IT tutorials
 
Windows
 

Windows 8 for Business : Domain Join and Group Policy

- Windows 10 Product Activation Keys Free 2019
- How to active Windows 8 without product key
- Malwarebytes Premium 3.7.1 Serial Keys (LifeTime) 2019
4/18/2014 9:46:54 PM

When you think about it, traditional home-based Windows PCs are unmanaged in the sense that there’s no central oversight available, either by the head of a household or a central server. This type of computing, which has been formally described as workgroup computing makes a certain amount of sense at home, where each PC is an island of functionality onto itself. In the workplace, however, especially at mid-sized businesses and enterprises where there can be hundreds or thousands of PCs, the go-your-own route doesn’t actually make any sense. Corporations need a central way to manage users, PCs, devices, and other entities, and ways to secure and update their computing products. They need what’s called a managed solution.

The most popular managed solution for businesses is called Active Directory, or AD. It requires a centralized Windows Server infrastructure and uses Group Policy to establish rules for its computing services. While AD and Group Policy haven’t made a lot of headway with smaller businesses—though that could change with the adoption of these services in cloud-based solutions like Windows Azure, Office 365, and Windows Intune—it’s the standard at larger businesses. And chances are, if you’re provided with a PC at work, you’ll be required to sign in to your AD domain, not just to the PC using a local account or Microsoft account. Domain joined computers are controlled via policy, so they can be very restrictive, especially for such things as application installation and certain system customizations. But they’re also typically better locked down from a security standpoint and, when configured properly, allow you to access your company’s secure network resources, even while working remotely.

Domain join works in Windows 8 as it did in previous Windows versions. If your Windows 8 PC hasn’t been pre-configured with your user account, you can sign in to the domain in two ways: from the lock screen or through the Advanced System Properties control panel.

To sign in to your domain from the lock screen, select Other user. Then, in the screen shown in Figure 1, you must provide your domain, username, and password credentials.

Figure 1: Signing in to a domain from the Windows 8 lock screen

c14f001_fmt

This sign-in must take a specific form, like domain\username or username@domain, in the username field. (Your employer will provide the domain name.) Assuming the domain name is mydomain.com and the username is paul, the username would then be mydomain\paul or paul@mydomain.com.

Alternatively, you can connect to your domain first from a local (or Microsoft) account using the Advanced System Properties control panel. You might use this method if you wanted to access your work account from your own home PC, for example, though again your workplace would likely provide you with additional tools (such as a VPN) or information for making the connection.

First, of course, you must find Advanced System Properties. The easiest way is to use Start Search from the Start screen, type advanced system, and then choose Settings from the Search bar. In the search results list, select View advanced system settings. You’ll see a window like the one in Figure 2. (If not, navigate to the Computer Name tab.)

Figure 2: Advanced System Properties

c14f002_fmt

To sign in to your domain, click Change. In the Computer Name/Domain Changes window, enable Domain and type your fully qualified domain name (yourdomain.com) in the Domain field. (Again, this will be supplied by work.) Then, in the dialog that appears, type your username only (for example, paul, and not mydomain\paul) and password. You’ll be prompted to log off and then sign in with the new domain account. Here, again, you’ll need to use either the domain\username or username@domain.com syntax for the username (for example, mydomain\paul).

When you sign in with a domain, Windows 8 works largely as it does otherwise, aside from whatever policy-based limitations your corporation has applied. Two obvious areas of difference include the new Metro-style Mail app : When you run this app, you may be required to accept the workplace’s more stringent Exchange ActiveSync (EAS)-based policy, as you can see in Figure 3. This requirement exists outside of whatever domain-based policies you may have in place as well.

Figure 3: EAS clients like Mail app will be required to conform to your workplace’s policies before they can be used with a work-based account.

c14f003_fmt

Likewise, the User Account control panels work differently with a domain.

Better Together

As is the case with each new version of Windows, Windows 8 comes with a number of new group policies that help administrators control new features that are specific to Windows 8. Some of these policies are Windows 8-specific, so they don’t require a certain version of Windows Server. This means they can be used with older versions of Windows Server, like Windows Server 2008 R2. Others are related to technologies that also require Windows Server 2012, the Server version of Windows 8. These products can work in tandem to deliver certain technologies in truly modern workplaces. Suffice to say, that’s pretty rare.

Domain users are probably familiar with the myriad of ways in which their corporate overlords can control their computing experience. And in each new version of Windows, Microsoft adds to these capabilities, which are exposed through a technology called Group Policy, part of Active Directory. To give you a taste of what to expect, Table 1 highlights some of the over 150 new Windows 8-specific policies that have been added to Group Policy.

Table 1: Top New Windows 8 Group Policies

Policy name Description
Allow all trusted apps to install Manage the installation of app packages that do not originate from the Windows Store. When enabled, you can install any trusted app.
Do not display the lock screen Controls whether the lock screen appears for users. If enabled, users will see their user tile after locking their PC.
Turn on PIN sign-in Controls whether a domain user can sign in using a numeric PIN. If disabled or not configured, a domain user can’t set up and use a PIN.
Turn off picture password sign-in Controls whether a domain user can sign in using a picture password. If disabled or not configured, a domain user can’t set up and use a picture password.
Turn off switching between recent apps If enabled, users will not be allowed to switch between recent apps and the App Switching option in PC Settings will be disabled.
Windows To Go Default Startup Options Controls whether the PC will boot to Windows To Go if a USB device containing a Windows To Go workspace is connected, and controls whether users can make changes using the Windows To Go Startup Options control panel item.
Turn off File History Allows you to turn off File History. If enabled, File History cannot be activated to create regular, automatic backups. Otherwise, File History can be activated.
Turn off access to the Store Specifies whether to use the Store service for finding an app or application to open a file with an unhandled file type or protocol association.
Turn off the Store application Denies or allows access to the Windows Store app. If enabled, access to the Windows Store application is denied.
Turn off app notifications on the lock screen Allows you to prevent app notifications from appearing on the lock screen.
Do not sync This turns off and disables the “sync your settings” switch on the “sync your settings” page in PC Settings. If enabled, “sync your settings” will be turned off, and none of the “sync your setting” groups will be available. Note: Additional related policies let you control syncing of app settings, passwords, personalization, other Windows settings, browser settings, desktop personalization, and more.
Prevent users from uninstalling applications from Start If enabled, users cannot uninstall apps from Start.
Allow Secure Boot for integrity validation Configures whether Secure Boot will be allowed as the platform integrity provider for BitLocker operating system drives. Secure Boot ensures that the PC’s pre-boot environment only loads digitally signed firmware.
Configure Windows SmartScreen Manages the behavior of Windows SmartScreen.
Start Windows Explorer with ribbon minimized This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
Set Cost Configures the cost of Wireless LAN connections on the local machine. If enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of these connections. (There are related policies, Set 3G Cost and Set 4G Cost, for cellular data connections.)
Turn off tile notifications If enabled, apps and system features will not be able to update their tiles and tile badges in the Start screen.
Turn off toast notifications If enabled, apps will not be able to raise toast notifications. (This policy does not affect taskbar notification balloons.)
Turn off toast notifications on the lock screen If enabled, apps will not be able to raise toast notifications on the lock screen.
 
Others
 
- Windows 8 : Customizing the Start Screen (part 5) - Adding Shutdown and Restart Tiles to the Start Screen, Customizing the Start Screen Background
- Windows 8 : Customizing the Start Screen (part 4) - Pinning a Website to the Start Screen,Displaying the Administrative Tools on the Start Screen
- Windows 8 : Customizing the Start Screen (part 3) - Turning Off a Live Tile, Pinning a Program to the Start Screen
- Windows 8 : Customizing the Start Screen (part 2) - Creating an App Group
- Windows 8 : Customizing the Start Screen (part 1) - Resizing a Tile, Moving a Tile
- Windows 8 : Creating and using Hyper-V virtual machines (part 3) - Using a Hyper-V virtual machine
- Windows 8 : Creating and using Hyper-V virtual machines (part 2) - Creating a new virtual machine
- Windows 8 : Creating and using Hyper-V virtual machines (part 1) - Planning your virtual machines
- Learning about Hyper-V for Windows 8 (part 3) - What you need to know to succeed
- Learning about Hyper-V for Windows 8 (part 2) - Enabling Hyper-V
 
 
Top 10
 
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
- Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
- Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
- Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
- Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
programming4us programming4us
 
Popular tags
 
Video Tutorail Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8 BlackBerry Android Ipad Iphone iOS