Advanced Windows 8

idleheadedceleryΚινητά – Ασύρματες Τεχνολογίες

10 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

100 εμφανίσεις

Advanced Windows 8

Brent Williams, PhD

brent@kennesaw.edu

www.iteachcenter.org

Get These Slides:
www.iteachcenter.org


Objectives


Continue From Windows 8 Intro


Unique Features


Group Policy


Monitoring & Troubleshooting


“Modern Apps”


Share Your Ideas & Knowledge


Questions


Thoughts
on
Next Class


Windows

Software Assurance

(Volume Licensing)


Must have to get Enterprise

8

/ 8.1


Provides Unique Utilities


Latest Product Versions


Support Calls to MS


Deployment Planning


Training

Windows
InTune


Cloud Based Management


Security & Compliance
Management


Software and Patch Distribution


Policy Management


Windows,
iOS
, Android


$6 per user per month

Intune

vs. Software
Assurance


Deployment Toolkit 2012


MDT (MDT 2013 for 8.1)


Light Touch Install


Install on One Server or WS


Add Automated Installation Kit (free)


MDT with System Center


Zero Touch Install


DeploymentWorkbench

is main
tool


www.microsft.com/mdt

Installing Windows 8 from
Flash


Need an ISO of Windows 8


Get
www.isodisk.com


Get & Install Flash Creation Tool


www.Sourceforge.net/projects/unetb
ootin/



http://pcsupport.about.com/od/windo
ws
-
8/a/install
-
windows
-
8
-
usb.htm


You will need a Win 8 Key to
install!

Dual
-
Booting Windows 8


Install to a separate hard drive
suggested


Install to a VHD


Can be separate partition


Get
EasyBCD

to Edit Boot Menu


www.Neosmart.net/easybcd

“Windows

To Go”

USB Bootable


Part of 8/8.1 Enterprise


Fully Installed 8 Image on
CERTIFIED USB 3 Flash


Boot from Flash and Go!


Basics


Build a PC with Windows 8


Sysprep

& Generate
Wim

file (
Dism
)


Run Windows To Go on another PC


With Flash Key Installed

“Storage Spaces”


A way to aggregate

disk

drives
into one storage pool


With redundancy if desired


Configured with Control Panel

The Cloud


Many Providers Competing


Skydrive


Dropbox


Google Drive


Many, many more


May or may not have Metro Client


Be Careful!


Do Files Fully Sync Locally?


If Not, How Long to Download?

SkyDrive


Cloud Based Storage


7GB Free, More Cheap


Metro


assumes

mobile device so
does not cache local copy of all


Metro SkyDrive Client can be “My
Computer”


Desktop


Download and install
client. All can be cached locally if
you choose.

WiFi



Manually disconnect and that net
is dropped

from auto
-
reconnect


Disconnect from one by
connecting to another, it moves
higher in list

Remove All Pre
-
Installed
Modern

Apps


Short Sequence of PowerShell
Commands



http://www.thewindowsclub.com/eras
e
-
default
-
preinstalled
-
modern
-
apps
-
windows
-
8


Add Restart / Shutdown
Tile


Desktop, Right Click, New, Shortcut


In Location Type (pick one)


For Restart: Shutdown /r /t 0


For Shutdown: Shutdown /s /t 0


Finishing the dialog. Right
-
click,
Properties, Change Icon.


Right click and copy icon to


C:
\
users
\
{user}
\
appdata
\
local
\
microsoft
\
windows
\
application shortcuts

Domain Join


Set DNS if necessary


System Control Panel


Change Settings


Enter domain name, etc.


After Reboot


READ Login Screen


Administrator login must include
domain


mydomain
\
administrator

RSAT


Download:

www.microsoft.com/downloads


Get the right version 8/8.1 32/64 bit


Installs in abou
t 10 minutes


Auto
-
installs in Tile in Metro!


Preferred way to manage domain


Group Policy


AD

Working Environment


Login as Administrator


Create OU Structure


Create a User, Login with User


Metro Store


Domain

account must be linked to
MS account


Install
WeatherChannel


Create dummy MS account and Outlook
Email

Working Environment 2


Metro Apps are in the User Profile,
AppData
, LOCAL, Packages


Updates may be needed for each
user that logs in


Problems using Store? Updates
pending install

File/Folder

Sharing/Security


Simple & Advanced Sharing


No “Shared” icon


Permission Unchanged


“Edit” button added


Group Policies &
Preferences

Group Policy

Central

Store


Not

Needed with Server 2012 (8)
or 2012R2 (8.1)


Create Central Store


At a Windows 8 (8.1) Workstation


Copy c:
\
%WINDIR%
\
PolicyDefinitions to
Sysvol

folder


\
sysvol
\
domain
\
Policies
\
...


Manage Domain Policies


Gpmc.msc


Mmc

Group Policy


Use a Windows 8 PC to Edit Group
Policy


So you have the latest GPMC


NEW POLICIES


169 New

Policies


Get the Spreadsheet!


www.microsoft.com/downloads


Search

for Group Policy


Grouppolicy.biz

GP Example 1


Redirect Folders on Primary
Computer Only


Limit computers where redirection works for
a user. Requires Server 2012 Schema


Need computers distinguished name. Found
in AD Users and Computers, Computer, right
click properties


The primary computer is the one directly
assigned to a user
-

such as their laptop,
or a desktop in their cubicle
-

and
therefore unlikely to change frequently.

GP Example 2


Turn off
a
ccess to store


User or Machine


System
\
Internet
Communication
Management
\
Internet
Communication settings


GP Example 3


Allow all trusted apps to install


Must be on for side
-
loading apps


Machine


Windows Components
\
App Package
Deployment


GP Example 4


Prevent user from uninstalling
applications from start


User


Start
Menu and Taskbar


About

20 from the bottom

of

a very

long list



What’s

the
difference

in ‘Start
Menu’ and ‘Start’?

GP Example 5


Turn off picture password


Machine


System
\
Logon


Other New Group Policy
Examples


Prevent
user from uninstalling
applications from


Prevent changing lock screen
image


Turn off Windows Location
Provider


Other New

Group Policy
Examples


Do not sync



Do not sync app settings



Do not sync passwords



Do not sync personalize



Do not sync other Windows settings



Do not sync desktop personalization



Do not sync browser settings



Do not sync on metered connections


Windows 8 Modern App
Deployment


Store
Applications
install


c
:
\
users
\
<userName>
\
AppData
\
Local

dire
ctories


THIS
IS NOT PART OF A ROAMING
PROFILE


If it’s not from the store, it’s side
-
loading


ISSUE: RUP and Delete Cached

Copy


http://support.microsoft.com/kb/2795607


Windows 8 Modern App
Deployment

with GP


P1


User ONLY



not per machine.


Login must tie

to MS account for Store apps


Use Configuration Manager 2012 SP1


For in
-
house apps, you have two options for
making Modern applications work. If you have
an AD, you must make one group policy
change. Change the “Allow all trusted apps to
install” setting to enabled (Computer
Configuration > Administrative Templates >
Windows Components > App Package
Deployment). This will allow you to load apps.


Then use SCCM to side
-
load

apps

More App Excitement


Apps need to be installed on each
device and logon
session where
the will be used


Apps will need to updated on each
device and user that logs on


Microsoft
Accounts can be linked
to a maximum of

5 devices.

Part 2


Good Article:
http://superuser.com/questions/49
9340/install
-
a
-
windows
-
8
-
modern
-
ui
-
app
-
without
-
the
-
windows
-
store


Required Reading:
http://www.zdnet.com/the
-
enterprise
-
sideloading
-
story
-
on
-
windows
-
8
-
its
-
complicated
-
7000006742/


Monitoring Windows 8


Task Manager


Excellent Redesign


Manage Services HERE


Performance

Monitor


Control Panel


Performance

and Tools


Advanced Tools


Resource Monitor

Troubleshooting


System Restore


System Control Panel


System Protection, System Restore


Refresh Your PC


Reinstalls

Windows


without disturbing
apps or user profile


Deletes User Installed Apps!


RESET Your PC


Reinstalls Windows


removes all apps and
files

DART


Diagnostic and
Recovery

Tools


Assessment and Deployment

Kit
Must be Installed


Part of MS Desktop Optimization
Pack (MDOP)


DART 8.0 SP1 Is Current Version


Essentially
MS Ultimate Boot Disk



Troubleshooting Tools


Falcon Four Ultimate Boot


Ultimate Boot CD


Recover My Files


EasyBCD


Microsoft Fix It


www.microsoft.com/fixit


Safe Mode?


No F8 Menu in Windows 8


Need Command Prompt (Win PE)


Set


bcdedit

/set {default}
safeboot

minimal


Un
-
Do


bcdedit

/
deletevalue

{default}
safeboot


MSConfig

useful for normal boot


See Boot tab


Windows 8 / IE 10


Spell checker


HTML 5 support


CSS3 support


Pan and zoom on touch devices


Different “Versions” Modern
vs

Desktop


Modern allows pinning

Win 8 Return Start Button
and Default

to Desktop


http://www.forbes.com/sites/jasoneva
ngelho/2013/04/16/dont
-
wait
-
for
-
windows
-
8
-
1
-
get
-
its
-
two
-
best
-
features
-
right
-
now/

Windows 8.1


Start

Button (sort of)


Direct to Desktop


New & Improved Apps


3D Printer Support


Improved

Search



See
http://
technet.microsoft.com/en
-
us/windows/dn140266.aspx


Group Policy Start

Deployment in 8.1


Use Simple PowerShell script to
capture layout details to XML file.


File can be used in Group Policy
to push Start


See

http://gpyall.com/archives/control
-
the
-
windows
-
8
-
1
-
start
-
screen
-
layout
-
with
-
group
-
policy/



Wrap
-
Up.

Whew!



Questions?


Email:
brent@kennesaw.edu



Comment Form


www.iteachcenter.org


Evaluation at the top






Misc

Notes





Arrangement at


C:
\
users
\
{username}
\
appdata
\
local
\
mi
crosoft
\
windows
\
appsfolder.itemdata
-
ms


Default

is

at:
c:
\
users
\
default
\
appdata
\
local
\
micros
oft
\
windows


Copy

desired
appsfolder.itemdata
-
ms

here


Start Screen Control


manage
modern tiles


For Windows 8.1 See
http://gpyall.com/archives/control
-
the
-
windows
-
8
-
1
-
start
-
screen
-
layout
-
with
-
group
-
policy/



For Windows 8 See
http://blogs.technet.com/b/deploymen
tguys/archive/2012/10/26/start
-
screen
-
customization
-
with
-
mdt.aspx



PowerShell
cmdlet

exports the start
screen layout on a pre
-
configured PC
as an XML file. This can then be
delivered via a group policy to user
PCs, ensuring a consistent tile
layout. The resulting Start Screen
Layout can be locked down, and tied
to any
sideloaded

apps.


Windows Store apps can be built into
an image using standard deployment
tools, or
sideloaded

via PowerShell
and a
sideloading

key. With a
common Start screen layout users
will find tiles in consistent places,
allowing them to quickly pick a new
device; or start a new VDI session.
Different users and groups can have
different Start screen layouts, to go
with different suites of tools, and you
can also give some users
customisation

rights, while others
are given a fixed layout that can’t be
changed.


Folder Sync with your server:
If you
don’t lock down devices
appropriately, then as soon as a user
connects their domain account to a
Microsoft Account, they'll
automatically be using the consumer
SkyDrive service for storage. While a
new Group Policy Object disables
Windows 8.1's SkyDrive integration,
you may want to take advantage of
the new Work Folders
synchronised

storage to automatically sync users'
files to your own servers.


You need Server 2012 to get the
most
-

Features like Branch Cache
and
DirectAccess

depend on
Windows Server 2012 (and on
Windows Server 2012 R2 for the
latest features), while others like the
AppLocker

application whitelist are
controlled via Active Directory. With
key features depending on
Microsoft’s servers and services,
Windows 8.1 Enterprise needs to be
part of a Microsoft
-
centric network if
you’re going to get the most from it.


DirectAccess


AppLocker