Presentation is loading. Please wait.

Presentation is loading. Please wait.

Customizing Windows 10 for the Enterprise

Published byDorthy Carpenter Modified over 8 years ago

Similar presentations

Presentation on theme: "Customizing Windows 10 for the Enterprise"— Presentation transcript:

1 Customizing Windows 10 for the Enterprise
Lessons Learned Jörgen Nilsson Principal Consultant Onevinn Blog: Ronni Pedersen Cloud Solution Architect EG A/S Blog:

2 Jörgen Nilsson Ronni Pedersen @ccmexec @ronnipedersen MVP, MCT
21 Years Desktop Management Liverpool FC FC Midtjylland

3 Key Takeways The Windows 10 Start Menu The Windows 10 Task Bar File Associations in Windows 10 Branding the Operating System Built-in Applications Event Forwarding

4 The Windows 10 Start Menu The user is king… But only if we allow them 

5 Windows 10 Start Layout Options
Management Options: Group Policy MDM Requires same architecture (32-bit or 64-bit) Prevent users from customizing their Start Screen!

6 Steps to create a Custom Start Layout
Reference computer Enterprise or Education Customize the Start Layout Export the Start Layout to an xml file (PowerShell) Export-StartLayout –path <path><file name>.xml

7 Deploy Start Layout using MDM (Intune)
Replace markup characters with escape characters: Microsoft Intune: Custom Configuration (Windows 10 Desktop and Mobile and later) OMA-URI Settings: ./User/Vendor/MSFT/Policy/Config/Start/StartLayout Value: Path of the Start Layout file.

8 Replace markup characters with escape characters

9 Deploy Start Layout using Group Policy
Same .xml file The Start Menu layout is locked Useful for KIOSK computers Fixed workloads

10 Configure a Partial Start layout
Add one or more customized tile groups Allow the user to make changes to other parts of the Start layout Conflicts / Duplicate Apps: The duplicate app tile is removed from the existing (unlocked) group.

11 Add an IE link to the Start Menu
The IE icon under Windows accessories are created when the user signs in. Cannot be used as it doesn’t exists when startmenu is imported. Create an IE shortcut and then alter the .xml file. XML can be manually edited (not supported!?)

12 Start Menu

13 The Windows 10 Task Bar

14 Modify the TaskBar Not supported… But... C:\Users\%username%\appdata\roaming\Microsoft\Inter net Explorer\Quick Launch HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ex plorer\Taskband

15 Modify Taskbar

16 File Associations in Windows 10

17 Modify Default file associations
Create file associations Dism.exe /online /Export-DefaultAppAssociations Apply file associations Group policy = Mandatory Or Dism = User Changable Dism.exe /online /Import-DefaultAppAssociations

18 File Associations

19 Branding the Operating System
Windows 10

20 Set Desktop Wallpaper (Default)
Default Location: %Windir%\Web\4K\Wallpaper\Windows All other resolutions: %Windir%\Web\Wallpaper\Windows\img0.jpg Files are owned by “TrustedInstaller”

21 Set the Lock Screen Script (LockScreen.cmd): xcopy CustomLockScreen.jpg c:\IT\LockScreen\ /Y /S reg import LockScreen\LockScreenWallpaper.reg reg import LockScreen\LockScreenWallpaper.reg /reg:64 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows \Personalization] “LockScreenImage”=”C:\\IT\\LockScreen\\CustomLockScreen.jpg”

22 User Pictures Scenario Location: Format:
Use the Company logo as User Picture Location: “%SystemDrive%\ProgramData\Microsoft\User Account Pictures” Format: 32 x 32 (PNG) 40 x 40 (PNG) 48 x 48 (PNG) 192 x 192 (PNG) 448 x 448 (BMP + PNG)

23 Branding the Operating System

24 Built-In Applications
Control or Chaos…

25 Disable Microsoft Consumer Experiences
We almost convinced customers to use CB/CBB over LTSB, but then someone at Microsoft had a ”great” idea.... 23/seeing-extra-apps-turn-them-off.aspx Disable Windows Consumer Features: HKLM\SOFTWARE\Policies\Microsoft\Windows\CloudContent “DisableWindowsConsumerFeatures”=dword:

26 Remove Built-in Apps (Reference Image)
White-listing: Remove everything except: Microsoft.WindowsCalculator Microsoft.WindowsStore Microsoft.WindowsSoundRecorder Example: in-apps-when-creating-a-windows-10-reference- image/

27 Remove Built-in Apps (Reference Image)
Black-listing: Remove what you don’t like (example): Microsoft.ContactSupport Microsoft.WindowsFeedback Microsoft.Edge Example: from-windows-10-using-powershell/

28 Block Built-In Apps using AppLocker
Not all Apps can be removed: Microsoft Edge Windows Feedback Contact Support Workarround/Fix: If blocked with AppLocker and the policy is aplied to the computer before the user logs in the first time. The application is not installed for the user at all!

29 Built-In Applications

30 Event Forwarding

31 Monitoring your Client Plattform
How do you monitor your clients today? SC Operations Manager? SC Operations Manager AEM? 3rd Party? Use Event Viewer!

32 Local Admin Password Solution (LAPS)
Examples Local Admin Password Solution (LAPS) Ehanced Mitigation Experience Toolkit (EMET) Drivers errors Applications errors Untrusted font blocking Blue Screen

33 Community solutions Community Solution Powershell script to write forwarded event logs to a SQL Database forwarded-events-into-sql-server-using-powershell/

34

35 Event forwarding

36 Lessons Learned/Conclusion

37 Upgrading from 1507-1511 Feature Task Sequence WSUS/Servicing
Uninstalled Default Apps X Apps blocked with Applocker Customized Start Menu Customized TaskBar Default file associations  (X)* (X)* OS Branding Internet Explorer link on start menu

38 Be a super hero. Rescue the IE icon!

39 Conclusion DON’T modify Windows 10!... Use defaults Invest in end-user training! Or do it as we always have using Configuration Manager!!!

40 And Then …

Download ppt "Customizing Windows 10 for the Enterprise"

Similar presentations

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.

Microsoft ® Official Course First Look Clinic Overview of Windows 8 By Ragowo Riantory, S.Kom, MCP.
Lesson 10: Starting Windows Applications start an application program move between open application programs start an application using the Run command.

Lesson 10: Starting Windows Applications start an application program move between open application programs start an application using the Run command.
Using the Computer and Managing Files 1. Basic Information And Operations  View The Computer's Basic System Information  Change The Computer's Desktop.

Using the Computer and Managing Files 1. Basic Information And Operations  View The Computer's Basic System Information  Change The Computer's Desktop.
Operating System Customization

Operating System Customization
Managing User Settings with Group Policy

Managing User Settings with Group Policy
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 9: Implementing and Using Group Policy.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 5: User Environment and Multiple Languages.
Introduction to Microsoft Office Web Apps with Jim Mollé Learn iT! Computer Software Training.

Introduction to Microsoft Office Web Apps with Jim Mollé Learn iT! Computer Software Training.
Windows 7 Deployment Tools and Technologies

Windows 7 Deployment Tools and Technologies
WIN-B331 Get a consistent, personal Windows experience that matches your unique work style Easy for IT to deliver personal, user-defined experiences.

WIN-B331 Get a consistent, personal Windows experience that matches your unique work style Easy for IT to deliver personal, user-defined experiences.
Office Deployment – Notes from the Field Richard Smith Solution Architect – Services Client Solutions Microsoft Corporation OSP340.

Office Deployment – Notes from the Field Richard Smith Solution Architect – Services Client Solutions Microsoft Corporation OSP340.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
Deploying and Managing Software by Using Group Policy.

Deploying and Managing Software by Using Group Policy.
Guide to MCSE 70-270, Second Edition, Enhanced 1 Objectives Understand and use the Control Panel applets Describe the versatility of the Microsoft Management.

Guide to MCSE , Second Edition, Enhanced 1 Objectives Understand and use the Control Panel applets Describe the versatility of the Microsoft Management.
Microsoft ® Official Course Module 9 Configuring Applications.

Microsoft ® Official Course Module 9 Configuring Applications.
6. Configuring & Deploying the Desktop Thomas Lee Chief Technologist – QA.

6. Configuring & Deploying the Desktop Thomas Lee Chief Technologist – QA.
Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.

Purpose Intended Audience and Presenter Contents Proposed Presentation Length Intended audience is all distributor partners and VARs Content may be customized.
9.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
GROUP POLICY An overview of Microsoft Windows Group Policy.

GROUP POLICY An overview of Microsoft Windows Group Policy.

Similar presentations

Ads by Google