Windows Editions

A+ Core 2 — 220-1102  |  Domain 1.1
Windows
Editions & Features
Home, Pro, Enterprise, and Education — understanding which edition ships with which capabilities is a core A+ 220-1102 objective.
19 Slides Domain 1.1 Editions • BitLocker • Group Policy • Upgrade Paths Exam 220-1102
Slide 2 of 19
Why Editions Matter
The feature set a user or admin can access is locked by their Windows edition.
Exam Weight
Domain 1.1 "Identify basic features of Microsoft Windows editions" is consistently tested. Questions describe a business scenario and ask which edition is required or appropriate.
Technician Impact
A client calls: BitLocker is not available. You look at winver and see Windows 11 Home. Diagnosis complete — BitLocker Drive Encryption requires Pro or higher. Edition awareness saves diagnostic time.
Deployment Reality
Enterprises standardize on Pro or Enterprise. Education institutions use Education. Consumer hardware ships Home. Knowing the tier hierarchy lets you recommend upgrades without guessing.
A small business owner purchased 10 laptops with Windows 11 Home. They now need to join them to an Active Directory domain. You must inform them that domain join requires Pro or Enterprise — a field-level edition upgrade is needed before AD enrollment is possible.
Slide 3 of 19
The Four Core Editions
Windows 10 and 11 ship in four primary editions tested on A+ 220-1102.
Home
Consumer edition. Retail OEM. No domain join, no BitLocker, no Group Policy editor. Designed for personal use.
Pro
Business-tier consumer. Adds BitLocker, domain join, Hyper-V, Remote Desktop host, Group Policy editor.
Enterprise
Volume licensing only. Adds AppLocker, DirectAccess, BranchCache, Windows To Go (legacy), longer support.
Education
Enterprise-level features for academic institutions. Same feature parity as Enterprise. Licensed through academic programs.
32-bit (x86) Max RAM: 4 GB (practical ~3.2 GB) Address space: 2^32 = 4,294,967,296 Can run 32-bit apps only Cannot use PAE beyond ~3.2 GB usable VS 64-bit (x64) Max RAM: 128 GB (Home), 2 TB (Pro/Ent) Address space: 2^64 (theoretical) Runs 64-bit AND 32-bit apps (WOW64) Windows 11 is 64-bit ONLY
Tier Hierarchy
Home < Pro < Enterprise = Education. Each tier inherits all features from tiers below it. Pro for Workstations sits between Pro and Enterprise for high-end hardware support (NVMe RAID, AMD EPYC/Intel Xeon).
Slide 4 of 19
Edition Feature Matrix
Key features by edition — the most exam-tested comparison.
FEATURE HOME PRO ENTERPRISE EDUCATION BitLocker Encryption X Domain Join (AD) X Group Policy Editor (gpedit) X Remote Desktop (host) X Hyper-V Virtualization X AppLocker / Software Restriction X X BranchCache / DirectAccess X X
Slide 5 of 19
Windows Home
Consumer edition — most common OEM install on purchased hardware.
What It Includes
Cortana, Microsoft Store, Windows Hello, Edge, OneDrive integration, Windows Defender, Windows Update, basic local user accounts, HomeGroup (removed in 1803+), WSL 2.
What It Lacks
No BitLocker (Device Encryption partial), no domain join, no gpedit.msc, no Remote Desktop host, no Hyper-V, no Assigned Access (kiosk mode), no AppLocker.
Licensing
OEM (tied to hardware) or retail. OEM cannot be transferred to new hardware. Retail can. Most consumer laptops and desktops ship with OEM Home.
Exam Trap
Windows 11 Home does include "Device Encryption" on qualifying hardware — this is NOT the same as full BitLocker. BitLocker with management controls (BitLocker Drive Encryption via Control Panel, manage-bde) requires Pro or higher.
Slide 6 of 19
Windows Pro
The minimum edition for business workstation deployment in most organizations.
BitLocker
Full disk encryption using AES. Managed via Control Panel, manage-bde.exe, or MDM. Requires TPM 2.0 for OS drive protection. Recovery key stored in AD or Azure AD. Protects data at rest if the drive is physically removed.
Domain Join & Azure AD
Join Windows Server Active Directory domains or Azure AD tenants. Required for Group Policy application from a domain controller, SSO to corporate resources, and centralized patch management via WSUS or Intune.
Remote Desktop Host
Accept inbound RDP connections (port 3389). Home can only be an RDP client. Pro can be both client and server. Enable via Settings > System > Remote Desktop, or via sysdm.cpl.
Group Policy Editor
gpedit.msc. Locally apply security policies, software restrictions, drive mapping, and user rights without a domain. Critical for standalone Pro workstation hardening.
Hyper-V
Type-1 hypervisor built into Pro and above. Requires 64-bit CPU with SLAT. Create and run VMs locally. Exam: Home does not support Hyper-V; use VirtualBox/VMware instead.
Slide 7 of 19
Windows Enterprise
Volume license edition with advanced management, security, and deployment features.
AppLocker
Whitelist or blacklist which applications users can run, by publisher, path, or hash rule. Applied via Group Policy. Replaces older Software Restriction Policies. Enterprise and Education only.
BranchCache
Caches content from central servers at branch office machines, reducing WAN bandwidth consumption. Operates in Distributed Cache or Hosted Cache mode.
DirectAccess
Always-on remote access without a traditional VPN client. Uses IPv6 over IPsec tunnels. Requires Windows Server 2012 R2 or later on the server side. Being superseded by Always On VPN in newer deployments.
Licensing Model
Enterprise is not available at retail. It requires volume licensing through Microsoft (EA, Open Value, or CSP). Organizations manage activation via KMS (Key Management Service) or MAK (Multiple Activation Key). No single-unit retail purchase path.
Slide 8 of 19
Windows Education
Enterprise feature parity for academic institutions under academic licensing agreements.
Feature Parity with Enterprise
Education includes AppLocker, BranchCache, DirectAccess, and all Pro features. Functionally equivalent to Enterprise. The difference is licensing channel, not capability.
Academic Licensing
Available through Microsoft Enrollment for Education Solutions (EES) and Shape the Future programs. Often includes faculty, staff, and student use rights. Priced per-device or per-user.
EditionLicensing ChannelTypical Deployer
HomeOEM / RetailConsumer PC purchaser
ProRetail / OEM / CSPSMB, IT-managed workstations
EnterpriseVolume License (EA, CSP)Medium-to-large enterprise IT
EducationAcademic Volume License (EES)K-12, colleges, universities
Slide 9 of 19
BitLocker Deep Dive
Full disk encryption — Pro, Enterprise, and Education only.
How It Works
BitLocker encrypts the entire volume using AES-128 or AES-256. The Volume Master Key (VMK) is sealed by the TPM. Without the TPM releasing the key at boot, the drive reads as unreadable ciphertext on any other machine.
TPM Requirement
TPM 2.0 is required for OS drive encryption without a startup PIN or USB key. TPM validates the boot environment; if the BIOS or bootloader changes, TPM withholds the key and prompts for the recovery key.
Recovery Key
48-digit numeric key generated at encryption time. Should be saved to AD, Azure AD, USB, or printed. Technicians retrieve this from Active Directory Users and Computers or the Azure portal when a locked drive is presented.
Plaintext Drive data AES-128/256 Encryption engine FVE driver Ciphertext Encrypted volume VMK sealed here TPM 2.0 Seals / releases Volume Master Key unlock Recovery Key 48-digit backup key fallback TPM validates boot environment; changed BIOS = key withheld = recovery key required
Exam Focus
Know the command: manage-bde -status C: shows encryption state. manage-bde -on C: -recoverypassword enables BitLocker from the command line. Questions may present a scenario where a drive cannot be read after hardware swap — the answer involves the BitLocker recovery key.
Slide 10 of 19
Remote Desktop Protocol
RDP allows graphical remote access to Windows desktops and servers.
Client vs. Host
Every Windows edition includes the RDP client (mstsc.exe). Only Pro, Enterprise, and Education can serve as the RDP host (accept incoming connections). Home blocks incoming RDP by design.
Port & Security
Default port: TCP 3389. Network Level Authentication (NLA) requires credentials before the full session loads, reducing attack surface. Enable NLA via System Properties > Remote tab > "Allow connections only from computers running Remote Desktop with NLA."
Enable Steps
Settings > System > Remote Desktop > toggle On. Or: sysdm.cpl > Remote tab. Or: PowerShell: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0.
Firewall Rule
Enabling Remote Desktop automatically creates a Windows Firewall inbound rule allowing TCP 3389. If manually blocked or deleted, connections will fail. Verify with: netsh advfirewall firewall show rule name="Remote Desktop".
Session Limits
Pro/Enterprise workstation: 1 concurrent remote session. Windows Server: multiple concurrent sessions via Remote Desktop Services (RDS) with appropriate licensing (CALs). Exam will not confuse workstation and server RDS.
Slide 11 of 19
Group Policy Editor
gpedit.msc — available on Pro, Enterprise, and Education. Not on Home.
Local Group Policy
gpedit.msc applies policies to the local machine only. Organized into Computer Configuration and User Configuration trees. Contains Security Settings, Administrative Templates, Software Settings. No domain required.
Domain Group Policy
On domain-joined machines, domain GPOs from the DC override local policy (LSDOU processing order: Local, Site, Domain, OU). Managed via Group Policy Management Console (gpmc.msc) on Windows Server or admin workstations.
Key Policy Locations
Password policy: Computer Config > Windows Settings > Security Settings > Account Policies > Password Policy. Disable USB drives: Computer Config > Admin Templates > System > Removable Storage Access. Restrict Control Panel: User Config > Admin Templates > Control Panel > Prohibit access to Control Panel.
A technician receives a call: "I can't open gpedit.msc — it says it was not found." Before guessing malware, ask: what edition of Windows? Home does not ship with gpedit.msc. The answer is edition, not a missing file.
Slide 12 of 19
Hyper-V Virtualization
Pro and above only. Type-1 hypervisor built into Windows.
Requirements
64-bit CPU with SLAT (Second Level Address Translation). Hardware virtualization enabled in BIOS/UEFI (Intel VT-x or AMD-V). Minimum 4 GB RAM. Windows Pro, Enterprise, or Education. Not available on Home or ARM editions.
Enable Method
Turn Windows features on or off > check Hyper-V. Or: DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V. Requires reboot. Hyper-V Manager (virtmgmt.msc) then available for VM creation.
Use Cases
Run test VMs, legacy OS environments, isolated development environments, sandbox testing. Docker Desktop on Windows uses Hyper-V or WSL 2 as its container engine depending on configuration.
Conflict Note
Enabling Hyper-V installs a hypervisor layer between the hardware and Windows. Some third-party hypervisors (older VMware Workstation, VirtualBox) cannot run simultaneously with Hyper-V enabled. Check compatibility before enabling.
Slide 13 of 19
Edition Upgrade Paths
In-place edition upgrades are supported without reinstalling Windows.
From EditionCan Upgrade ToMethodData Preserved
HomeProSettings > Update > Activation > Change product keyYes
ProEnterpriseVolume license key / MDM enrollmentYes
ProEducationAcademic product key or EESYes
HomeEnterpriseNot directly supported in-placeRequires clean install
Home Consumer Product Key Pro Business / Power VL / MDM Enterprise Large org / SA EES / Academic Education Schools / EDU NOT direct — clean install required
Home to Pro Cost
As of Windows 11, the in-place upgrade from Home to Pro can be purchased from the Microsoft Store directly within Settings > Activation. The upgrade is ~$99 USD retail and preserves all data, apps, and settings.
Downgrade Not Supported
You cannot in-place downgrade from Pro to Home or Enterprise to Pro without a clean install. This is tested: a scenario asking how to move from Enterprise to Home requires reinstallation, not a key swap.
Slide 14 of 19
Windows 10 vs. Windows 11 Requirements
Windows 11 introduced hardware requirements that blocked many existing PCs.
Windows 10 Requirements
1 GHz CPU, 1 GB RAM (32-bit) or 2 GB (64-bit), 16/20 GB storage, DirectX 9 graphics. Broad hardware compatibility. EOL: October 14, 2025.
Windows 11 Requirements
1 GHz dual-core 64-bit CPU from approved list, 4 GB RAM, 64 GB storage, TPM 2.0, Secure Boot capable UEFI, DirectX 12 graphics with WDDM 2.0 driver, 720p display.
TPM 2.0 Gate
The most common reason a PC cannot upgrade to Windows 11 is TPM 2.0 not enabled or not present. Check in BIOS/UEFI or run: tpm.msc. If TPM version shows 1.2, Windows 11 will not install. If TPM is not enabled in UEFI firmware settings, enable it under Security or Advanced settings.
PC Health Check Tool
Microsoft's PC Health Check app runs all Windows 11 hardware checks and reports pass/fail with specific failure reasons. A technician advising on upgrade eligibility should run this tool before quoting upgrade costs.
Slide 15 of 19
Windows Activation Methods
How Windows verifies a valid license with Microsoft.
Retail / OEM Key
25-character product key (XXXXX-XXXXX-XXXXX-XXXXX-XXXXX). Activates over the internet or phone. OEM keys are embedded in UEFI firmware (MSDM table) — no key entry needed on reinstall if Windows edition matches.
KMS (Key Management Service)
Enterprise volume activation. A KMS server activates clients internally. Requires a minimum of 25 machines for Windows KMS. Clients re-activate every 180 days. Used in large AD environments to avoid per-machine online activation.
MAK (Multiple Activation Key)
Volume key with a fixed activation count. Each activation consumes one count against Microsoft's servers. Used for small volume deployments or air-gapped systems that cannot reach a KMS server.
A workstation shows "Windows is not activated" after being reimaged. It is on an Enterprise license. The volume license administrator checks the KMS server — the workstation's FQDN is not resolving, so KMS discovery is failing. Fix DNS, run: slmgr /ato to force activation.
Slide 16 of 19
Identifying Editions: Tools
Commands and utilities to determine Windows edition, version, and build in the field.
winver
Run from Start or Win+R. Displays the Windows edition name, version (e.g., 22H2), and OS build number (e.g., 22621.2715). Quick way to confirm if a machine is Home vs. Pro before attempting unsupported operations.
systeminfo
Command Prompt: systeminfo. Returns OS Name (including edition), OS Version, OS Build Type, Processor, RAM, domain membership, hotfixes, and network adapters. Verbose output useful for remote triage.
Settings > System > About
GUI path. Shows Edition, Version, Installed on date, OS build, and Serial number. Also shows Device specifications: RAM, processor, system type (32-bit vs. 64-bit). Activation status at the bottom of the page.
PowerShell One-Liner
Get-WindowsEdition -Online — returns the edition name. (Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").ProductName — returns the full product name string including edition from the registry.
Slide 17 of 19
Domain vs. Workgroup
Network membership model is determined by both edition and organizational policy.
Workgroup
Peer-to-peer. Each machine manages its own user accounts and security. No centralized authentication. Maximum ~20 machines is practical. Home and Pro can join. No AD infrastructure required. Default state out of box.
Domain
Centralized authentication via Active Directory Domain Services (AD DS) on Windows Server. Users log in with domain credentials. GPOs applied centrally. Requires Pro, Enterprise, or Education — Home cannot join a domain.
CharacteristicWorkgroupDomain
Account managementLocal SAM per machineCentralized AD/LDAP
ScaleSmall (<20 practical)Unlimited
Policy managementLocal GPO onlyDomain/OU GPO
Windows edition requiredAnyPro, Enterprise, Education
Slide 18 of 19
Exam Scenario Drills
Match the requirement to the correct minimum edition.
1 Scenario: A user needs to enable BitLocker on their laptop. Current edition: Windows 11 Home. Answer: Upgrade to Pro before BitLocker Drive Encryption is available.
2 Scenario: IT needs to join 50 workstations to Active Directory. All have Windows 10 Home. Answer: Upgrade to Pro (or Enterprise via volume license). Home cannot join a domain.
3 Scenario: A university must deploy application restrictions via AppLocker to student labs. Answer: Requires Education or Enterprise. AppLocker is not available in Home or Pro.
4 Scenario: A developer wants to run Hyper-V VMs on their laptop. Current edition: Windows 11 Home. Answer: Upgrade to Pro. Hyper-V is not available on Home.
5 Scenario: A company needs to activate 300 Enterprise workstations without individual internet activation. Answer: Deploy a KMS server on the internal network. Each client activates against the KMS server.
6 Scenario: A user asks whether they can accept Remote Desktop connections on Windows 10 Home. Answer: No. RDP incoming connections require Pro, Enterprise, or Education. Home can only be an RDP client.
Slide 19 of 19
Windows Editions Summary
Key retention points for Domain 1.1.
Pro-Only Features (Not Home)
BitLocker, Domain Join, gpedit.msc, Remote Desktop host, Hyper-V, Assigned Access, Windows Sandbox, Encrypting File System (EFS).
Enterprise / Education Only
AppLocker, BranchCache, DirectAccess, Credential Guard, Device Guard, Long-Term Servicing Channel (LTSC) eligibility.
The Three Edition Rules for A+
1. BitLocker = Pro minimum.   2. Domain Join = Pro minimum.   3. AppLocker = Enterprise or Education only. These three rules cover the majority of edition-related exam questions in Domain 1.1.
If a question describes a feature and asks "which edition is required" — work backward from the feature. BitLocker, RDP host, gpedit, Hyper-V all point to Pro. AppLocker, BranchCache, DirectAccess point to Enterprise or Education. Everything else is available on Home.