5 Things That Every New Windows Desktop Admin Should Know
| technology | system admin - Colin Cohen

5 Things That Every New Windows Desktop Admin Should Know

So, you want to become a Windows desktop admin? Before you can, though, there are a handful of key skills that you must know. In this in-depth article, we will highlight each of these skills — and how you can master them.

Once you have mastered these five skills, you will also be well on your way toward passing the Microsoft 365 Certified: Modern Desktop Administrator Associate certification exam, which will prove to organizations that you have the admin abilities that they need.

1. Deploying and Updating Windows

The most fundamental task of a Windows desktop admin is deploying operating systems. This means installing the currently employed version of Windows onto an organization's devices. Traditionally, doing this has entailed installing Windows using an existing image of it. Because this requires so much time and effort on the part of desktop admins, today most organizations use a more automated approach.

There are a number of ways of doing this, and you must understand them all, because not all organizations deploy Windows in the same way. A dynamic approach to deployment allows you to deploy Windows more quickly than a traditional approach through a variety of methods, while a modern approach to deployment takes this concept one step further — by allowing users to deploy the OS themselves through the use of Windows Autopilot and in-place upgrades.

In organizations that have decided not to implement autopilot for their users, the following dynamic approaches exist:

  • Subscription Activation. Certain versions of Windows allow you to easily install an upgraded version of Windows through a simple activation process, without the need of entering keys or performing reboots. But this method has limited use cases.
  • Azure Active Directory (AAD) Join. In organizations that have implemented AAD, a user can configure their new Windows device with AAD, simply by entering their ID and password.
  • Provisioning Packages. You can deploy Windows through a self-contained package created by Windows Imaging and Configuration Designer (ICD). This process is less time consuming than a traditional deployment approach, but takes longer than other methods.

A Windows desktop admin must not only understand how to implement these approaches, but also how to configure, deploy and manage updates to the OS and how to manage device authentications.

You can learn all these skills through CBT Nuggets' Microsoft Windows 10: Deploy and Update training. This course is not some dry recitation of a textbook, but real-world training that will provide you with the deployment skills needed to pass this part of the certification exam, while also helping you succeed in your career.

2. Managing and Protecting Devices

Security is a pressing concern for every organization today, as one single data breach can seriously damage even the largest of companies. For this reason, one of the most important tasks of a Windows desktop admin is to securely manage and protect an organization's devices.

Desktop admins should learn how to use the two major Windows tools for managing and protecting devices: InTune and Defender.

Microsoft Intune

As a desktop admin in a modern organization, you must have expertise in Microsoft Intune. This cloud-based tool allows you to control the settings, features and security of all the devices that are in use at an organization, including bring-your-own-devices (BYODs) and those that use OSes other than Windows. Not only must you know how to enroll devices into Intune but also how to configure the application's settings and generate inventory reports.

Windows Defender

Desktop admins must further have extensive knowledge of Windows Defender. As a Windows user, you may think of this program as just another antivirus application. But it has many enterprise-level security features that you must master as well. This includes:

  • Application Guard. This helps organizations isolate sites that they have deemed untrustworthy.
  • Credential Guard. This prevents attackers from stealing credentials that could be used for attacks.
  • Exploit Guard. This adds intrusion protection capabilities to Defender.
  • Advanced Threat Protection. This helps organizations prevent, detect, investigate and respond to advanced threats.
  • Application Control. This lets organizations control what drivers and applications Windows devices can run.

Finally, as a desktop admin, you must know how to effectively monitor a device's security and health using a variety of common analytical tools.

Fortunately, there is a single point of reference that can teach you all of these skills. CBT Nuggets' Microsoft Windows 10: Manage and Protect training will walk you through all the necessary applications and give you hands-on expertise in performing all the critical tasks that employers need admin-wise.

3. Managing Apps and Data

Similarly to how a Windows desktop admin must deploy Windows and manage these deployments, an admin must also deploy apps — and manage both them and their data. Users depend on their applications in order to perform their jobs, and it will be up to you to make sure that they can properly access them.

As an admin, you must know the various means of deploying, updating and managing apps in a modern organization. Depending on your organization's policies and requirements, you will do this through either Intune, the Microsoft Store for Business or Office 365 ProPlus.

You must also know how to assign apps to a group and how to provision an app through sideloading, which is a media transfer through the use of such methods as USB, Bluetooth, Wi-Fi or memory cards, and you must have expertise in performing various configuration tasks.

As mobile devices have become increasingly more of a critical component of an enterprise's IT infrastructure, you must also manage the apps that run on these devices and their data. You do this through what is called mobile application management (MAM). This entails planning, implementing and managing MAM policies, while also implementing and configuring various information protection schemes.

Microsoft Windows 10: Manage Apps and Data training from CBT CBT Nuggets will teach you all these important skills.

4. Configuring Network Connectivity

There is arguably no area that a Windows desktop admin will handle that is more important than network connectivity. Without connectivity, users simply cannot perform their jobs. So, nothing frustrates them more than when they lack this connectivity.

When you become a desktop admin, you must have significant expertise in configuring all aspects of network connectivity. This can entail configuring the IP settings of devices and mobile network settings (including Wi-Fi profiles), as well as the configuration of any virtual private network (VPN) client that the organization supports.

More importantly, you must have skills in both troubleshooting the common connectivity problems that users face and the ability to resolve them in a timely manner. Also, because so many employees work remotely, either at home or at some off-site location, having skills in configuring remote connectivity is important, too. This can include configuring remote desktop access and remote management tools such as:

  • Remote Desktop. Remote Desktop is the software that allows a user on one computer to access another computer as if they were in front of it.
  • Remote Management. This is a Windows tool that manages device hardware remotely, allowing you to diagnose and fix problems.
  • PowerShell Remoting. PowerShell is a Windows admin scripting tool, and PowerShell remoting refers to running a script over a remote computer.

While providing network connectivity is a complex subject, the good news is that there is a course that will help you become an expert in it. It is called Microsoft Windows 10: Connecting Devices, and it will teach you everything that you need to know to provide network connectivity for users in a Windows environment. It will further give you the confidence to successfully answer the kind of connectivity questions that you will likely have to answer on the certification test.

5. Managing Policies and Profiles

In order to keep an organization and its devices running smoothly and consistently, a Windows desktop admin must be able to manage a wide range of user and device policies and profiles. In today's increasingly cloud-centric world, doing this involves using a combination of local tools such as Configuration Manager and Group Policy and cloud-based tools like AAD and Intune, and you must master these tools:

  • Configuration Manager. The Configuration Manager tool lets you, among other things, configure policies and profiles of Windows devices.
  • Group Policy. The Group Policy tool provides centralized configuration of policies and profiles within an Active Directory environment.
  • Azure Active Directory (AAD). AAD is a cloud-based tool that you can use to configure profiles and policies within an AAD environment.

Desktop admins must be able to recommend, plan and implement co-management policies that integrate these tools. You must further have the ability to migrate policies to mobile device management (MDM) policies. Also important are skills in planning, implementing and managing both conditional access and device compliance policies.

As a desktop admin, you may additionally be responsible for planning, implementing and managing device profiles, and you may have to configure user profiles, sync settings and folder redirection.

To learn all these skills, watch the CBT Nuggets training, Microsoft Windows 10: Policies and Profiles.

Wrapping Up

It's going to take time to build the knowledge required to be a successful Windows admin. However, with the right training, resources, and study approach, you can develop the needed skill set. Once you do that, you'll have opportunities to expand your not just your career, but your IT expertise.



Ultimate Security Cert Guide

A 62-page guide to every Palo Alto, Offensive Security, (ISC)2, Check Point, CompTIA, and Cisco certification, and how they fit into your career.

I have read and understood the privacy policy, and am able to consent to it.