Speaking Engagement : December 2019

Delivered a session on Deploying Windows 10 in an Enterprise using System Center Configuration Manager to a group of IT Professionals.

The session was well received by the 7 participants with many questions. This was delivered in consideration of the Windows 7 end of support in January 2020.

1 (1)1 (2)1 (3)1 (4)1 (5)

Installing Windows Server 2019 Active Directory Step by Step

This article is the first part of a series of articles on “How to deploy Windows 10 Using Microsoft Deployment Toolkit”.

Active Directory is considered as one of the most critical workload in a network. It is responsible for authentication, authorization, auditing, policies, security etc. It’s a central repository of Objects as such as identity and other objects within a network. As and when a new server application is deployed within a Microsoft network such as Exchange, SharePoint, SQL Server, System Center, Microsoft Deployment Toolkit, etc. the AD DS schema is extended to accompany server objects.

Lets see how to install AD DS on Windows Server 2019 which is the latest Microsoft Windows Server Operating System

Click on the Windows Server 2019 Server Manager  and click Add roles and features

image

On the before you begin page, click next

image

On the select installation type window, select Role-based or feature based installation and click next

image

On the server selection window, select the local server and click next

image

On the server roles window, select the Active Directory Domain Services Role; and you will be prompted to ad the relevant supporting features

image

Click Add Features and Click next

image

Click Next

image

Review the AD DS page, if you have to synch with Azure AD, you can configure here. If not click Next

image

Review Confirmation and Click yes to automatically restart and click Install

image

Review the results and click the link to promote it as a domain controller

image

Provide the root domain name in the new forest and click next

image

Select the forest functional level, DNS if its not installed before and the DSRM password and click next

image

Click OK for the DNS option and click next

image

NetBios name populates automatically and click next

image

Review the paths and click next

image

Review options and click next

image

Pre-requisites will be checked. review and click install

image

Upon successful installation you will see the installed roles in the Server Manager

image

Windows 10 Task View Update

Windows 10 Task Preview has been evolving ever since it was included in Windows 10. Task View is the feature where multiple desktops can be created and view all the historical files and folders that were used historically in a timeline.

Access Task View by clicking the below icon or Windows + Tab

image

Task view opens

image

Another feature is that when you right click on a historical program, file or folder in task view, you get an option to move to another desktop which has been created.

image

Windows 10 Dynamic Lock

Have you ever wondered or have that creepy though going in your mind if you locked your Windows 10 PC/device? Now Windows 10 has a “cool” feature called Dynamic Lock which helps you lock your Windows 10 automatically even if you forget.

The feature works with your smart phone/blue tooth enabled phone connected to your Windows 10 and when the device goes out of range from Windows 10, it will automatically lock the computer. For me this is a great feature and gives you confidence where ever you go that your Windows 10 will be locked and safe.

How do you configure Dynamic Lock?

Connect your phone to your Windows 10 using Blue Tooth

Go to settings and click on Accounts and click on Sign-in Options

image

Enable the checkbox “Allow Windows to Automatically lock your device when you’re away” and you are done.

image 

When you device is out of range your computer will lock on its own.

Similar settings such as locking your computer automatically can be configured through the screensaver time out settings and through Active Directory Group Policy settings.

Microsoft Edge (Build 18945) Reading View & Line Focus

While Microsoft has been improving the features and introducing new features in every Windows 10 build, Microsoft Edge is also evolving with new features. Although Reading View was included in one of the previous builds, with the 18945 build it has been enhanced by including the line focus feature. Line Focus enables one to really focus on what he/she is reading.

For reading view to work, the websites you are visiting should be optimized so that the feature will be enabled.

For the purpose of this article we will take https://docs.microsoft.com

when you visit a site if you see the following icon enabled then the site is optimized for reading view

image  

By clicking on the icon, the browser turns the screen to an easy reading format – similar to a book

image

By clicking on the small arrow, one can go to the next page and so on.

When the Reading View is enabled, by tapping or clicking the screen a toolbar is popped. click on the learning tools option

image

Select reading preferences and slide the feature to ON from Off to enable the Line Focus feature. Also you have the option to select the number of lines to focus, 1, 3, or 5.

image

The webpage focuses only on the number of lines selected and turns the site to an easier to focus and read page.

image

Active Directory and Azure Active Directory

Active Directory Directory Services (AD DS) is a role of Windows Server and was released initially with Windows Server 2000. AD is the heart of a network and a core service which is a hierarchical database consisting of users, groups and other objects to provide authentication, authorizations and security services within the organization. From its inception in Windows Server 2000, AD has evolved tremendously in terms of reliability, architecture, robustness, features, etc. and Microsoft Active Directory has become almost the default product for directory services within many enterprises around the globe. From Windows Server 2000 there have been many AD versions with massive improvements according to the technological advancement during the release period.

With the introduction of Cloud Computing and Office 365, Microsoft required a cloud based Authentication and authorization service. Hence, the Azure Active Directory was born. With every Office 365 tenant an Azure Active Directory is included, where all the Office 365 user objects are created and stored. But the Azure AD and Active Directory Directory Services are not the same and have many differences. Starting from the protocols where AD DS uses Kerberos and NTLM where as Azure AD uses SAML 2.0, OAuth 2.0, OpenID Connect and WS-Federation. These protocols enables not only Microsoft cloud applications rather it helps many other  SaaS applications use Azure AD to provide Single Sign On helping users to truly enjoy one identity to access services across organization.

As mentioned earlier, when you enroll for your cloud product such as Office 365, Exchange Online, SharePoint Online, etc. a free Azure AD is assigned to the tenant. The free Azure AD has the basic features and if you need any additional features, add-on licenses AD Premium 1 and Premium 2 can be purchased. Below are the list of licenses and the differences (source: https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis).

  • Azure Active Directory Free. Provides user and group management, on-premises directory synchronization, basic reports, self-service password change for cloud users, and single sign-on across Azure, Office 365, and many popular SaaS apps.

  • Azure Active Directory Premium P1. In addition to the Free and Basic features, P1 also lets your hybrid users access both on-premises and cloud resources. It also supports advanced administration, such as dynamic groups, self-service group management, Microsoft Identity Manager (an on-premises identity and access management suite) and cloud write-back capabilities, which allow self-service password reset for your on-premises users.

  • Azure Active Directory Premium P2. In addition to the Free, Basic, and P1 features, P2 also offers Azure Active Directory Identity Protection to help provide risk-based Conditional Access to your apps and critical company data and Privileged Identity Management to help discover, restrict, and monitor administrators and their access to resources and to provide just-in-time access when needed.

  • “Pay as you go” feature licenses. You can also get additional feature licenses, such as Azure Active Directory Business-to-Customer (B2C). B2C can help you provide identity and access management solutions for your customer-facing apps. For more information, see Azure Active Directory B2C documentation.

Set Default Tab in Task Manager

In Windows 10, Task Manager has improved quite a bit when compared to the previous versions of Windows. The task manager has limited detail when you start initially but when clicked for more details contains a wealth of information to do various tasks.

When you open task manager, by default it’s the process tab which is opened. If you are a person who looks at performance tab instead when you open task manager, then you can set that as your default tab or any other tab as default tab within task manager.

In Task Manager, click options

image

Select Set Default tab and select the tab you want to be the default tab

image

Windows Sandbox

Today technology has grown so much that more than half of Worlds population has access to the internet. The Internet is also a great source for billions of different apps and applications that are available for download. Users are able to download these apps and applications and install on there devices which gives way to new issues such as malware related security issues. The source of these apps and applications has to be verified before installation on devices to avoid these issues. The best way to test is to install it on a test system and see if its harmless and then install it on the production machine.

As a solution for this process, Microsoft introduced a new feature in Windows 10 called Windows Sandbox, which provides a clean environment of Windows to install and test. also its an environment developers can take advantage of in testing their codes and newly developed applications.

How to enable Windows 10 Sandbox?

Open Control Panel and click on Programs

image

Click Turn Windows Features on or Off

image

Scroll down and select Windows Sandbox

image

Click OK and the required files will be installed

image

restart your computer

image

open Start and type Sandbox

SNAGHTML100dcd

Click on Windows Sandbox to open

image

Microsoft Edge Improvements in Windows 10

Microsoft Edge has been focused in some of the recent insider previews. When someone opens the Microsoft Edge browser it contains a news feed which can be customized according to ones likings.

Below is how the customizations can be done.

Open Microsoft Edge Browser and click on personalize

SNAGHTML3a7b978

Scroll down and select the category that you are interested on

image

For other settings, on the main page click on the settings wheel

image

Select the necessary change and click save

image

Windows 10 Activity History

Have you ever faced a situation where you don’t remember the file name or the website you were referring a week ago and you really wanted to open it now? I have experienced it multiple times. So I started using session buddy on Chrome for my website browsing history. But there wasn’t a solution that I used for files that were stored on my computer, etc.

Microsoft has a new feature on Windows 10 called Activity History which addresses this issue. how cool is that?

If you remember, one of the key highlights when Windows 10 released was the multiple desktops and task view features. The same, Task View button on the task bar takes you to a Windows which has all the history of the applications and websites that you opened for the past 1 month.

image

image

Detailed information related to activity history is published here.

To enable or disable Activity History, do the following

1) Open Settings

2) Privacy

3) click on Activity History

image

Enable or disable the check boxes according to your requirement and select the accounts that you need the activity history that needs to be enabled.