Restricting Device Drivers * - GPME (Group Policy Management Editor * --> Device Installation Restrictions: * ----> device setup classes | device IDs - GUID - Globally Unique IDs IE highly configurable with GPO \ Edge not so much Edge UI Reading List / Reading View Make annotations to a webpage -- Notes at around 7:00 of Edge and IE11 www.acm.org Client Hyper-V requirements * - 64-bit Windows 10 - 4GB RAM * - HAV - Hardware Assisted Virtualization * - SLAT - Second Level Address Translation aka Extended Page Tables Mobile Systems >> MBMCTR.EXE ICD - Windows Imaging and Configuration Designer (13 min video) - WADK - Creates "provisioning packages" *.PPKG * --> Can install against a running OS * --> Can install against a existing image WIM Format * - File based * - Keeps unknown existing files * - Deploy to any size disk * - Uses Compression * - Fully modifiable with DISM FFU - Full Flash Update * - Sector based * - Wipes the drive * - Deploy only to same or larger disk * - Does not use compression * - Only modifiable for adding packages ** Volume Activation** * - KMS requires a server configured with a "volume activation key" from Microsoft * - Clients discover KMS via DNS (SRV record) * - Clients re-activate every 6 months Active Directory Activation MAK Multiple Activation Key - Does not require connection * - Volume Activation Management Tool -- Comes with WADK * - SLMGR.VBS /DLI to check status --> Can't find script engine for SLMGR.VBS **Group Policy Architecture LSDO** (Local | Site | Domain | OU levels) Local Group Policy * -- Overridden by any network GPO * -- Edit with GPEDIT.MSC Network Group Policy * -- 3+ Levels - Site | Domain | OU levels * -- Edit with GPME (group policy management editor) manage with GPMC (RSAT - Remote Server Administrative Tools) * -- If multiple GPOs at the same level they are processed in the order as they appear in panel * -- Background refresh 90-120 minutes * -- Powershell command: Invoke-GPUpdate Preferences vs. Policies * -- Preferences can be changed User Account Control * -- The default in Win 10 is to be notified when non Microsoft apps try to make changes. * -- Shield Icon shows needed admin elevation Which keyboard accessibility feature ignores brief keystrokes? Filter keys Which disk location is indexed by default for quicker content searches? Offline files Which PowerShell cmdlet prevents system resources from being allocated to a device driver? Disable-PnPDevice From which console can you run the "Add Hardware Wizard"? Device Manager Where is the Windows 10 driver store? Windows\System32\DriverStore If you implement the "better performance" cache setting for a flash drive, what should you do to avoid data loss? Choose "Safely remove hardware and eject media" before disconnecting Which Settings tile should a user choose to apply a provisioning package? Accounts If you log on as a standard user and try to perform an administrative task, what kind of prompt will you see by default? Credentials Which tool lets us perform security filtering in Group Policy? GPMC Where can you customize the Action Center's "quick tiles" arrangement? Settings > System > Notification and Actions Which of the following features does Client Hyper-V require? Extended Page Tables Which of the following device driver properties can form the basis of a Group Policy restriction? Setup class What PowerShell cmdlet can save a Start screen layout to XML? Export-StartLayout How do you know if the Driver Verifier Manager has detected a problem with a device driver? Windows crashes on restart Where can you customize the Action Center's "quick tiles" arrangement? Settings > System > Notification and Actions Which imaging format performs a clean wipe of the target drive? FFU Which Settings tile should a user choose to apply a provisioning package? Accounts What tool can export power plans? POWERCFG.EXE