Your Embedded Distributor - Microsoft

Your Embedded Distributor

Wolfgang Unger - MVP

Wolfgang Unger

Windows 7 is getting Embedded

Wolfgang Unger Technical Support

MVP for Windows Embedded

Wolfgang Unger

Wolfgang Unger

• Windows Management Instrumentation (WMI) Providers for Write Filters

• Write Filter Management Tools

• Windows® Internet Explorer 9

• .NET Framework 4.0

• Silverlight 4

Wolfgang Unger

Wolfgang Unger

• Windows 7 Ultimate based

• Installs a pre-configured OS

• Supports x86 and x64 architectures

• No Windows Activation needed

• Setup directly on the target device

• Unattended Setup – Setup Image Manager

Wolfgang Unger

Availability

Availability Support

2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020 2021 2022 2023 2024 2025 2026

Support Availability

Windowsxp Professional

for Embedded Systems Support

Windows Embedded

POSReady 2009

Support

Availability Support Windows 7 for Embedded Systems

Availability Support Windows Embedded

Standard 7

Availability Support Windows Embedded

POSReady 7

Availability

2024

2025

2024

2001

2003

2026

Wolfgang Unger

Language Packs

Bitlocker

Bitlocker To Go

DirectAccess

AppLocker

BranchCache

MultiTouch

TabletPC

VHD Boot

DISM

Windows Update

Speech API Wolfgang Unger

more than 30 Language Packs

– Arabic

– Bulgarian

– Chinese (traditional)

– Chinese (simplified)

– Croatian

– Czech

– Danish

– Dutch

– Estonian

– Finish

– French

– German

– Greek

– Hebrew

– Hungarian

– Italian

– Japanese

– Korean

– Latvian

– Lithuanian

– Polish

– Portuguese (Brasilian)

– Portuguese (Portugal)

– Romanian

– Russian

– Swedish

– Serbian

– Slovak

– Slovenian

– Spanish

– Thai

– Turkish

– Ukrainian

5 language packs are included

Wolfgang Unger

• Complete drive encryption

– Including hibernationfile, pagefile, etc.

• Decryption methods

– TPM only

– TPM + PIN

– TPM + PIN + USB Key

– TPM + USB Key

– USB Key only

Wolfgang Unger

• Bitlocker encryption for removable media

• Password can be stored in Windows Credential Manager

• Scripted mounting of protected drives

• ReadOnly tool for „older“ Windows versions

Wolfgang Unger

DirectAccess requires

• Windows 7 • Windows Server 2008 R2

• Connection to corporate network

without the need of VPN Wolfgang Unger

• Blacklist or Whitelist for applications

• Management options: – Filehash

– Path

– Publisher (Certificate)

• Execution modes – Block

– Monitor

Wolfgang Unger

• Distributed Mode

– No local server needed

Wolfgang Unger

• BranchCache requires

– Windows 7

– Windows Server 2008 R2 Wolfgang Unger

• Windows 7 desktop is optimized for touch

– Jumplists via gesture

– Bigger Taskbar

– Gesturecontrol

• Supports MultiTouch Displays

Wolfgang Unger

• Application with no touch support

– Windows support simple gestures (panning, zooming,…)

• Application with simple touch implementation

– Use touch events to track each touch point

– X/Y TouchDown – X/Y TouchUp, etc.

• Optimized for MultiTouch

– WM_TOUCH Messages

– Gets raw multitouch data

Wolfgang Unger

• Single-Touch support

– Gestures

• Handwriting recognition

• On-Screen Keyboard

– Logon Screen

Wolfgang Unger

• Virtual Hard Disk – Maximum size: 2TB

• Native boot from VHD – No speed loss

• Advantages – Versioning

– Backup

– Deployment

Wolfgang Unger

• Automated update of images – Tool which downloads new VHD file

– Save VHD to bootdrive (CF)

– Add bootmanager entry for the new VHD file

– Mark new entry as default entry

– Reboot

• Error – old image still available (Bootmanager)

• Success – Remove old VHD

• Tool: BootVHD – Tool to easy install/uninstall VHDs in bootmanager

– For unattended tools

Wolfgang Unger

http://wunger.spaces.live.com/blog/cns!9E6927A42561030E!1237.entry

• VHD Installation

– Install to HDD and transfer image to VHD

• Imagex

• Diskpart

• Imagex

• BCDEdit

– Direct installation into a VHD

• Boot Setup DVD

• Diskpart

• Run Setup

Wolfgang Unger

• Supports adding and removing features at runtime

• Online – in the running image

• Offline – Non-running image

– e.g. Windows PE

• Microsoft supports adding features offline only

Wolfgang Unger

DISM /image C:\ /add-package

/packagepath:<PathToThePackageDirectory>

DISM /image C:\ /add-package /packagepath:”e:\ds\WinEmb-

Keyboard-Filter.cab”

• A reboot is required after completion

Wolfgang Unger

• Update via Microsoft Server

– Windows Update „knows“ installed features

• Update via WSUS

– Test updates before deployment

– Device groups

Wolfgang Unger

• Microsoft Speech Recognition

• Microsoft Text-To-Speech

• Speech API 5.4

• Supported languages – U.S. English

– U.K. English

– Traditional Chinese

– Simplified Chinese

– Japanese

– German

– French

– Spanish

Wolfgang Unger

A problem has been detected and Windows has been shut down to prevent damage

to your computer.

INACCESSIBLE_BOOT_DEVICE

If this is the first time you‘ve seen this Stop error screen,

restart your computer. If this screen appears again, follow

these steps:

Check to make sure any new hardware or software is properly installed.

If this is a new installation, ask your hardware or software manufacturer

for any Windows Updates you might need.

If problems continue, disable or remove any newly installed hardware

or software. Disable BIOS memory options such as caching or shadowing.

If you need to use Safe Mode to remove or disable components, restart

your computer, press F8 to select Advanced Startup Options, and then

select Safe Mode.

Technical information:

*** STOP: 0x0000007B (0x000000002,0x00000000,0xF8CA5A81)

*** ntfs.sys – Address F8293AC82 base at F82930000, DateStamp 3cc291fb

Beginning dump of physical memory

Wolfgang Unger

HAL independent

Faster media playback

PowerShell

Enhanced Power Modes 3 sec. Standby

Wolfgang Unger

Wolfgang Unger

• Keyboard Filter Driver

• Enhanced Write Filter

• Hibernate Once Resume Many

• File Based Write Filter

• Registry Filter

• Embedded Shell Launcher

• USB Boot

• Custom Shell – MessageBox AutoReply

– Dialog Blocker

– Branding

Wolfgang Unger

• Blocks specific keys and key combination

• Easy configuration through Group Policy Editor

• Configurable to

block users only

• Does not block keys

at logon screen

Wolfgang Unger

Combined View for OS

Write Filter Overlay

Physical Disk Drive

Wolfgang Unger

Physical Disk Drive



Wolfgang Unger

• Works on block level

• Protection starts at boot

• No file or folder exceptions

• No Disk Mode

Wolfgang Unger

• Differential VHDs

• Master VHD on flash drive

• Differential VHD on hard disk drive

• Batchfile

– 2 differential VHDs

– Recreates differential VHD on startup

– Changes default boot entry to other VHD


Differential VHD

Master VHD

Physical Disk Drive

Wolfgang Unger

Differential VHD 2 Differential VHD 1

Master VHD

Physical Disk Drive

DEFAULT BOOT DEVICE DEFAULT BOOT DEVICE

Wolfgang Unger

• Speeds up boot process

• Always resumes state from hiberfil.sys

Wolfgang Unger



Physical Disk Drive

Wolfgang Unger

Physical Disk Drive



Excluded Folder

Wolfgang Unger

• Filterdriver on file level

• File and folder exceptions

• Virtual Size Display Mode

Wolfgang Unger

• Windows Management Instrumentation

Interface

– Overlaydetails

– State

– Configuration

• Management Tools

– Graphical interface to configure filters

– Filter information in Systray

Wolfgang Unger

• Exclusions for Registry

– TSCAL

– Domain Key

– Custom Exclusions in HKLM

Wolfgang Unger

• 1. drive recognized as fixed disk

• Support for multiple partitions

• Standby support

• Restrictions

– No Pagefile

– No Dump

– No Hibernation

Wolfgang Unger

A problem has been detected and Windows has been shut down to prevent damage

to your computer.

INACCESSIBLE_BOOT_DEVICE

If this is the first time you‘ve seen this Stop error screen,

restart your computer. If this screen appears again, follow

these steps:

Check to make sure any new hardware or software is properly installed.

If this is a new installation, ask your hardware or software manufacturer

for any Windows Updates you might need.

If problems continue, disable or remove any newly installed hardware

or software. Disable BIOS memory options such as caching or shadowing.

If you need to use Safe Mode to remove or disable components, restart

your computer, press F8 to select Advanced Startup Options, and then

select Safe Mode.

Technical information:

*** STOP: 0x0000007B (0x000000002,0x00000000,0xF8CA5A81)

*** ntfs.sys – Address F8293AC82 base at F82930000, DateStamp 3cc291fb

Beginning dump of physical memory

Wolfgang Unger

• 1. drive recognized as fixed disk

• Support for multiple partitions

• Standby support

• Restrictions

– No Pagefile

– No Dump

– No Hibernation

Wolfgang Unger

• Unbranded bootlogo

• Custom logon screen background

• Custom shell

• MessageBox AutoReply

• Dialog Blocker

Wolfgang Unger

• Bootlogo can be hidden

– Black Screen

• Vista-like Bootlogo can be used

• Configurable via msconfig

Wolfgang Unger

• Partner Coder for Life

• Tool to fully customize bootlogo

• Animated bootlogos

• Current ALTs do not allow customization

Wolfgang Unger

• Background image located in

C:\Windows\system32\oobe\info\backgrounds\BackgroundDefault.jpg

• Registry Modification

HKLM\Software\Microsoft\Windows\CurrentVersion\

Authentication\LogonUI\Background

OEMBackground = dword:1

• Other texts can be changed by modifying resource files

Wolfgang Unger

• Easy configuration

• Configurable Shell Close/Crash Behaviour

– Shutdown

– Restart OS

– Restart Shell

Wolfgang Unger

• Blocks all Windows MessageBox dialogs

• Default button will be returned

• Entry in Windows Application

Event Log is being created

• Configuration done via Windows Registry

Wolfgang Unger

• Blocks preconfigured dialogs

• Must be pre-configured

– Supports all dialog types

• Message Box

• Dialog / Task Dialog

• etc.

Wolfgang Unger

• .NET Implementation of OPOS

Wolfgang Unger

Wolfgang Unger

Wolfgang Unger

Wolfgang Unger

Wolfgang Unger

• Features must be added offline

• Boot Setup DVD

• Locate DVD drive and installation drive

DISM /image C:\ /add-package

/packagepath:<PathToThePackageDirectory>

DISM /image C:\ /add-package /packagepath:”e:\ds\WinEmb-

Keyboard-Filter.cab”

Wolfgang Unger

Wolfgang Unger

• 100% Free

• Developed from – Elbacom

– Microsoft

• Download from elbacom website

http://www.elbacom.com/embedded/products/wes/wes7/downloads

Wolfgang Unger



• Graphical User Interface for DISM

Download

Wolfgang Unger

http://www.elbacom.com/blog/2010/05/wes7-tool-deployment-image-servicing-and-management-tool-user-interface-dismui/

• Checks dependencies

• Checks conflicts

• Checks needed feature packages

• Displays dependencies

• Applies language packs automatically

• Adds missing drivers automatically

Wolfgang Unger

XPSP3TEST

Wolfgang Unger

• Device Manager like User Interface

• Scans for driver files

• Exports driver files for multiple devices

• Creates SLD file

– For XP Embedded, Windows Embedded Standard 2009

Wolfgang Unger

Wolfgang Unger

• Inject drivers to existing Windows images

automatically

• Automatically install drivers from a driver DVD

• Analyze INF file to find possible missing

components

Wolfgang Unger

Ctrl Alt

Del

Wolfgang Unger

• Blocks any key and key combination

– Alt+Ctrl+Del

– Win+E

– Ctrl+Shift+Esc

– Win+L

• Keyboardinput is filtered on kernel side

– No unwanted keyboard input possible

Ctrl Alt

Del

Wolfgang Unger

• Automated updates for development tools

Wolfgang Unger

• Checks image features again license requirements

Wolfgang Unger

Wolfgang Unger

• Analyze Feature Packages of – Windows Embedded Standard 7

– Windows Embedded POSReady 7

• Inspect – Files

– Registry Entries

– Dependencies

– SMI Settings

– Generic Commands

– Sub Packages

Wolfgang Unger

• Partner Coder for Life

• Tool to fully customize bootlogo

• Animated bootlogos

• Current ALTs do not allow customization

Wolfgang Unger

Wolfgang Unger

POSReady 7 POSReady 2009

Architecture x86 & x64 X86

Operating System Windows 7 Windows XP

Setup On Target On Target

Minimum Footprint 4,5 GB 550 MB

Feature Packages 77 ~20

Enhanced Write Filter Yes No

File Based Write Filer Yes Yes

Registry Filter Yes Yes

Keyboard Filter Driver Yes No

USB Boot Yes Yes

Dialog Filter Yes No

eShell Yes No

POS.NET Yes Yes Wolfgang Unger

• Microsoft no longer ships product keys for

POSReady 7 in license envelopes!

www.elbacom.com/getkey

Wolfgang Unger

http://www.elbacom.com/getkey

Wolfgang Unger

• Windows 7 Ultimate based – different licenses E, P and C

• Split into more than 150 feature packages

• Supports x86 and x64 architectures

• No Windows Activation needed

• Setup directly on the target device – Image Build Wizard (IBW)

• Unattended Setup – Image Configuration Editor (ICE)

Wolfgang Unger

• Available in WES7P and WES7C

• Branding allowed

• Usage

– Set-top Boxes

– MediaCenter devices

P or C license needed

Wolfgang Unger

Wolfgang Unger

• Standalone setup tool – No additional tools required

• Bootable DVD

• Contains binaries for – x86

– x64

• Installs directly on target device

• Installationtypes – Manual

– Unattended via ICE configurationfile

Wolfgang Unger

• Templates – Compatibility

– Minimum

– Thin Client

– etc.

• Plug&Play detection – Drivers can be included from external drives

• Unattended – Configuration from external drives

– Custom DVD

Wolfgang Unger

• Feature Pack selection

– More than 150 packages

• Dependencycheck

– Required

– Optional

• Extended configuration only with ICE

Wolfgang Unger

• Installation target

– Like Windows 7 installation

– Existing installations Windows.old

• Installation to VHD

– Via commandline

Wolfgang Unger

• Before disk selection – Shift+F10

– Refresh disks

– Select VHD Disk • Ignore warning

• Creates bootentries automatically

diskpart

create vdisk file=C:\WES7.vhd maximum=5120 type=fixed

select vdisk file=C:\WES7.vhd

attach vdisk

exit

exit

Wolfgang Unger

Wolfgang Unger

• Tool for development PC

– .NET Framework

– Creates answer files

• Answer file

– XML Datei

– x86 and x64

Wolfgang Unger

• Setup Phases

– 1 Windows PE

– 2 Offline Servicing

– 3 Generalize

– 4 Specialize

– 5 Audit System

– 6 Audit User

– 7 OOBE System

Wolfgang Unger

Boot Windows PE

Image Builder Wizard

Windows PE Phase

Partitioning Format Imagebuild preperation BCDEdit

Offline Servicing Phase

Image building & Setup

Reboot

First Boot

Specialize Phase

Language Settings Timezone Computername IE Configuration Domainjoin Scriptexecution

Possible Reboot

OOBE

OOBE Phase

Displaysettings Create users Logonscripts Internet Explorer Proxy

First logon

Online Tweaking

Sysprep Generalize

Generalize Phase

Process answerfile

Shutdown

ImageX Imagecreation

Wolfgang Unger

• Suppress EULA

• Disk selection

• Language selection

• OOBE

– Product Key

– Timezone

– Network location

– Automatic Updates

Wolfgang Unger

• Feature Pack configuration

– Correct phase

– Validation (F5)

– Additional help below property window

Wolfgang Unger

• Works with

– MSI

– EXE

– DLL

– ZIP

• Adds needed Feature Packages

automatically

• Can copy the source file to the

$OEM$ directory

Wolfgang Unger

• No custom packages possible

• Additional Files / Applications via $OEM$

directory

• Will be copied to system during installation

Wolfgang Unger

• $OEM$ – Basedirectory

• $OEM$\$$ – Windowsdirectory

• $OEM$\$$\System32 – System32 directory

• $OEM$\$1 – Boot Partition (Root)

• $OEM$\$Docs – Userdirectory

• $OEM$\$Progs – Program files

• $OEM$\drive_letter\subfolder – Other drives and folders

Wolfgang Unger

• Build IBW setup disks with

– Whole Distribution Share

– Only Packages in configuration

• Bootable from

– DVD

– USB

• Windows XP not supported

Wolfgang Unger

Wolfgang Unger

• Installation and configuration

• Creating master image

– Generalize

– System must be offline!

• Preparing target disk

• Deploying image to target disk

Wolfgang Unger

• Windows Pre-Installation Environment

• Bootable – DVD

– USB

– Network

• Windows Automated Installation Kit (WAIK) – Windows® Automated Installation Kit (AIK) für Windows® 7

Download

Wolfgang Unger

http://www.microsoft.com/downloads/details.aspx?FamilyID=696dd665-9f76-4177-a811-39c26d3b3b34

• Customizing the Windows PE image

– Add ImageX

– Create diskpart script

– Create a deployment batchfile

– Configure autorun for batchfile

• Create bootable USB key

Wolfgang Unger

Boots WinPE

loads boot.wim into RAM

Windows PE Deployment

Finds Deploy.WIM

Deploys Deploy.WIM

Wolfgang Unger

• Create Windows PE for x86 / x64 architecture

copype x86 c:\pe

DISM /mount-wim /wimfile:winpe.wim /index:1 /mountdir:mount

Wolfgang Unger

• Copy ImageX tool from WAIK installation folder

\Tools\<Architektur>\

to C:\pe\mount

• Create deployment batch file

Wolfgang Unger

@echo off

REM #########################################

REM # Deployment Batch #

REM # (c) Elbacom created by Wolfgang Unger #

REM #########################################

Set d = ""

for %%d in (c d e f g h i j k l m n o p q r s t u v w x

y z) do if exist "%%d:\deploy.wim" set d=%%d

if "%d%"=="" goto NotFound

: Found

echo Found on drive %d%

echo Creating Diskpart Script

echo SELECT DISK 0 > diskpart.txt

echo CLEAN >> diskpart.txt

echo CREATE PARTITION PRIMARY >> diskpart.txt

echo ACTIVE >> diskpart.txt

echo ASSIGN LETTER=H >> diskpart.txt

echo FORMAT FS=NTFS QUICK >> diskpart.txt

echo exit >> diskpart.txt

echo Executing Diskpart

diskpart /s diskpart.txt

echo Starting Image Deployment

%SYSTEMDRIVE%\imagex /apply "%d%:\deploy.wim" 1 H:\

echo Deployment finished.

goto End

: NotFound

echo Deploy.wim not found. Deployment failed.

: End

echo Please remove your deployment device and press any

key to reboot.

pause

Wolfgang Unger

• Defines which application will be loaded as shell

• #2 option

– customize startnet.cmd

[LaunchApp] AppPath = %SYSTEMDRIVE%\deploy.bat

Wolfgang Unger

• Unmount WIM

• Move and rename winpe.wim to ISO\sources\boot.wim

• Copy content of ISO folder to USB key

DISM /unmount-wim /mountdir:mount /commit

Wolfgang Unger

• OSCDIMAGE

oscdimg.exe –betfsboot.com –u2 –h -m ISO winpe.iso

Wolfgang Unger

• Due to licensing restrictions ImageX is no longer

allowed to be shipped to the endcustomer on

Recovery Disks!

• Example Code for ImageX alternative on ECE

• Sembatec offers cheap replacement tool with

same parameter structure

Wolfgang Unger

Wolfgang Unger

• Easy Capturing & Deployment – Create and store images over network

– Images are available on a central store

– Images are deployed via network

– Possibility to deploy images to many devices at once

• Hardware independent – Driver can be stored on server

• Space efficient image store

• Automation

Wolfgang Unger

• Server role of Windows Server 2008 R2

• Requirements

– Active Directory

– DHCP Server

– NIC with PXE Boot on clients

Wolfgang Unger

• Windows Deployment Services MMC

– Install Images

– Boot Images

– Pending Devices

– Multicast Transmissions

– Drivers

Wolfgang Unger

• Creating Deploy-Images

• Right click„Boot-Images“ – Add Boot Image

– Select a Sources\boot.wim from a Windows 7 DVD

– Name e.g. „Deployment Image x86“

– Finalize wizard

• Refresh – Select server

– F5

Wolfgang Unger

• Create Capture-Images

• Open Boot Images

• Select Deployment image

• Right click Deployment image

• Choose „Create Capture Image…“

– Name e.g. „Capture Image x86“

– Finalize Wizard

Wolfgang Unger

Reference device

Capture PE Deploy PE

Masterimage

Install Generalize

PXE Boot Capture PE

Create & Transfer Image to WDS

Bo

ot Im

ages In

stall Images

WDS Server

Wolfgang Unger

Target Device


Masterimage

PXE Boot Deploy PE

Deploy Image to Target Device

Bo

ot Im

ages In

stall Images

WDS Server

Wolfgang Unger

Target Device


Masterimage

PXE Boot Deploy PE

Deploy Image to Target Device

Bo

ot Im

ages In

stall Images

WDS Server Target Device

Target Device

Warte

Warte

Warte

Transfering

Wolfgang Unger

Wolfgang Unger

• Script to create a Boot Image containing Image

Build Wizard

• Possibility to install Windows Embedded

Standard 7 via PXE

Wolfgang Unger

Wolfgang Unger

Retrieve Hardware Information

Development Machine Target Device

Build Image

Deploy Image

Target Designer

Wolfgang Unger

Target Device

Build Image

OPK

Development Machine

Create and Deploy Answerfile

Optional

Answer XML File

Wolfgang Unger

Development Machine

Target Device

Build Image


IBW

Optional

Image Configuration Editor

Wolfgang Unger

Target Device

Build Image

OPK

Development Machine


Optional

Setup Image Manager

Wolfgang Unger

Elbacom

http://www.elbacom.com

Product Information

http://www.posready.cz

Elbacom Techblog

http://www.elbacom.com/blog/

Windows Embedded Blog

http://wunger.wordpress.com

Microsoft

http://www.windowsembedded.com

Wolfgang Unger

http://www.elbacom.com/

http://www.posready.cz/

http://www.posready.cz/

http://www.elbacom.com/blog/

http://wunger.wordpress.com/

http://www.windowsembedded.com/

http://www.windowsembedded.com/

Your Embedded Distributor

Wolfgang Unger - MVP

Wolfgang Unger

Your Embedded Distributor - Microsoft

Documents

Transcript of Your Embedded Distributor - Microsoft