Windows includes a number of useful features for managing devices in an enterprise. In this video, you’ll learn about Domain Services, Remote Desktop Protocol (RDP), RAM support, encryption options, and more.
There are a number of challenges associated with supporting a Windows environment in a large enterprise. There might be hundreds or thousands of devices. You have an IT team that needs to be able to install, update, and manage all of these Windows devices wherever they might be in the organization.
We also have security concerns, especially with mobile devices where there may be important and sensitive data on those devices, but we need to be sure that we’re able to secure all of that information wherever these mobile devices might be. We also have to set rights and permissions for any local file shares that people may be accessing. And of course, if someone has a laptop, that information can be picked up and moved anywhere that laptop might go.
So whether you’re working on a big spreadsheet, or you’re watching a movie on your computer, there are a number of different features included with Windows that can help you regardless of what you’re doing. In a business, all of your systems are probably documented in a central database called the Active Directory Domain Services database. This is a very large database that contains everything about every component that is connected to your network, including individual user names, their permissions, information about security features, and anything else that may be connected to your infrastructure.
Having all of these servers and printers and laptops and user accounts in one database allows for central management of all of this information. This allows organizations to scale up their computing platforms and be able to manage all of these very different devices. You’ll also find that Active Directory is one that is a distributed database so you can have multiple versions of the Active Directory database located in different parts of your network. This provides scalability and redundancy for all of this important information that keeps your network running.
This is probably why you often don’t see Active Directory being used in a home environment, since usually, we only have a handful of user accounts and passwords that we need to keep up with. So if you are logging on to your corporate network, you’re authenticating to the VPN, or you’re simply accessing a share across the network, you’re probably doing this based on information contained within the Active Directory Domain Services database.
On your home network, it’s still possible to logically group together devices. We refer to this as a Windows workgroup. Instead of managing everything from a central database like you do with Active Directory, a Windows workgroup manages each individual device as a single unit. But on your work network, you’re using a Windows domain with Active Directory. Everything is centralized. All of your authentication is contained within one single database, and you’re able to support those thousands of devices from this one Active Directory infrastructure.
Depending on where we are, we might want to customize some of the features available on a laptop or a desktop that we use on our Windows network. If you’re at work, there’s usually a standard desktop. It has a very specific user interface, and it might have a very limited amount of customization.
You might not be able to change the background. You might not be able to modify the language settings that are available. And you might not even be able to install or remove any of the software on that device. But this does make all of these systems easier to manage, because they all have a very similar user interface. And it also means that you could sit down at any computer and be able to immediately understand where all of the important resources might be.
At home, of course, we don’t have these restrictions, and we might want to customize our computing platform to be specific to us. We might want to change the background and the colors we use. We can change the typefaces and the size of the fonts on the screen, and we can really customize the device to be something that we use in our personal home environment.
If you’ve ever worked in a corporate help desk, then you’re probably familiar with remote desktop. This is a way that you can remotely connect to a computer and be able to see and interact with a desktop that’s on a different computer. This means that you can sit in your chair and interact with any of the Windows devices that are on your corporate network, wherever they might be. To be able to connect to these remote devices, we need a client that’s able to provide that functionality.
We refer to this as the Remote Desktop Protocol client or the RDP client. The client is the software that connects to a remote desktop service. This client software is available on many different operating systems and many different platforms. There are RDP clients available for Windows, macOS, Linux, Android, iOS and almost any other platform.
The software that is running on that remote device that allows us to connect with our remote desktop client is the remote desktop service. This is a service that’s available in Windows 10 Pro and Enterprise and Windows 11 Pro and Enterprise. If that remote desktop service is running on that remote computer, then we can connect to that computer using our remote desktop client. You’ll notice that this remote desktop service is not available in Windows 10 Home or Windows 11 Home. That’s because in a home environment, you don’t need that remote desktop functionality. You can simply walk to the other room if you need to provide any support for that Windows computer.
There’s also a difference in the amount of memory that is supported across different Windows editions. You’ll notice for Windows 10 and Windows 11 Home, we have 128 gigabytes of memory that is supported in the 64-bit version of that software. If you’re running the 32-bit version of Windows Home, then you’re only running Windows 10 because Windows 11 Home does not have a 32-bit version. But Windows 10 Home does have a 32-bit version, and it supports up to 4 gigabytes of memory.
Since 4 gigabytes of memory is the maximum amount that you can support in a 32-bit version of Windows, that same amount is included for Windows 10 Home, Windows 10 Pro, and Windows 10 Enterprise as the maximum amount of memory that’s supported. If you’re running the 64-bit version of Windows 10 and Windows 11 Pro, you can support up to 2 terabytes of memory. And if you’re running the 64-bit version of Windows 10 and Windows 11 Enterprise, you can support up to 6 terabytes of RAM.
We mentioned earlier, how important it is to keep data safe on your mobile devices, your laptops or desktops, and anything else that you’re using at home and at work. The technologies that allow us to apply encryption to the information that we’re saving on these storage devices is BitLocker and EFS. EFS is the encrypting file system, and it’s part of the NTFS file system that could run on your Windows 10 or Windows 11 systems. EFS allows you to select individual files or individual folders on your system, and the operating system will encrypt all of the data that you store on those resources.
BitLocker takes a much broader approach to encryption. This is Full Disk Encryption, or FDE. This means that everything on a drive will be encrypted, including the operating system, your data files, and anything else that’s stored on that volume. This means if someone does get access to your mobile device or to your laptop, they can pull the drive out of that system, but they’ll have no idea how to view any of the information on that drive because everything has been encrypted with BitLocker. You’ll find that there’s use for both EFS and BitLocker for both business and home use, and you’ll find functionalities for both of these technologies available in all of these Windows editions.
We also mentioned that at work, you’re able to manage thousands of systems from one central place. The way that you’re able to do this is through the group policy editor. This is part of Active Directory, and it allows you to set policies of how systems can be used on your network.
If you’re managing a single device without Active Directory, then you can simply use a local group policy. And you can open the group policy editor by using gpedit.msc. But at work, you probably have a large Active Directory infrastructure, and you would use the Group Policy Management Console or gpmc.msc that will allow you to set all of the policies for all of your systems across the entire enterprise.