Windows 10/11 Editions -- CompTIA A+ Core 2 -- The Forge

Slide 1 of 12  |  CompTIA A+ Core 2  |  Windows Editions
Windows 10/11 Editions
Home  •  Pro  •  Enterprise  •  Education  •  Pro for Workstations
The CompTIA A+ exam expects you to know which features are available in which Windows edition and when to recommend each. This deck covers the four main editions, their key differentiators -- BitLocker, domain join, Group Policy, Remote Desktop hosting, and Hyper-V -- and the decision logic for choosing the right edition.
12 Slides A+ Core 2 Objectives Operating Systems The Forge
Slide 2 of 12
The Four Main Editions
Microsoft ships Windows 10 and 11 in four primary editions. Each builds on the one below it, adding management and security features.
Home
Pre-installed on consumer PCs. Supports Windows Hello, Cortana, Device Encryption (if hardware supports it). Cannot join Active Directory domains. No Group Policy editor.
Pro
The business workhorse. Adds BitLocker, domain join, Group Policy, Remote Desktop hosting, Hyper-V, Windows Sandbox, and Assigned Access (kiosk mode).
Enterprise
Available only through Volume Licensing or Microsoft 365 E3/E5. Adds AppLocker, Credential Guard, BranchCache, DirectAccess, and Windows Defender Application Guard.
Education
Feature-equivalent to Enterprise but licensed for academic institutions. Available through academic Volume Licensing. Pre-configured with education-friendly defaults.
Slide 3 of 12
Windows Home Edition
The consumer baseline. Good enough for personal use, but missing every enterprise management feature the A+ exam tests on.
Key exam distinction: Home supports Device Encryption (automatic, if TPM + UEFI + Secure Boot + Modern Standby), but NOT full BitLocker with granular control. Home can connect TO a Remote Desktop session but cannot HOST one. Home users cannot run gpedit.msc -- Group Policy is Pro and above only.
When to Recommend Home
Personal use, home users, family PCs. No need for domain management, no IT department, no corporate compliance requirements. Cost-conscious buyers who only need web, email, and basic productivity.
When Home Falls Short
Any business environment. Cannot join domains. No centralized management via Group Policy. No BitLocker for removable drives. Cannot host Remote Desktop sessions for helpdesk support.
Upgrade Path
Home to Pro upgrade is available in-place via Settings > Update & Security > Activation. Enter a Pro product key or purchase from the Microsoft Store. No reinstall required. All files and apps are preserved.
Slide 4 of 12
Windows Pro Edition
The business standard. Every management feature the A+ exam tests on is available starting at Pro. This is the edition most IT departments deploy.
BitLocker
Full-volume encryption using AES-128 or AES-256. Requires TPM 1.2+ (TPM 2.0 recommended). Protects OS drive, fixed data drives, and removable drives (BitLocker To Go). Recovery key stored in AD or Azure AD.
Domain Join + Group Policy
Pro machines can join an on-premises Active Directory domain. This enables centralized Group Policy management: enforce password policies, deploy software, configure firewall rules, map drives, restrict Control Panel access -- all from a domain controller.
Remote Desktop Host
Pro can accept incoming RDP connections (port 3389). Home can only initiate outgoing connections. This is a critical distinction for helpdesk scenarios: to remotely manage a user's PC, that PC must run Pro or higher.
Slide 5 of 12
Enterprise & Education
Enterprise and Education sit at the same feature tier. Enterprise requires Volume Licensing; Education uses academic licensing. Both add advanced security features beyond Pro.
AppLocker
Application whitelisting that goes beyond Software Restriction Policies. Create rules based on publisher, path, or file hash. Control which executables, scripts, Windows installers, and DLLs users can run. Enterprise/Education only -- not available in Pro.
BranchCache
Caches content from remote servers at the branch office. Two modes: Distributed (peer-to-peer between branch PCs) and Hosted (dedicated cache server at the branch). Reduces WAN traffic for file servers, web servers, and WSUS updates.
Credential Guard
Uses virtualization-based security (VBS) to isolate NTLM hashes and Kerberos tickets in a secure container that even the OS kernel cannot access. Defeats pass-the-hash and pass-the-ticket attacks. Requires UEFI, Secure Boot, and a 64-bit CPU with VT-x/AMD-V.
Slide 6 of 12
BitLocker Drive Encryption
Full-volume encryption. Protects data at rest if a laptop is stolen or a drive is removed. Pro, Enterprise, and Education only. The exam loves BitLocker.
TPM Requirements
BitLocker works best with TPM 2.0 (TPM 1.2 minimum). The TPM seals the encryption key to the hardware. If the boot configuration changes (new BIOS, different boot order), TPM refuses to unseal -- triggering recovery mode. Without a TPM, BitLocker can use a USB startup key instead (requires Group Policy change).
Encryption Modes
Used Disk Space Only: faster, encrypts only written data. Best for new drives. Full Encryption: encrypts entire volume including free space. Best for drives that previously contained data. XTS-AES: newer mode for fixed drives. CBC-AES: compatible mode for removable drives.
Management Commands
manage-bde -status shows encryption status. manage-bde -on C: enables BitLocker. manage-bde -protectors -get C: shows recovery key. In PowerShell: Enable-BitLocker, Get-BitLockerVolume. Control Panel > BitLocker Drive Encryption provides the GUI.
Slide 7 of 12
Domain Join & Group Policy
Pro and above can join Active Directory domains. Group Policy is the centralized management engine: one policy object can configure thousands of machines.
Joining a Domain
Settings > Accounts > Access work or school > Connect > Join this device to a local Active Directory domain. Requires: Pro or higher edition, network connectivity to a DC, DNS pointing to the DC, and an account with permission to add computer objects to AD. Azure AD join is a separate option for cloud-only orgs.
Group Policy Processing
GPOs apply in LSDOU order: Local, Site, Domain, OU. Later policies override earlier ones. Computer policies apply at startup; user policies apply at login. Use gpupdate /force to refresh manually. gpresult /r shows effective policy for current user/computer.
Local Group Policy
Even without a domain, Pro machines have a local Group Policy editor (gpedit.msc). Useful for standalone workstation hardening: password complexity, account lockout, audit policies, restricting removable storage, configuring Windows Firewall. Home edition does NOT have gpedit.msc.
Slide 8 of 12
Remote Desktop & Hyper-V
Two Pro-and-above features the exam tests heavily. RDP enables remote management; Hyper-V enables local virtualization. Know the edition requirements for each.
RDP Exam Points
Default port: 3389/TCP. Home edition can use the RDP client (mstsc.exe) to connect to other machines but cannot accept incoming connections. NLA (Network Level Authentication) is the recommended security setting. Multiple monitors and drive redirection are supported. Only one interactive session at a time on workstation OS.
Hyper-V Requirements
64-bit processor with SLAT (Second Level Address Translation). Intel VT-x or AMD-V must be enabled in BIOS/UEFI. Minimum 4 GB RAM (more recommended). Pro, Enterprise, or Education edition. Windows Home does NOT support Hyper-V. Enable via Turn Windows features on or off.
Windows Sandbox
Lightweight, disposable desktop environment. Uses Hyper-V technology under the hood. Opens an isolated Windows instance for testing suspicious files or software. Everything is deleted when you close it. Pro and above only. Must be enabled as an optional Windows feature.
Slide 9 of 12
Pro for Workstations
A specialized edition built for high-performance hardware: server-grade processors, massive RAM, and resilient file systems. Know this exists for the exam.
Pro for Workstations targets engineers, data scientists, and creative professionals running CAD, 3D rendering, scientific simulations, or large datasets. The exam expects you to know it exists and its key differentiators: ReFS data volume support, 4 CPU sockets, 6 TB RAM limit, and persistent memory (NVDIMM-N) support.
Who Needs This
Engineering firms with multi-socket Xeon workstations running SolidWorks or CATIA. Video production houses rendering 8K footage. Research labs running massive datasets. Anyone pushing standard Pro's 2-socket / 2TB RAM limits.
ReFS Key Points
Resilient File System detects and auto-corrects silent data corruption. Cannot be used as a boot volume (OS must be on NTFS). Supports large volumes and file sizes. Uses checksums for metadata integrity. Ideal for Hyper-V workloads and Storage Spaces Direct.
Slide 10 of 12
Feature Comparison Matrix
The exam-ready cheat sheet. Memorize which features belong to which edition.
Exam Tip
The key breakpoints to memorize: Home has NONE of the management features. Pro adds BitLocker, domain join, Group Policy, RDP host, and Hyper-V. Enterprise/Education add AppLocker, Credential Guard, and BranchCache on top of Pro. Education equals Enterprise with academic licensing.
Slide 11 of 12
Choosing the Right Edition
The exam gives you a scenario and expects you to recommend the correct edition. Use this decision flowchart.
Scenario: Small Law Firm
10 employees, needs BitLocker for client confidentiality, domain join for centralized user accounts, Group Policy for security baselines. Does NOT need AppLocker or BranchCache. Answer: Windows Pro. Enterprise features are overkill; Home lacks required management.
Scenario: University Computer Lab
200 shared workstations. Needs application whitelisting (AppLocker) to prevent students from installing unauthorized software. Credential Guard for kiosk security. Academic licensing available. Answer: Windows Education. Same features as Enterprise at academic pricing.
Scenario: Home User
Retired teacher, uses PC for email, web browsing, and video calls with grandchildren. No corporate network, no compliance requirements. Answer: Windows Home. No reason to pay for Pro features that will never be used.
Scenario: Fortune 500 Enterprise
50,000 endpoints. Requires advanced threat protection with Credential Guard, application control with AppLocker, BranchCache for 200 branch offices, and DirectAccess for remote workers. Answer: Windows Enterprise. Only volume-licensed Enterprise provides the full security stack.
Slide 12 of 12
Windows Editions Summary
Key takeaways for the CompTIA A+ Core 2 exam.
1Home is consumer-only. No BitLocker, no domain join, no Group Policy, no RDP host, no Hyper-V. Has Device Encryption if hardware qualifies.
2Pro is the business standard. Adds every management feature the exam tests: BitLocker, domain join, Group Policy (gpedit.msc), RDP host, Hyper-V, Windows Sandbox.
3Enterprise adds advanced security. AppLocker, Credential Guard, BranchCache, DirectAccess. Available only through Volume Licensing or Microsoft 365 E3/E5.
4Education = Enterprise with academic licensing. Same feature set, different licensing model. Pre-configured with education-friendly defaults.
5Pro for Workstations supports ReFS data volumes, 4 CPU sockets, 6 TB RAM, and persistent memory. Targets high-performance hardware.
Next: Windows Settings App  |  System • Devices • Network • Apps • Accounts • Update & Security