Windows 10: ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS

Discus and support ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS in Windows 10 Installation and Upgrade to solve the problem; How to turn on or off Windows features in Windows 10 by using Windows 2016 Group Policy Management... Discussion in 'Windows 10 Installation and Upgrade' started by Peter Matovolwa, Sep 16, 2021.

  1. PETER MATOVOLWA
    Peter Matovolwa Win User

    ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS


    How to turn on or off Windows features in Windows 10 by using Windows 2016 Group Policy Management

    :)
     
    Peter Matovolwa, Sep 16, 2021
    #1
  2. CHANGARI
    changari Win User

    Raising the windows domain and forest issues?


    hi,

    I run a domain that was all 2003 r2 servers. I recently upgraded all my domain controllers to windows 2012 r2.
    That went off without any problems.. Our trust relationships had no issues also.

    My first step was to raise the Domain and Forest levels past 2003 to 2008. This went off without a hitch.
    These are the features for raising the levels to 2008:

    • Features and benefits include all default Active Directory features, all features from the Windows Server 2003 domain functional level, plus:
    • Read-Only Domain Controllers – Allows implementation of domain controllers that only host read-only copy of NTDS database.
    • Advanced Encryption Services – (AES 128 and 256) support for the Kerberos protocol.
    • Distributed File System Replication (DFSR) – Allows SYSVOL to replicate using DFSR instead of older File Replication Service (FRS). It provides more robust and detailed replication of SYSVOL contents.

    Forest Level Windows Server 2008

    • Features and benefits include all of the features that are available at the Windows Server 2003 forest functional level, but no additional features. All domains that are subsequently added to the forest will operate at the Windows Server 2008 domain functional level by default.


    My next step is to raise the domain and forest to 2008 r2, then 2012, and finally 2012 r2. I have been trying to find out exactly what I could expect from raising the Domain and Forest for each step.

    The step involving 2008 r2 seems relatively a non issue. But getting the couple of new features seem very nice

    Domain Level Windows Server 2008 R2

    • All default Active Directory features, all features from the Windows Server 2008 domain functional level, plus 2 new features

    Forest Level Windows Server 2008 R2
    • All of the features that are available at the Windows Server 2003 forest functional level, plus the following features:


    • Active Directory Recycle Bin, which provides the ability to restore deleted objects in their entirety while AD DS is running. <== New Feature very cool
    • All domains subsequently added to the forest will operate at the Windows Server 2008 R2 domain functional level by default.

    Here is my big concerns for the next raising of domain and forest to 2012.

    Forest Level Windows Server 2012:

    • All of the features that are available at the Windows Server 2008 R2 forest functional level, but no additional features.
    • All domains subsequently added to the forest will operate at the Windows Server 2012 domain functional level by default.

    Domain Level Windows Server 2012 R2: <=====    Need to investigate more and why this post

    • DC-side protections for Protected Users. Protected Users authenticating to a Windows Server 2012 R2 domain can no longer:


    • Authenticate with NTLM authentication <==============(what issues may arise)
    • Use DES or RC4 cipher suites in Kerberos pre-authentication
    • Be delegated with unconstrained or constrained delegation
    • Renew user tickets (TGTs) beyond the initial 4-hour lifetime


    Will this affect my exchange anywhere users with remote access authenticating either clear of NTLM???
    and what would/may not to work properly day 1 when I raise the domain and forest to 2012. I cant really find anyone that can answer a straight question.

    Has anyone gone through this? what problems did you have, if any , if a lot???

    Any thoughts and suggestions will be much appreciated??

    thanks


    - - - Updated - - -

    One more point... I am not sure if I posted this to the correct forum.. So if I was wrong and it should be in a different one..
    PLEASE LET ME KNOW
     
    changari, Sep 16, 2021
    #2
  3. MARVIN BARC
    Marvin Barc Win User
    Windows 'domain'?

    Hello,

    Thank you for sharing your concern in the Microsoft Community. Follow these steps to find the domain name:

    • Press the Windows key + R then choose System.
    • The name of your computer will be listed as the Full computer name.
    • The domain your computer belongs to will be listed as the Domain. If, instead of Domain, you see Workgroup, your computer
      is not a member of any domain.

    If you have any questions or things you'd like to clarify, feel free to ask.
     
    Marvin Barc, Sep 16, 2021
    #3
  4. EDUCIT
    EducIT Win User

    ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS

    BitLocker automatically enabled when computer gets added to the domain?

    I talked to my boss about this issue, and he claims there is no domain group policy in place to automatically enable BitLocker when computers get added to the domain. Is there any way this could just be a security feature in Windows 10 that any computer
    added to any domain gets BitLocker encrypted by default, or is that not a thing that happens in Windows 10? I feel like it has to be a group policy. Are there any other ways BitLocker could get automatically enabled?
     
    EducIT, Sep 16, 2021
    #4
Thema:

ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS

Loading...

  1. ENABLING WINDOWS FEATURES OF DOMAIN COMPUTERS - Similar Threads - ENABLING FEATURES DOMAIN

  2. Disabled a computer account and then enabled it but still cannot log in to the domain

    in Windows 10 Gaming
    Disabled a computer account and then enabled it but still cannot log in to the domain: Hi AllDisabled a computer account and then enabled it but still cannot log in to the domain. Still get trust relationship error. The workstation has no local admin account to log in to and re add to domain.The domain user is not an admin to the PC.Is there any other way to re...

  3. Disabled a computer account and then enabled it but still cannot log in to the domain

    in Windows 10 Software and Apps
    Disabled a computer account and then enabled it but still cannot log in to the domain: Hi AllDisabled a computer account and then enabled it but still cannot log in to the domain. Still get trust relationship error. The workstation has no local admin account to log in to and re add to domain.The domain user is not an admin to the PC.Is there any other way to re...

  4. How to enable DHCP on a domain computer without local admin

    in Windows 10 Network and Sharing
    How to enable DHCP on a domain computer without local admin: So this is the somehow tough one for me. Keep in mind the person before me left the bare minimum of resources/ passwords for me. We noticed we couldn't remote into a computer, I took a look at it and noticed it had no internet and the ethernet was connected. After some time I...

  5. How to enable DHCP on a domain computer without local admin

    in Windows 10 Gaming
    How to enable DHCP on a domain computer without local admin: So this is the somehow tough one for me. Keep in mind the person before me left the bare minimum of resources/ passwords for me. We noticed we couldn't remote into a computer, I took a look at it and noticed it had no internet and the ethernet was connected. After some time I...

  6. How to enable DHCP on a domain computer without local admin

    in Windows 10 Software and Apps
    How to enable DHCP on a domain computer without local admin: So this is the somehow tough one for me. Keep in mind the person before me left the bare minimum of resources/ passwords for me. We noticed we couldn't remote into a computer, I took a look at it and noticed it had no internet and the ethernet was connected. After some time I...

  7. Computer Domain

    in Windows 10 Network and Sharing
    Computer Domain: I work IT for a company. A user had their old Laptop start to kick the bucket. I replaced said laptop with a different laptop that had been in use by another individual in the past. The laptop works great, though there is one issue, when using admin credentials or ".\user" on...

  8. Enabling Bitlocker on an Entire Domain

    in Windows 10 Customization
    Enabling Bitlocker on an Entire Domain: My team and I, are currently looking into enabling Bitlocker on 500+ computers. Doing this manually would be a grievous task as we are international. All of our desired computers are under a domain and are able to be controlled by group policy. Though, Bitlocker GPO does not...

  9. Optional Features Failing to Install - Win10 1809 - Domain Computer

    in Windows 10 Installation and Upgrade
    Optional Features Failing to Install - Win10 1809 - Domain Computer: I'm an early implementer of the October 2018 Release. I'm also the sys admin and need the full compliment of RSAT applications. These used to be installed after the upgrade was finished as standalone apps. With 1809, they are all to be installed as Optional Features. If...

  10. BitLocker automatically enabled when computer gets added to the domain?

    in AntiVirus, Firewalls and System Security
    BitLocker automatically enabled when computer gets added to the domain?: I talked to my boss about this issue, and he claims there is no domain group policy in place to automatically enable BitLocker when computers get added to the domain. Is there any way this could just be a security feature in Windows 10 that any computer added to any domain...