, and SCCM, System Center Configuration Manager. Okay? In the 1990s, there used to be a product called SMS, and then eventually, in the early 2000s, they renamed it to Sccm System Center Configuration Manager. Keep in mind that they'll also just refer to this product as Configuration Manager. Now SCCM is a paid product. You have to purchase it. It's a licenced product. It's very advanced. There's a lot to it. OK? Microsoft actually has five-day courses just on this one product.

So that should tell you a little something about it. It's a big deal, lot tolearn there, but very, very powerful. One of the powerful features that Sccm comes with is the ability to achieve what is called "zero touch" installation. Okay? With zero-touch installation, I can set up an SCCM server in addition to having Windows 80 KMT. And there's another service we are going to talk about, the Windows Deployment Service, that will control the entire deployment process. So I could actually schedule a deployment to begin on Friday after hours for these 50 new computers. And no joke, SCCM can do "wake on LAN," where it will actually wake computers up. Deploy the operating system down to it, update it, deploy the applications, join it to your domain, activate it, and then shut the things down before Monday. So you could set these computers up on a Friday, come in on a Monday, and they're all ready to go. So it's very powerful.

Okay? And then of course, there's Autopilot. You may remember me mentioning Autopilot in one of the previous lectures. So Autopilot is a cloud-based feature. This is not really deploying an image. The idea of Autopilot is that we can go and purchase a bunch of computers from somebody like Dell or some other OEM. Choose an OEM, an original equipment manufacturer, which is basically a computer vendor. We can purchase these computers, and if we know what the hardware ID, or device ID, is, which is like the serial number of the computer, we can actually associate that with our Microsoft cloud service. And Autopilot can install and configure things on that machine. Mostly what's going to happen is you're going to put the machines in place, turn them on, and they're going to automatically connect to the cloud. If they have an Internet connection during the "out of box" experience, autopilot is going to control that "out of box" experience and then it'll be joined to our cloud. And we can have software deployed via this thing called Intune, down to those machines—updates, applications, configuration settings, all that.

This is considered a modern approach to deployment, whereas imaging is more of a traditional approach, and a fresh install is considered a traditional approach. Autopilot is considered a modern approach, and it uses the cloud, and that's going to be one thing to try to keep in your head about it. Okay? The last thing we got there was an upgrade. In place upgrade refers to the process of upgrading an older operating system to Windows 10. For example, I'm upgrading from Windows Seven directly to Windows Ten or 81. directly to Windows Ten. That is what an in place upgrade is. So the great thing about an in-place upgrade is that you don't lose any applications or anything else that's installed on the computer. You keep all of that in place, and it just upgrades you straight to Windows Ten. The downside to an in-place upgrade is that if any of the applications that are existing on the older operating system have problems, those problems can make their way into Windows 10. Let's take a deeper look now at the Windows Eighty K.Okay, so the Windows 80K is something that you can go out and download. You can get it from Microsoft's Web download website, and it's going to come with a bunch of tools. This Windows 80K is not really a new thing. It used to be called Wake, okay? Back when Windows Vista and the early days of Windows 7 came out, and then eventually they renamed it to Windows 80K, All right? So it used to be the Windows Automated Installation Kit and got renamed to Windows Eighty K.The only reason I tell you that is to be careful because you could see some references to the older package. especially if you're taking the exam.

You can see references to the older name for it. and the newer name for it is Windows 80K. which is what you want to have in your mind. So what do you get with the Windows 80K? Well, the first thing you get is action. ACT is the application compatibility toolkit. Act will also allow you to test applications that are already installed on existing operating systems. Imagine this: I've got a bunch of Windows Seven or Windows Eight computers that need to be upgraded to Windows 10. But what we're afraid of is that perhaps those applications may not be compatible with Windows 10. I can use ACT to scan all of those computers in my network and tell me if they're running applications that are not compatible. Now in some cases, you can even deploy these little patches called shims that can fix little compatibility problems. so that when you actually do the upgrade to Windows 10, you will have fixed all those little problems ahead of time.

So ACT is a really powerful tool, a really helpful tool, and it's free. It comes with Windows. Eighty k. Now we also have the USMT user state migration tool. We're going to talk more about this one too, a little bit later. And USMT is used for migration. So this is great if I have someone who has an older computer and we're getting them a new computer with Windows 10 installed. Maybe we want to back up all their stuff. So User State Migration is going to back up all their user stuff. It's going to use a tool called Scan State. It will backup all of their data, and then we can install Windows 10 on a new computer, and then do a load state, which will restore all of their data. So it's another very helpful tool. It is a command-line tool. So there are some commands you have to understand when you do that. We have DISM deployment, imaging, servicing, and management. When we go through the image capture and deployment process, this is the tool that will allow us to capture and deploy images for Windows 10. DIZZYM is going to be the tool that's going to let us do that.

DISM is going to run inside of an environment called Windows PE. We have Vamp volume activation. Manager instrument or management instrument? This tool allows us to scan all of our copies of Windows that are out in our environment. Windows Seven, Windows Eight, and Windows Ten, and it's going to tell us which machines are activated. I can also remotely activate machines using that command. I've got ICD imaging and configuration designers. This is a newer tool that was released when Windows Ten first came out. And this is a tool that creates these little things called provisioning packages. Provisioning packages are these little XML files that you can send to a Windows Ten computer.

And the Windows 10 computer will reconfigure itself based on what's in the provisioning package. For example, if I wanted to configure a VPN on a computer, I could create a little provisioning package that does that, and I could deploy that provisioning package out to those computers, and they would configure that VPN on their machine. I could do a bunch of computers at one time, or I could do a single computer if I wanted to. Then you get UEV. And I've mentioned that one before; that's user experience virtualization. This is going to let you jump between computers, and your settings will follow you where you go. You have talked about that one a little bit in a previous lecture as well. That allows you to virtualize applications or containerize applications. We have performance and assessment tools. These are some tools to help us gather some metrics and analytics about the performance data in our environment. I have Windows PE. Now I mentioned this one on this slide because I want to make sure people are aware of the changes. So in previous versions of Windows 80K, Windows PE was included. This is the pre-installation environment. This environment is essentially a command-line version of Windows. Okay? This particular capability is an environment that I can deploy. It's very lightweight. I could run it on a flash drive. I could run it on even a CD if it's light enough, but not on DVD. And it can even be deployed through a service called Windows Deployment Services that I'm going to talk about.

But what's great about it is that this is the environment I can put a computer in when I want to capture an image or when I want to deploy an image. But the key thing to know here is that this is no longer part of Windows 8 K. I added it to the list, but you'll notice that it now says a separate download. The reason I did that is because a lot of people with experience are going to wonder why Windows 80K or Windows PE isn't there anymore while Microsoft has decided to make it a separate download. So this is a separate download. Now, by downloading the Windows 8 ISO, you don't get Windows PE, but you can do it from a separate download screen. Okay, the last tool I want to talk about right now in this little lecture is MDT. This is the Microsoft Deployment Tool Kit. This is also a separate thing. This is not part of Windows NT, and they call this their visual workbench.

And the goal of the MDT is to provide a graphical tool into which you can store all of the assets involved in dealing with images. You can point to all your images and all your image files. You can point to application files or drivers. You can even create these little things called task sequences that are going to assist you in automating the process of deployment. For example, for me to deploy an image, one of the first things that's got to happen is I've got to partition the disk. It's got to be partitioned and then formatted, and then I can start deploying the image. You can use task sequences to automate that process. So the MDT, again, this is free, a free download. You just go out there to Microsoft Downloads, where you can download MDT and install it. And it's going to sort of help you oversee the process of working with deployment.

Hide