Deployment, administration and security in the enterprise environment with enterprise tools

Windows 10 – Security and Deployment

In this workshop you will learn how to install and configure Windows 10 and integrate it into corporate networks. Particular attention is paid to the advantages of Windows 10 in terms of security, group policies and operation in Active Directory domains. Other focal points are the use of LTSB versions and the update options for the various versions.

The issue of security is examined in depth so that the rolled-out Windows 10 clients comply with current security standards and the General Data Protection Regulation (GDPR), which comes into force on May 25, 2018.

After attending this course, you will have no (!) more questions about Windows 10 – we promise!

Training environment

The training environment works entirely with Hyper-V. To proactively build the training environment, we use a PowerShell script that allows you to create new virtual machines in seconds. The script was developed by your trainer himself and enables the training structure to be set up according to the customer’s wishes extremely quickly with little effort.

About the seminar

This workshop takes a very close look at Active Directory security. Various attack scenarios are now known (e.g. mimikatz) that aim at credential thefting or ransomware implementation. The goal of this workshop is to understand these scenarios in order to be able to prevent them and implement an Active Directory implementation that is resistant to these attacks and is also hardened against future attacks. Active Directory is your “crown jewel” – without Active Directory, most corporate environments are productively completely paralyzed. Therefore: understand, harden and monitor so that you can sleep better.


Participants should have at least five years of experience with Active Directory and client systems.

Target group

The workshop is aimed at network administrators and security experts.


  • Versions and editions of Windows 10
    • Windows 10 editions compared
    • LTSB for the enterprise area
    • Updates versus upgrades
  • Brief overview of the operation of Windows 10
    • start menu
    • Multiple desktops
  • User Accounts and Sync
    • Domain accounts and Microsoft’s Live ID
    • Domain Join to Windows Azure
  • Installation and Activation
    • Full-touch vs. light-touch vs. zero-touch deployment
    • Installation via Media Creation Tool
    • Installation via WDS
    • Installation via MDT and ADK
    • Alignment of *.wim files
    • Create custom *.wim or *.iso files for deployment
    • Deployment considering UEFI and SecureBoot
    • Installation via SCCM
    • Upgrade versus installation
    • update scenarios
    • upgrade paths
  • licensing
    • Free update or not?
  • Administration of Windows in domain networks
    • RSAT installation
    • domain join
    • Securing the domain join with redircmp and redirusr
    • Secure domain with join via unattend-xml via sysprep
  • Deploy Group Policy on Windows Server 2012 and 2012 R2 for Windows 10
    • “install” adm and admx files
    • central-store on the domain controllers
    • Structure of a highly secure client according to the specifications of the Institute for Internet Security
    • Structure of a client à la LTSB through group policies
    • Rolling out a client according to the European General Data Protection Regulation
  • Remote management of Windows 10
  • Firewalling in Windows 10
  • Windows to go
  • PowerShell on Windows 10
  • Security in Windows 10
    • BitLocker
    • BitLocker and TPM
    • BitLocker with TPM and Active Directory
    • SecureBoot
    • Pass the hash definition
    • Pass the Hash and Credential Guard
    • Implementation of Credential Guard
    • Securing enterprise PCs with Device Guard
    • Remote Credential Guard
    • Remote deletion of business data
    • Windows 10 with BitLocker and Azure
    • User State Virtualization with Windows 10


Additionally according to customer requirements:


  • Manage Windows 10 devices with enterprise mobility solutions
  • Management of desktop and mobile clients with Microsoft Intune
  • Update management and endpoint protection with Microsoft Intune
  • Access applications and resources with Microsoft Intune
  • Advanced Threat Protection with Windows 10 and Azure (E5)
  • ATP Detection, Investigation and Response
  • Windows Defender ATP
  • Using the Threat Detection API to create custom alerts:
    • Improvements to OS memory pools and kernel sensors
    • Updated ransomware detection capabilities
    • Historical determination functions
    • Group Policy security options


This post is also available in: German