Embed Size (px)
DESCRIPTION
Get These Slides: www.iteachcenter.org. Advanced Windows 8. Brent Williams, PhD [email protected] www.iteachcenter.org. Objectives. Continue From Windows 8 Intro Unique Features Group Policy Monitoring & Troubleshooting “Modern Apps” Share Your Ideas & Knowledge Questions - PowerPoint PPT Presentation
Citation preview
Objectives• Continue From Windows 8 Intro• Unique Features• Group Policy• Monitoring & Troubleshooting• “Modern Apps”• Share Your Ideas & Knowledge • Questions • Thoughts on Next Class
Windows Software Assurance(Volume Licensing)
• Must have to get Enterprise 8 / 8.1• Provides Unique Utilities• Latest Product Versions• Support Calls to MS• Deployment Planning• Training
Windows InTune• Cloud Based Management• Security & Compliance Management• Software and Patch Distribution• Policy Management• Windows, iOS, Android • $6 per user per month
Intune vs. Software Assurance
Deployment Toolkit 2012• MDT (MDT 2013 for 8.1)
– Light Touch Install– Install on One Server or WS– Add Automated Installation Kit (free)
• MDT with System Center– Zero Touch Install
• DeploymentWorkbench is main tool– www.microsft.com/mdt
Installing Windows 8 from Flash
• Need an ISO of Windows 8– Get www.isodisk.com
• Get & Install Flash Creation Tool– www.Sourceforge.net/projects/unetbooti
n/
– http://pcsupport.about.com/od/windows-8/a/install-windows-8-usb.htm
• You will need a Win 8 Key to install!
Dual-Booting Windows 8– Install to a separate hard drive
suggested– Install to a VHD– Can be separate partition
• Get EasyBCD to Edit Boot Menu– www.Neosmart.net/easybcd
“Windows To Go” USB Bootable
• Part of 8/8.1 Enterprise• Fully Installed 8 Image on CERTIFIED
USB 3 Flash• Boot from Flash and Go!• Basics
– Build a PC with Windows 8– Sysprep & Generate Wim file (Dism)– Run Windows To Go on another PC
• With Flash Key Installed
“Storage Spaces”• A way to aggregate disk drives into
one storage pool• With redundancy if desired• Configured with Control Panel
The Cloud• Many Providers Competing
– Skydrive– Dropbox– Google Drive– Many, many more
• May or may not have Metro Client• Be Careful!
– Do Files Fully Sync Locally?– If Not, How Long to Download?
SkyDrive• Cloud Based Storage
– 7GB Free, More Cheap• Metro – assumes mobile device so
does not cache local copy of all• Metro SkyDrive Client can be “My
Computer”• Desktop – Download and install
client. All can be cached locally if you choose.
WiFi
• Manually disconnect and that net is dropped from auto-reconnect
• Disconnect from one by connecting to another, it moves higher in list
Remove All Pre-Installed Modern Apps
– Short Sequence of PowerShell Commands
– http://www.thewindowsclub.com/erase-default-preinstalled-modern-apps-windows-8
Add Restart / Shutdown Tile• Desktop, Right Click, New, Shortcut• In Location Type (pick one)
– For Restart: Shutdown /r /t 0– For Shutdown: Shutdown /s /t 0
• Finishing the dialog. Right-click, Properties, Change Icon.
• Right click and copy icon to– C:\users\{user}\appdata\local\microsoft\
windows\application shortcuts
Domain Join• Set DNS if necessary• System Control Panel• Change Settings
– Enter domain name, etc.• After Reboot
– READ Login Screen – Administrator login must include domain
• mydomain\administrator
RSAT• Download:
www.microsoft.com/downloads– Get the right version 8/8.1 32/64 bit
• Installs in about 10 minutes• Auto-installs in Tile in Metro!• Preferred way to manage domain
– Group Policy– AD
Working Environment• Login as Administrator• Create OU Structure• Create a User, Login with User• Metro Store
– Domain account must be linked to MS account
– Install WeatherChannel• Create dummy MS account and Outlook
Working Environment 2• Metro Apps are in the User Profile,
AppData, LOCAL, Packages• Updates may be needed for each
user that logs in• Problems using Store? Updates
pending install
File/Folder Sharing/Security• Simple & Advanced Sharing• No “Shared” icon• Permission Unchanged• “Edit” button added
Group Policies & Preferences
Group Policy Central Store
• Not Needed with Server 2012 (8) or 2012R2 (8.1)
• Create Central Store– At a Windows 8 (8.1) Workstation
• Copy c:\%WINDIR%\PolicyDefinitions to Sysvol folder
– \sysvol\domain\Policies\...• Manage Domain Policies
– Gpmc.msc– Mmc
Group Policy• Use a Windows 8 PC to Edit Group
Policy– So you have the latest GPMC
• NEW POLICIES– 169 New Policies
• Get the Spreadsheet!• www.microsoft.com/downloads• Search for Group Policy
• Grouppolicy.biz
GP Example 1– Redirect Folders on Primary Computer
Only – Limit computers where redirection works for a
user. Requires Server 2012 Schema– Need computers distinguished name. Found in
AD Users and Computers, Computer, right click properties
• The primary computer is the one directly assigned to a user - such as their laptop, or a desktop in their cubicle - and therefore unlikely to change frequently.
GP Example 2• Turn off access to store
– User or Machine– System\Internet Communication
Management\Internet Communication settings
GP Example 3• Allow all trusted apps to install
– Must be on for side-loading apps– Machine– Windows Components\App Package
Deployment
GP Example 4• Prevent user from uninstalling
applications from start– User– Start Menu and Taskbar – About 20 from the bottom of a very long
list
• What’s the difference in ‘Start Menu’ and ‘Start’?
GP Example 5• Turn off picture password
– Machine– System\Logon
Other New Group Policy Examples
• Prevent user from uninstalling applications from
• Prevent changing lock screen image • Turn off Windows Location Provider
Other New Group Policy Examples
• Do not sync – Do not sync app settings – Do not sync passwords – Do not sync personalize – Do not sync other Windows settings – Do not sync desktop personalization – Do not sync browser settings – Do not sync on metered connections
Windows 8 Modern App Deployment
• Store Applications install• c:\users\<userName>\AppData\
Local directories• THIS IS NOT PART OF A ROAMING PROFILE
• If it’s not from the store, it’s side-loading
• ISSUE: RUP and Delete Cached Copy• http://support.microsoft.com/kb/2795607
Windows 8 Modern App Deployment with GP – P1
• User ONLY – not per machine. • Login must tie to MS account for Store apps• Use Configuration Manager 2012 SP1
– For in-house apps, you have two options for making Modern applications work. If you have an AD, you must make one group policy change. Change the “Allow all trusted apps to install” setting to enabled (Computer Configuration > Administrative Templates > Windows Components > App Package Deployment). This will allow you to load apps.
– Then use SCCM to side-load apps
More App Excitement• Apps need to be installed on each
device and logon session where the will be used
• Apps will need to updated on each device and user that logs on
• Microsoft Accounts can be linked to a maximum of 5 devices.
Part 2• Good Article:
http://superuser.com/questions/499340/install-a-windows-8-modern-ui-app-without-the-windows-store
• Required Reading: http://www.zdnet.com/the-enterprise-sideloading-story-on-windows-8-its-complicated-7000006742/
Monitoring Windows 8• Task Manager
– Excellent Redesign– Manage Services HERE
• Performance Monitor– Control Panel
• Performance and Tools• Advanced Tools
• Resource Monitor
Troubleshooting• System Restore
– System Control Panel• System Protection, System Restore
• Refresh Your PC– Reinstalls Windows – without disturbing apps or
user profile– Deletes User Installed Apps!
• RESET Your PC– Reinstalls Windows – removes all apps and files
DART – Diagnostic and Recovery Tools
• Assessment and Deployment Kit Must be Installed
• Part of MS Desktop Optimization Pack (MDOP)
• DART 8.0 SP1 Is Current Version• Essentially MS Ultimate Boot Disk
Troubleshooting Tools• Falcon Four Ultimate Boot• Ultimate Boot CD• Recover My Files• EasyBCD• Microsoft Fix It
– www.microsoft.com/fixit
Safe Mode?• No F8 Menu in Windows 8• Need Command Prompt (Win PE)
– Set• bcdedit /set {default} safeboot
minimal– Un-Do
• bcdedit /deletevalue {default} safeboot
• MSConfig useful for normal boot– See Boot tab
Windows 8 / IE 10• Spell checker• HTML 5 support• CSS3 support• Pan and zoom on touch devices• Different “Versions” Modern vs
Desktop• Modern allows pinning
Win 8 Return Start Button and Default to Desktop
– http://www.forbes.com/sites/jasonevangelho/2013/04/16/dont-wait-for-windows-8-1-get-its-two-best-features-right-now/
Windows 8.1• Start Button (sort of)• Direct to Desktop• New & Improved Apps• 3D Printer Support• Improved Search
• See http://technet.microsoft.com/en-us/windows/dn140266.aspx
Group Policy Start Deployment in 8.1
• Use Simple PowerShell script to capture layout details to XML file.
• File can be used in Group Policy to push Start
• See http://gpyall.com/archives/control-the-windows-8-1-start-screen-layout-with-group-policy/
Wrap-Up. Whew!
• Questions?• Email: [email protected]
• Comment Form• www.iteachcenter.org
– Evaluation at the top
Misc Notes
• Arrangement at– C:\users\{username}\appdata\local\
microsoft\windows\appsfolder.itemdata-ms
– Default is at: c:\users\default\appdata\local\microsoft\windows• Copy desired appsfolder.itemdata-ms here
• Start Screen Control – manage modern tiles– For Windows 8.1 See
http://gpyall.com/archives/control-the-windows-8-1-start-screen-layout-with-group-policy/
– For Windows 8 See http://blogs.technet.com/b/deploymentguys/archive/2012/10/26/start-screen-customization-with-mdt.aspx
– PowerShell cmdlet exports the start screen layout on a pre-configured PC as an XML file. This can then be delivered via a group policy to user PCs, ensuring a consistent tile layout. The resulting Start Screen Layout can be locked down, and tied to any sideloaded apps.
– Windows Store apps can be built into an image using standard deployment tools, or sideloaded via PowerShell and a sideloading key. With a common Start screen layout users will find tiles in consistent places, allowing them to quickly pick a new device; or start a new VDI session. Different users and groups can have different Start screen layouts, to go with different suites of tools, and you can also give some users customisation rights, while others are given a fixed layout that can’t be changed.
– Folder Sync with your server: If you don’t lock down devices appropriately, then as soon as a user connects their domain account to a Microsoft Account, they'll automatically be using the consumer SkyDrive service for storage. While a new Group Policy Object disables Windows 8.1's SkyDrive integration, you may want to take advantage of the new Work Folders synchronised storage to automatically sync users' files to your own servers.
– You need Server 2012 to get the most - Features like Branch Cache and DirectAccess depend on Windows Server 2012 (and on Windows Server 2012 R2 for the latest features), while others like the AppLocker application whitelist are controlled via Active Directory. With key features depending on Microsoft’s servers and services, Windows 8.1 Enterprise needs to be part of a Microsoft-centric network if you’re going to get the most from it.
– DirectAccess– AppLocker
