Information Technology
Welcome to UF
  • Current Students
  • Family & Visitors
  • Faculty & Staff

Working with Windows 10

Course Outline

I. Introduction

A brief overview of the course.  (We mainly do it for the many folks who sign up for this class without ever reading this course outline, which is very flattering but also kind of scary.)

II. Windows as a Service:  There’s Only One Version, But You’ll Be Upgrading a Lot Anyway

One of the most confusing parts about Windows 10 is that while it’s “the last Windows” in name, in fact you may see three new versions of Windows 10 in a calendar year, and you must upgrade to at least one of them each year.  This first section explains this new reality and how you can control your upgrades.

  1. Windows 10 Editions: Home, Pro, Education, Enterprise
  2. Know your builds:  keeping track of how “upgraded” your Windows is
  3. “Isn’t it free?”  Well, sometimes.  But probably not for you.  Or me.
  4. “Upgrades” versus “updates:” Patch Tuesday gets a lot more interesting, and why they’re doing it
  5. Flights and rings: not everyone gets the new stuff at the same time
  6. How to slow down the upgrades with the Common Branch for Business and Windows Update for Business
  7. Engineering updates:  patches save bandwidth by going torrent-ish
  8. Where WSUS and SCCM fit in
  9. An infrequent-update program:  Long Term Servicing Branch delivers Windows “the old-fashioned way”

III. Just a Little on the New UI:  Tips for IT Pros

Windows 10 brings with it the usual quota of GUI changes, and you surely don’t need us to explain the new Start Screen to you.  But Windows 10 does bring a number of changes that can actually boost productivity for IT pros, as well as a couple of “internals” features that you might never have known about that you’ll find very useful.

  1. 10’s odd new “bipolar” Control Panel
  2. Learn and use virtual desktops!
  3. New hotkeys
  4. The “snipping” tool gets better
  5. Command prompt improvements
  6. Memory compression: why 10 runs better in two gigs than Windows 7 did

IV. Windows 10 Deployment Concepts and Scenarios

Ever since Vista, every new version of Windows brings new and (usually) improved tools to deploy Windows.  Windows 10 is no different, and offers us a somewhat different mindset in that in-place upgrade works very well now.  There’s also a bunch of new deployment-related concepts, which we’ll cover in this section to warm you up for the WinPE 10 and WICD sections.

  1. Scenarios:  no need to wipe a vendor-installed OS, and in-place upgrades finally make sense
  2. How the new in-place upgrades work
  3. Automating it with new setup.exe options
  4. New default disk layout
  5. Automated Deployment Kit (ADK) changes
  6. “Capabilities:” like features, but better
  7. “Provisioning packages” simplify some upgrades
  8. Smaller Windows:  CompactOS replaces WIMBoot

V. Windows PE 10: No Longer Optional, And Getting Better All the Time

Microsoft created the Windows Preinstallation Environment (WinPE), a cut-down, free version of Windows that simplifies troubleshooting big problems back in 2001, but offered it solely to big customers.  They opened it to the world in 2006, but it’s always been a “nice to know” rather than a “need to know” Windows tool.  With Windows 10, that changes, and so this brief section offers a quick tutorial on building WinPE and equipping it with PowerShell.  You’ll also learn what new features Windows 10’s PE has.

  1. Building a WinPE-enabled USB stick with Win 10’s newer, easier tools
  2. Adding features:  turning on PowerShell
  3. Setup and xFAT

VI. Windows Image and Configuration Designer (WICD)

Automating Windows rollouts is important and every organization wants automated deployment, but making it work is complicated.  The Assessment and Deployment Kit (ADK, formerly known as the Windows Automated Installation Kit or WAIK) and its cousin Microsoft Deployment Toolkit (MDT) are terrific, powerful and free tools, but also complex ones that are sadly given a miss by many IT pros.  To address that, Microsoft has created a third free automated deployment tool called the Windows Image and Configuration Designer (WICD).  This tool, pronounced “wicked” (which is odd, as it contains no witches but does contain wizards), seeks to simplify deployment for regular old Windows as well as device-centric versions like Windows Phone 10.  In this section, we’ll explore WICD so you’ll know whether or not to add it to your deployment toolkit!

  1. Installing and tweaking WICD to make it useful
  2. Setup for its command-line personality, “ICD.EXE”
  3. Creating a project… just a few clicks creates a bootable USB stick that does a hands-off install
  4. The pieces:  deployment assets, image time settings and runtime settings
  5. The options:  image creating versus provisioning package creation, and The Five Taps (hint:  they are not a 50’s band)
  6. WICD provisioning packages revealed: customizations.xml and more
  7. WICD as a command-line tool:  strengths, weaknesses, and a huge bug
  8. Hacking WICD: making it forget old projects

VII. Easier App Migration:  the new Scanstate

Anyone who’s ever done a mass deployment by grabbing users’ current settings and files, saving them on a share and then flattening and rebuilting the users’ computers with a new version of Windows knows the User State Migration Tool (USMT) and its two main components, Scanstate and Loadstate.  (In case you’ve never used them, Scanstate packages up and saves your settings and files, before the flatten-and-rebuild.  After the flatten-and-rebuild, Loadstate recovers those files and settings and restores them to the users’ systems.)  USMT’s great, but it only migrates the users’ files and application settings, not the applications themselves.  That changes with Windows 10’s Scanstate, which saves not only the users’ files and settings but their applications as well. Sound great?  Well, it is, kind of… but there are big limitations to the new Scanstate, as you’ll learn in this section.

  1. Review: Scanstate background
  2. Details of new Scanstate capability with “/apps” to a provisioning package
  3. Step-by-step example
  4. Deploying saved apps: WICD is it!
  5. Provisioning package processes and Audit Mode in Windows 10

VIII. Windows 10 Wants You in the Cloud:  Azure AD Basics

As you almost certainly know, Microsoft has become heavily invested in the cloud.  What you may not know is that their cloud strategies are paying off well enough that many think they’ll be the top dog in the cloud business soon.  That has led to the fact that more and more Microsoft services – even the free ones – are cloud-based and require you to have a Microsoft cloud identity.  Once, a Hotmail account could serve that purpose, but more and more you’ll need an Azure Active Directory account, even if you don’t use it for anything else, and meanwhile, more and more organizations don’t need any on-premises AD, so Azure AD does the job for them.  This section quickly introduces just enough Azure AD to get you ready to understand an interesting new Windows 10 capability – “joining a cloud.”

  1. Why on earth would I or my org use an Azure AD domain?
  2. Office 365 and Azure AD… you may have an Azure AD domain already!
  3. Azure AD terminology:  tenants, vanity domains, subscriptions
  4. Understanding Microsoft accounts versus organization accounts
  5. Creating your own Azure AD (it’s free)
  6. Populating your AD with Azure AD Connect
  7. Creating admins, user accounts, and enabling cloud single signon
  8. PowerShell tools to simplify Azure AD

IX. Joining Win 10 Systems to a Cloud

You already know how to join a Windows box to an AD domain. Here we’ll see how and why you’d join to an Azure domain, doing a “cloud join.”

  1. Why join a Win 10 device to an Azure AD?
  2. Enabling cloud join
  3. Doing cloud join
  4. Results:  new security principals
  5. What cloud join doesn’t do

X. Managing Windows 10: New Group Policy Settings

If you’ve run a Windows 7 network, you’ve already got most of the tools you’ll need to run a Windows 10 network, but Win 10 brings a few new management needs and solutions.  We start covering that in this section with Windows 10’s 42 (yes, it really is just 42) new group policy settings.

  1. Security settings: PIN and Virtual Secure Mode
  2. “Windows Recording” settings
  3. UI features, feedback control
  4. Windows Update for Business settings

XI. Managing Windows 10:  Applications and The Store

Windows 8 brought the idea of the “Windows Store” and iPad-ish “modern applications,” which has caught on slowly in most places, but the Store has morphed to include the more-widely-used “desktop” apps.  Even better, Microsoft enables you to create your own tightly-defined version of the Store that lets your employees get apps that you want them to get.  (“Curated” is the phrase Microsoft uses nowadays for such a store.)  This was possible in Windows 8, but it suffered from blockers like “the employees need a credit card to get Store apps,” or “you need System Center to set this up,” but now just about anyone can create a curated Store, as you’ll learn in this section.

  1. Intro to the new Store
  2. Flexible payment methods and inventory control
  3. Sideloading is easier, free and universal
  4. Line of business apps can be added to the Store
  5. Preinstalling apps in images
  6. Controlling (and potentially blocking) the store:  the app and the service

XII. Securing Windows 10:  New Tools to Lock out the Bad Guys

Windows 8 and 8.1 met mixed reviews, but almost no one seems to know that many of their most undeniably cool features were in the realm of security. Windows 10 continues that tradition with the notions of Isolated User Mode and Virtual Secure Mode, two fancy-sounding terms for a set of four technologies (“trustlets” is the new phrase) that take important, high-security data and store it in what is essentially another dimension.  Windows 10 can, with the right hardware, create a block of memory whose data can only be accessed by the four in-the-box trustlets, and it’s essentially impossible to create a fifth.  It’s neat, but fairly complex to figure out how to set up… unless you attend this last section of our class.

  1. User Isolation Mode:  A new trust model
  2. Requirements:  the right OS, and the right hardware
  3. Beyond “user mode” versus “kernel mode”
  4. The new tools: “trustlets”
  5. Configuration:  BIOS settings, boot mode, group policy
  6. Credential Guard: the first trustlet, that eliminates pass-the-hash
  7. Validating Credential Guard
  8. Device Guard:  the second trustlet, that blocks running malware
  9. Device Guard limitations
  10. The last two trustlets:  virtual TPMs
  11. Windows Hello: biometrics, Win 10 style
  12. Windows Passport:  the end to passwords
  13. Why is a PIN acceptable on a laptop?
  14. Where this leads to
  15. Next steps

 

Course Materials and Course Format

The class works from PowerPoint presentations and hands-on exercises.  Every attendee gets a printed copy of the PowerPoints.  All of the demonstrations are explained clearly in the PowerPoint, so you can reproduce them after class!

University of Florida
Gainesville, FL 32611
UF Operator: (352) 392-3261
Website text-only version

Resources

Campus

Website