Windows Embedded Home
Windows Embedded 8 Family
Windows Embedded 7 Family
Other Windows Embedded Products
A common requirement for Windows Embedded Standard 7 devices is controlling what applications can run on the system. If the device only runs your own custom application, such as a kiosk or set-top box, then you might want to ensure that no other applications could be run to break out of the experience. If the device runs a more open shell, such as thin clients, you may want to restrict the set of applications that are allowed to run.
Since Windows Embedded Standard 7 is based on Windows 7, we can leverage a new technology that has been introduced: AppLocker. AppLocker builds and improves on Software Restriction Policies (SRPs) to allow for easy and flexible application lockdown. You can find a thorough summary of AppLocker at its Executive Overview and other articles around the web, but I will offer some highlights and an example. Some of its features are:
Comments Product Updates
*Updated formatting - 4/13/10*
This is the second blog in a series of articles which discusses the troubleshooting and diagnosis of driver installation issues in Windows Embedded Standard 7 (Standard 7). Previously we presented the different phases of setup and a brief introduction to SetupAPI logging and the SetupAPI.dev.log file. We will now start off with the format of the SetupAPI.dev.log file.
* Updated 4/5/10 with clearer instructions for step 1*
In my last blog, I gave an overview of how AppLocker can help you lock down what applications can run on your Windows Embedded Standard 7 device. To demonstrate how AppLocker works, I’ll walk through an example of how to create a rule to block Internet Explorer from running. Here’s how, step by step:
1. AppLocker can be configured through wizards in the Local Group Policy Editor, which you can start by running “gpedit.msc”. AppLocker is located under “Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies” in that window. Navigate to the Executable Rules option in the navigation on the left. In the Action menu, click Create New Rule.
Mass deployment is the process of creating a master Windows Embedded Standard 7 runtime image on a reference system and then deploying this image to multiple target systems. The deployment process typically uses specific tools such as System Preparation tool (sysprep.exe) and Imagex.exe as well as Windows PE Environment to perform the following tasks:
- Generalize the master system by removing machine specific information
- Capture the system into a Windows image (wim) file
As has been announced previously on this blog, the Release Candidate (RC) build of Windows Embedded Standard 7 is now available. You can download this RC from Microsoft Connect (https://connect.microsoft.com/windowsembedded). I would encourage you to download the RC build, create and deploy some OS images, and let us know what you think.
For both the products that I am currently working on and the products I am excited to begin using, the different builds mean different things to me: