none
Standardizing Environment

    Question

  • Hi Guys

    I have received a requirement to address some of the concerns/requirements below from one of my customers. What do you think would be the best?to do this via Group policy or to have something like VDI or is there any other suggested product or solution?

    Standard applications such as email/intranet/office etc. should be part of the build and other apps should be based on role of the person. This information can be picked up from new user admin system and replicate.

    1. Standardize on one version of windows and a browser. if this is not possible discuss potential solutions

    2. Disable all unnecessary messages. Such as pop-ups etc

    3. Ensure all security is built into the standard build and no admin password is shared with users.

    4. Ensure a mechanism put in place for patch/version management

    5. Pay attention to look and feel

    6. Unnecessary browser warnings /messages to avoid. Standard search engine should define and locked. Security certificates should able install to browser including chrome

    7. Revise group policies - this through group policy

    Appreciate some advice

    Thanks

    Wednesday, August 31, 2016 7:23 AM

Answers

  • Hello,

    just wanna give you some ideas to some of your questions.

    1) Depending on your applications, drivers, hardwaremodels etc. pick a version of operating system and browser. For browsers you need to know if you need extensions, add-ons etc. and if they are availible to all browsers.

    To restrict usable browsers i would recommand the usage of Windows AppLocker.

    Some information are provided here: https://technet.microsoft.com/en-us/library/dd759117(v=ws.11).aspx

    2) For Windows and IE/Edge pick Group Policy. More amdx-Files for different Browsers like Firefox are available from Third-Party providers.

    3) Take LAPS in consideration: https://technet.microsoft.com/de-de/library/security/3062591.aspx

    4) This really depends on a lot of factors in your environment, e.g. WSUS, Intune, SCCM, ...

    Kind Regards

    Manuel Walz



    Wednesday, August 31, 2016 9:13 AM

All replies

  • Hello,

    just wanna give you some ideas to some of your questions.

    1) Depending on your applications, drivers, hardwaremodels etc. pick a version of operating system and browser. For browsers you need to know if you need extensions, add-ons etc. and if they are availible to all browsers.

    To restrict usable browsers i would recommand the usage of Windows AppLocker.

    Some information are provided here: https://technet.microsoft.com/en-us/library/dd759117(v=ws.11).aspx

    2) For Windows and IE/Edge pick Group Policy. More amdx-Files for different Browsers like Firefox are available from Third-Party providers.

    3) Take LAPS in consideration: https://technet.microsoft.com/de-de/library/security/3062591.aspx

    4) This really depends on a lot of factors in your environment, e.g. WSUS, Intune, SCCM, ...

    Kind Regards

    Manuel Walz



    Wednesday, August 31, 2016 9:13 AM
  • Hi,

    Are there any updates?

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 05, 2016 7:07 AM
    Moderator
  • hi

    Thanks for your responses. Yes i have reviewed them and trying my best to address as best as i could given your suggestions as well.

    Thanks

    Monday, September 05, 2016 7:19 AM
  • Hi Aaqib,

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, September 06, 2016 5:44 AM
    Moderator