A Windows device at work includes a different set of features than the Home edition. In this video, you’ll learn about Domain Services, Remote Desktop Protocol, BitLocker, EFS, Group Policy and more.
If you’re used to using Windows at home, you may not even realize that Windows includes a number of capabilities that are meant for the enterprise. You have to have some way to manage thousands or even hundreds of thousands of devices, and Windows includes a number of features built into the operating system to make this management easier.
And there are also security features built in to the local communication you would have within the same building. Of course, Windows also includes productivity apps. So if you need to create a spreadsheet or word processing document, that is built into the operating system itself. And of course, media support is built into the operating system, so you can listen to audio or watch video files from the OS directly.
And if your organization has many different locations, there are capabilities built into Windows that allow you to have efficient file transfers across these wide area network connections. If you work in a business of any size, then you’re probably using Microsoft’s Active Directory Domain Services. This is a centralized database that contains users, devices, printers, and anything else that might connect to the network.
This allows system administrators to use one single console to be able to manage every device that’s connected to the network. To be able to manage all of these devices on your network, you need active directory servers to be available in many different locations. This is one of the reasons you don’t commonly see active directory used at home, since you would need all of this additional infrastructure to support these active directory servers.
So in these large environments where you need centralized administration and management of every device, you want to take advantage of Microsoft’s Domain Services. There are still ways to manage multiple devices in a home environment, and very commonly we would use Windows workgroups to provide this management. This allows you to connect together multiple devices on the same network and be able to access resources across multiple systems.
With Windows work groups, there’s no way to centralize the administration across all of these devices, so every machine that you would connect to would have its own set of usernames and passwords. In a large environment, you need some way to centralize all of this authentication and provide everyone access to resources regardless of where they might be. To facilitate that, we would use Microsoft’s active directory in a Windows domain.
This centralized database allows users to have a single login that provides them access to any resources they might need. This is also commonly used in a business environment. And since a Windows domain can support thousands of devices simultaneously, it’s perfect for a large infrastructure.
Our computers and mobile devices have many different capabilities, and we might have different uses depending on if we’re using this at work or at home. A work device might have a standard desktop with a common user interface. So regardless what support person may need to work on your system, they’ll find an environment that is exactly the same as every other device on your network. This is why there’s usually a limitation on how much customization you can do, so that anyone who might need to work on your system can recognize and find what they need very quickly.
If this is your home computer, then you have complete control over the environment. You are effectively your own support person, so you can make any customization changes you would like. If you want to add pictures to the background, or modify any aspect of the user interface, you can do all of those changes on your home computer without the worry that you’re going to have a problem with support in the future.
If you do need support for your computer, you can have the technician connect to your device and control it from across the network. In Windows, this is done through the use of remote desktop protocol, or RDP. This allows someone to connect and control the desktop of a Windows device from across the network. They would connect to this remote device using a remote desktop protocol client.
This connects to a service that is running on that remote device that allows them access to that system. There are support for RDP clients on many different operating systems. So regardless what you happen to be using on your device, you’re able to use that client and connect to a Windows machine using this remote desktop protocol.
For someone to connect to your device across the network, your machine needs to be running the remote desktop service. This will allow the remote technician running the RDP client to connect to your device, authenticate, and gain access to the desktop. The ability to allow anyone to connect to your device at any time using the remote desktop service is not available in Windows 10 Home. But Windows 10 Home does include remote assistance capabilities which allows the user to temporarily enable someone to connect to your local machine.
There are also differences in how much memory a particular edition of Windows can support. You may recall this diagram from our previous video on Windows 10. And if we look at the two columns for the maximum amount of memory that’s supported, you can see it’s quite different between the different editions. If you’re running a 32-bit version of any Windows 10 edition, the maximum amount of memory that operating system will be able to access is four gigabytes.
To be able to access additional memory, you’ll need to install this 64-bit version of Windows 10. And the Windows 10 home version can support 128 gigabytes. Windows 10 Pro can support two terabytes maximum, and for Windows 10 Pro for workstations and enterprise, those individual systems can access six terabytes of memory.
We often work with sensitive information, and it might make sense to encrypt that data to keep it away from prying eyes. In Windows, you can provide encryption of this data using BitLocker and EFS. EFS is the encrypting file system, and it allows you to choose individual files or folders to be encrypted on your computer.
Everything else on your computer will remain in a non encrypted form, but anything you’ve selected to be encrypted using EFS will only be available if you’ve properly authenticated to your Windows system. Now take the idea of encryption of a single file, and extend it to every file that might be on a particular storage device. To be able to provide that capability, you’ll want to enable BitLocker.
BitLocker is a full disk encryption technology, or FDE. As the name implies, full disk encryption means that you are encrypting everything on a particular storage drive, including all of your files and the operating system. This means if someone does gain access to your computer but has no way to authenticate the operating system, that they would have no access to any of the data stored on that drive. The ability to use ifs or BitLocker on your system may depend on the specifications of your computer. So check the documentation from your manufacturer to see which Windows options might be available for you.
If you’re in a work environment or large enterprise where someone needs to manage devices using Windows Active Directory, then you’ll probably have administrators taking advantage of the group policy editor. This is a screenshot of the group policy editor, and you can see a number of the configuration options an administrator might use to be able to manage those devices. This is commonly associated with Active Directory, although there are ways to configure a number of these policies on a local machine.
If you want to try setting some of these policies on your local device without using Active Directory, then you can run the local group policy. It is gpedit.msc. But in a business or enterprise environment, you’re probably going to use the Group Policy Management Console which integrates with Active Directory. This allows you to go to one single application, make changes for a user or single configuration, and push all of those configuration changes to all of the devices in your environment. To run the Group Policy Management Console, you would run gmpc.msc.