Windows 10 and the Enterprise Craig A. Brown Prepared for: GMIS 11-2-2015
Introduction Craig A. Brown Microsoft Practice Leader Global Knowledge MCT, Since 1996 MCSA / MCSE / NT / 2000 / 2003 MCDST MCITP: ES / CS / SA / EA / Virtualization / Exchange TS: OCS, LCS, SharePoint, SCOM, SCCM, SCVMM, Virtualization, MDOP, Groove, Forefront, Exchange Competency: Cloud Architect, Voice Specialization Craig.Brown@globalknowledge.com 2011 Global Knowledge Training LLC. All rights reserved.
Related Courses www.globalknowledge.com 20697-2A: Deploying and Managing Windows 10 Using Enterprise Services 10982A: Supporting and Troubleshooting Windows 10
Microsoft Certification Program Get trained. Get certified. Get ahead. Microsoft Certifications demonstrate you have the skills to design, deploy, and optimize the latest technology solutions. Ask your Microsoft Learning Partner how you can prepare for certification. Also see: http://www.microsoft.com/learning/certification
Windows Certification Paths MCSE Enterprise Devices and Apps MCSA Windows 10 Course 20697-1A Installing and Configuring Windows 10 Course 20697-2A Deploying and Managing Windows 10 Using Enterprise Services 70-697: Managing Windows 10 Devices Course 20695 Deploying Windows Desktops and Enterprise Applications Course 20696 Administering System Center Configuration Manager and Intune Exam 70-695 Exam 70-696 Deploying Windows Desktops and Enterprise Applications Administering System Center Configuration Manager and Intune
Windows 10 and the Enterprise Intro Installing Windows 10 Troubleshooting and Recovery Windows 10 security
Installing Windows 10 Data Device Network
Windows 10 Security Data Device Network
Module Overview Overview of Data-Related Security Threats Securing Data with EFS Implementing and Managing BitLocker
Lesson 1: Overview of Data-Related Security Threats What Is Defense in Depth? Discussion: What Are the Common Data-Related Security Threats? Possible Mitigations for Common Data-Related Threats
What Is Defense in Depth? Defense in depth involves: Applying multiple layers of security Guarding against a malicious user that breaches one or more of your security layers while trying to access confidential data Applying additional security layers
Possible Mitigations for Common Data-Related Threats Common data security threats: Unauthorized user accessing information on a file share Unauthorized user accessing data from a lost or stolen USB drive Lost or stolen laptop that is storing confidential information User emails protected content to unintended recipient inadvertently
Lesson 2: Securing Data with EFS What Is EFS? Common EFS Usage Scenarios How EFS Works How EFS Recovery Works Demonstration: Using EFS to Secure Data Enterprise Solutions for Managing EFS
What Is EFS? EFS is a built-in file encryption tool for Windows: Enables transparent file encryption and decryption Provides for encrypted file recovery Allows encrypted files to be shared with other users
Common EFS Usage Scenarios Common usage scenarios for EFS: Protecting files on shared computers Protecting files from access by privileged users Limiting file access to specific users
How EFS Works How EFS works: EFS encryption occurs at the file-system level If a user attempts to open a file and possesses the necessary key, the file opens If a user does not possess the key, he or she receives an access-denied message EFS-encrypted files do not remain encrypted during transport if you save them to, or open them from, a folder on a remote server The file is decrypted and then traverses the network in plain text
How EFS Recovery Works You can configure EFS recovery by using: Data recovery agent Key recovery agent
Enterprise Solutions for Managing EFS Deploying a CA allows centralized management of: EFS keys EFS data recovery agents EFS Key Recovery Agents
Lesson 3: Implementing and Managing BitLocker What Is BitLocker? BitLocker Requirements BitLocker Modes Using Group Policy Settings to Configure BitLocker Demonstration: Configuring and Using BitLocker Recovering BitLocker-Encrypted Drives Microsoft BitLocker Administration and Monitoring
What Is BitLocker? BitLocker encrypts the data that is stored on the operating system and other volumes by: Providing offline data protection Protecting all data stored on the encrypted volume Verifying the integrity of early startup components and boot configuration data Ensuring integrity of the startup process BitLocker to Go allows encryption of removable media such as USB thumb drives
BitLocker Requirements BitLocker has the following hardware requirements: A BIOS or UEFI environment that is compatible with a TPM 1.2 or newer device or that supports USB devices during computer startup Enough space on the hard disk for BitLocker to create two partitions
BitLocker Modes Windows 10 supports two modes of BitLocker operation: TPM mode: Locks the normal startup process until a user optionally supplies a personal PIN and/or inserts a USB drive that contains a BitLocker startup key Performs system-integrity verification on startup components Non-TPM mode: Uses Group Policy to allow BitLocker to work without a TPM Locks the startup process similar to TPM mode, but the BitLocker startup key must be stored on a USB drive Provides limited authentication
Using Group Policy Settings to Configure BitLocker Group Policy provides the following settings for BitLocker: Turn on BitLocker backup in AD DS Configure the recovery folder on Control Panel Setup Enable advanced startup options on Control Panel Setup Configure the encryption method Prevent memory overwrite on restart Configure the TPM validation method used to seal BitLocker keys
Recovering BitLocker-Encrypted Drives When a BitLocker-enabled computer starts: BitLocker checks the operating system for conditions that indicate a security risk If a condition is detected: BitLocker enters recovery mode and keeps the system drive locked The user must enter the correct recovery password to continue The BitLocker recovery password: Is a 48-digit password that unlocks a system in recovery mode Is unique to a particular BitLocker encryption Can be stored in AD DS: If stored in AD DS, search for it by using either the drive label or the computer s password
Security Settings Available in GPO Common computer security settings that you can configure in Security Options include: Administrator and Guest account names Password policies Access to CD/DVD drives Digital-data signatures Driver-installation behavior Logon prompts UAC AppLocker policies
Security Compliance Manager The key features of Security Compliance Manager include: Centralized security baseline management features to manage the security and compliance process efficiently Baselines that are based on Microsoft security guide recommendations and industry best practices Gold master support that allows you to import your existing Group Policy settings for reuse and deployment
The Enhanced Mitigation Experience Toolkit The Enhanced Mitigation Experience Toolkit is a tool downloadable from Microsoft s website that allows you to: Apply security vulnerability mitigations on a per application basis Mitigations can be applied to applications on a per-mitigation basis Use SSL/TLS certificate pinning
Device Guard and Credential Guard New Windows 10 security features: Device Guard blocks the execution of unauthorized applications Credential Guard stores credentials such as NTLM hashes and Kerberos tickets Both technologies require UEFI 2.3.1 Windows 10 Enterprise Edition Virtualization processor extensions and SLAT
Mitigations for Network-Related Security Threats It is important to implement a comprehensive approach to network security to ensure that one loophole or omission does not result in another Attack Eavesdropping DoS Port scanning MITM Virus, malicious code Mitigations IPsec, VPNs, intrusion detection Firewalls, perimeter networks, IPsec, server hardening Server hardening, firewalls IPsec, DNSSEC Software updates
What Is Windows Firewall?
Network Location Profiles Windows 10 uses network location awareness to identify connected networks uniquely Networks can be classified as one of three network location types: Domain Public Private
Windows Firewall with Advanced Security
Well-Known Ports HTTP (80) HTTPS (443) FTP (21) SMTP (25) POP3 (110) DNS (53) SNMP (161) When an application wants to establish communications with an application on a remote host, it creates a TCP or UDP socket TCP/IP Protocol Suite TCP UDP IPv4 IPv6 Ethernet
What Is IPsec? IPsec: Is a suite of protocols that allows secure, encrypted communication between two computers over a unsecured network Has two goals: packet encryption and mutual authentication between systems Enables sending and receiving computers to send secured data to each other Secures network traffic by using encryption and data signing Uses policies to define the type of traffic that IPsec examines, how that traffic is secured and encrypted, and how IPsec peers are authenticated
Configuring IPsec Recommended uses of IPsec include: Packet filtering Authenticating and encrypting host-to-host traffic Authenticating and encrypting traffic to specific servers Providing L2TP/IPsec for VPN connections Site-to-site tunneling Enforcing logical networks
What Are Connection Security Rules? Connection security rules involve: Authenticating two computers before they begin communications Securing information that is sent between two computers Using key exchange, authentication, data integrity, and data encryption (optionally) How firewall rules and connection rules are related: Firewall rules allow traffic through, but do not secure that traffic Connection security rules can secure the traffic, but depend on a firewall rule to allow traffic through the firewall
Authentication Options When using the New Connection Security Rule Wizard to create a new rule, you use the Requirements page to choose one of the following: Option Request authentication for inbound and outbound connections Require authentication for inbound connections and request authentication for outbound connections Require authentication for inbound and outbound connections Description Ask that all inbound/outbound traffic be authenticated, but allow the connection if authentication fails Require that inbound traffic be authenticated, or it will be blocked Outbound traffic can be authenticated, but will be allowed if authentication fails Require that all inbound/outbound traffic be authenticated, or the traffic will be blocked
Windows Defender What Is Malware? Discussion: What Are Sources of Malware? Discussion: What Are Possible Mitigations for Malware Threats? How Windows Defender Can Help?
Troubleshooting and Recovery Data Device Network
Module Overview Managing Devices and Drivers Recovering Files Recovering Devices
Lesson 1: Managing Devices and Drivers What Is a Device Driver? Using Device Manager Driver Roll Back Demonstration: Managing Device Drivers
What Is a Device Driver? Enable interaction between the operating system and hardware devices Hardware-dependent, OS-dependent 32-bit drivers do not work with 64-bit Windows 10 and vice versa Device drivers that ship with Windows 10 have a Microsoft digital signature The driver store is the driver repository You install devices in two stages: Staging. Adding driver packages to the store Installation. From store, when PnP detects device
What Is a Device Driver? Pnputil.exe to install driver package to driver store
Using Device Manager View connected devices, their details and settings Enable and disable devices Install, update, and uninstall device drivers Troubleshoot issues Manage devices locally Other tools Devices and Printers Devices in Windows 10 Settings Windows PowerShell
Using Device Manager Conne ct
Driver Roll Back Nondestructive operation, but requires restart Reinstalls previous version of device driver Not available if device driver has never been updated Only active and functional drivers are backed up Supports one level of rollback If you perform a rollback, you can not roll back again Driver Roll Back is not available for printers Multifunction devices are handled on an individual function basis (printer, scanner) Can be performed from safe mode If malfunctioning driver is preventing normal operation
Driver Roll Back
Recovering Files File Recovery Methods in Windows 10 File History Demonstration: Using File History to Recover Files Backup and Restore (Windows 7) Previous Versions Demonstration: Using Previous Versions to Recover Files
File Recovery Methods in Win10 Some of the reasons for performing backups: Protect against accidental file deletion Provide recovery from virus infection Provide previous versions of files and folders Protect against total computer data loss Help ensure data availability Windows 10 features: Folder Redirection, Offline Files Backup and Restore (Windows 7) Synchronization with OneDrive File History Work Folders System Image Wbadmin.exe Copying files Azure Backup can be used with Windows 10
File History File History saves backup copies of user files Configure and manage by using Control Panel or the Backup section in the Settings app By default, profile folders and libraries are protected You can protect additional folders by: Adding them to protected libraries Using the Backup option in the Settings app You can save backup copies on a local drive, removable drive, or network location File History copies protected files hourly and stores copies indefinitely by default You can preview and restore backup copies You can restore to original or alternate location
Restore 8:00 File History File History
Backup and Restore (Windows 7) Graphical backup tool in Windows 10 Uses Volume Shadow Copy for creating backups On local disk, external disk, or network location First backup contains all data, later backups contain changes only Can back up folders, libraries, and volumes Backup is in.vhdx format You can use it for creating system image and system repair disk Creates restore points, used by Previous Versions Restores data on original or alternate location
Backup and Restore (Windows 7) Source disk Application writes to disk Block update level backup backup image Backup disk (image stored in.vhdx file) Shadow copy storage to track changes Block level restore Older restored disk, based on shadow copy Restored disk, same same as updated as source source disk
Backup and Restore (Windows 7)
Previous Versions Enables user to view and restore previous versions Files, folders, and volumes Data comes from File History and restore points Each time when File History runs When file is backed up by Backup and Restore (Windows 7)
Recovering Devices Overview of Device Recovery Procedures System Protection and Restore Points Demonstration: Using a Restore Point to Roll Back Device Configuration Advanced Startup Options Tools Available in Windows RE Demonstration: Using Advanced Start-up Options Discussion: Recovering Devices
Overview of Device Recovery Procedures Operating system is separate from the data You can recover, reinstall or upgrade it without affecting data Device-recovery features in Windows 10: Driver Roll Back System Protection and System Restore Startup Recovery Reset this PC System Image Recovery Command Prompt
System Protection and Restore Points Create snapshots of computer configuration: Snapshots are called restore points Restore points do not include user data You can use restore points to: Perform driver rollbacks Protect against accidental program deletion Restore Windows configurations to earlier states Restore points are created before system changes: Automatic: app, driver, or Windows updates Schedule: can be created based on a schedule Manual: on-demand, before applying restore point If turned off, all restore points are deleted
System Protection and Restore Points
System Protection and Restore Points Actions Microsoft Office installation Problematic app installation Manual restore point Restore computer to state before problematic app was installed Timeline T1 T2 T3 T4 Computer state Microsoft Office Microsoft Office problematic app Microsoft Office problematic app changes between T2 and T3 Microsoft Office
Advanced Startup Options Enable debugging Enable boot logging Enable low-resolution video Enable Safe Mode Enable Safe Mode with Networking Enable Safe Mode with Command Prompt Disable driver signature enforcement Disable early launch anti-malware protection Disable automatic restart after failure Launch recovery environment
Tools Available in Windows RE Tool Function Reset this PC System Restore System Image Recovery Startup Repair Command Prompt Go back to the previous build Lets you choose to keep or remove your files and reinstalls Windows 10 Returns your computer to an earlier state A system image created earlier replaces everything on a computer Detects and repairs most common startup issues Resolves problems with a service or device driver, and runs diagnostic tools Preserves personal files, but changes to apps and settings are lost
Tools Available in Windows RE
Tools Available in Windows RE
Wrap-UP Questions???? https://craigon10.wordpress.com Craig.brown@globalknowledge.com