This release contains updates for the Microsoft .NET Framework 3.5 Service Pack 1. Microsoft .NET Framework 3.5 SP1 was included inbox with Windows Embedded POSReady 2009. These updates are for POSReady OEMs using .NET Framework 3.5 SP1 to update their POSReady systems.
Note: The updates should be installed in numerical order. Restarts may be required.
----------------------------------------------------
CD CONTENTS:
----------------------------------------------------
Supplement_Notice_POSReady_2009.txt - (Supplemental License Agreement)
Update_Information.txt - (Readme Document)
\Update_Packages - Directory containing:
NDP20SP2-KB958481-x86.exe - (KB 958481)
NDP30SP2-KB958483-x86.exe - (KB 958483)
NDP35SP1-KB958484-x86.exe - (KB 958484)
WindowsXP-KB961118-x86-ENU.exe - (KB 961118)
----------------------------------------------------
UPDATE DESCRIPTIONS
----------------------------------------------------
----------------------------------------------------
KB 958481, 958483, 958484 Application Compatibility Updates
----------------------------------------------------
MORE INFORMATION: These updates for .NET Framework 3.5 SP1 fix the issues that are described in these Microsoft Knowledge Base articles:
KB 958481 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 2.0 Service Pack 2
http://support.microsoft.com/kb/958481
KB 958483 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 3.0 Service Pack 2
http://support.microsoft.com/kb/958483
KB 958484 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 3.5 Service Pack 1
http://support.microsoft.com/kb/958484
These updates should be installed in the following sequence:
1. Install NDP20SP2-KB958481-x86.exe
2. Install NDP30SP2-KB958483-x86.exe
3. Install NDP35SP1-KB958484-x86.exe
----------------------------------------------------
KB 961118 – Inbox PCL Printer Driver update
----------------------------------------------------
MORE INFORMATION: This update for .NET Framework 3.5 SP1 fixes the issue described in this Microsoft Knowledge Base article:
KB 961118 - All the PCL inbox printer drivers become unsigned after you install the Microsoft .NET Framework 3.5 Service Pack 1
http://support.microsoft.com/kb/961118
-Gina
National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) have suspended merger talks.
Previously it was announced that the NRF and RILA had agreed, in principle, to merge; however, this week the NRF president has indicated that the boards of both groups have decided to end merger discussions. Since the merger announcement, it was unclear, what, if any, impact this would have on the various ARTS initiatives. During this time, Microsoft has continued to remain an active member of ARTS especially as this pertains to the Unified POS standard specifications. Microsoft’s POS for .NET remains the best choice for .NET applications that wish to interface with POS peripherals in accordance with the UnifiedPOS standard. In order to help .NET developers learn more about POS for .NET and the Unified POS standard, we have recently created a new forum under the .NET developer community. The forum is available here:
http://social.msdn.microsoft.com/Forums/en-US/posfordotnet/
- Sylvester
Microsoft is proud to announce the availability of the POS for .NET forum. This forum is intended to provide an opportunity for .NET developers to share their knowledge and experiences as they leverage the power of POS for .NET. In order to help foster greater awareness by the .NET developer community of the options for interfacing with POS peripheral devices, this forum has been created under the .NET Developer Forums. Developers and end-users who previously used the Microsoft.public.windows.embedded.pointofservice newsgroup are encouraged to check-out the new forum!
The forum may be accessed via a web browser at: http://social.msdn.microsoft.com/Forums/en-US/posfordotnet/
- Sylvester
Last week on our tour we discussed Companion Programs. This week, we will be covering…
…the installation of Multilingual User Interface (MUI) languages!
Adding MUIs to your POSready installation allows you localize the operating system to any of the 33 available languages (including English). These MUIs are functionally the same as those available for Windows XP SP3. However, though functionally the same, the base Windows XP MUIs cannot be run directly on POSReady, and vice versa.
To install MUIs on an installation of POSReady, simply access the MUI installation wizard from Companion Setup, select a set of languages, and click Install. The wizard will take over and, for each language, install the appropriate Windows XP MUI, the XP SP3 MUI Update, the Internet Explorer MUI, and the appropriate Windows Media Player MUI, if applicable. What could have been several separate installations has been boiled down to one – you can’t beat that!
In the screenshot above you may notice that, in this example, the Chinese MUIs are disabled. This is because their corresponding language collection (East Asian) has not yet been installed. Additional language collections can either be installed during the initial setup process when selecting input languages, or they can be installed afterward within the OS through the “Regional and Language Options” Control Panel applet.
Ryan
When you insert the POSReady 2009 media into your machine, autorun will launch the Companion Setup wizard. Companion Setup is a simple tool that can be used to perform some common tasks relevant to your POSReady Installation. Our next three blog posts will comprise a quick three-part tour of everything that Companion Setup has to offer.
(Note: In addition to the topics these blog entries will cover, Companion Setup also provides quick links to the POSReady documentation, available in nine different languages. I’m not giving the doc links that much focus because, well, they’re a little bit more self-explanatory.)
Companion Programs
The POSReady media includes installers for several applications that you may want to add to your POSReady image after the initial installation. The Companion Programs wizard provides easy access to these installers. Just select the set of applications you wish to add, click Install, and the wizard will take care of the rest!
Applications included through the Companion Programs wizard include:
- .NET Framework (installers for both 2.0 SP2 and 3.5 SP1)
- Microsoft Office 2007 Compatibility Pack
- Microsoft Office Viewers (Excel, PowerPoint, and Word)
- POS for .NET 1.12
- Silverlight 2.0
- SQL Express 2008
It is worth noting that .NET Framework 2.0 and POS for .NET 2.0 are both also available as Optional Components that can be added during your initial POSready installation.
The Companion Programs wizard is only accessible when running on a POSReady installation.
-Ryan
This is an issue that’s come up for some customers who deploy a kiosk with a standard keyboard facing the public. In these scenarios, a keyboard is used to enter in a search criteria or personal information. Occasionally, someone may come along and correctly guess that it’s Windows under the hood. This knowledge prompts attempts to access the underlying operating system, most often by using known key combinations that could allow break-in.
To better secure these types of kiosks, it’s best to start with security tools such as Microsoft’s SteadyState to help lock down the system and File Based Write Filter (FBWF) to prevent unwanted updates. However there’s one important detail not covered by those features- the world’s most famous 3 button combo, namely Ctrl + Alt + Del.
While nothing technically bad can happen as long as the options that appear are disabled, this looks unprofessional in a kiosk environment and really doesn’t provide a kiosk with any more security.
Below are instructions on how to disable this feature. Note that this will only work with XP and XP Embedded operating systems such as POSReady. Vista and the upcoming Windows 7 do not support this feature.
The steps are as follows:
- Switch Ctrl + Alt + Del to launch the Task Manager
- Disable the Task Manager
- Block the Task Manager from Running
Switch Ctrl + Alt + Del to Launch the Task Manager
This step is certainly not the most intuitive or obvious. By switching the NT-style logon screen to the more stylish XP themed logon, the system also transfers Ctrl + Alt + Delete to start the Task Manager instead. There is one catch: it won’t work on domain systems. If your kiosk must be on a domain, you’re not going to have much luck and will have to find a different route (the GINA might be able to help).
If you’re not on a domain, enable the Welcome Screen.
- From Start Menu, Control Panel, User Accounts, click Change the way users log on or off.
- A message box may appear that says that “Fast User Switching cannot be used because Offline Files is currently enabled”. If so, then
- Click OK, uncheck “Enable Offline Files” and press OK.
- Click “Change the way users log on or off again”.
- Check “Use the Welcome Screen” and click Apply Options.
- Close the User Accounts screen and close the Control Panel.
This will change the login screen to the fancier XP style but, luckily, automatic logon will still be possible. At this point, press Ctrl + Alt +Delete. The Task Manager should appear.
For more information on GINA: http://msdn.microsoft.com/en-us/magazine/cc163803.aspx
Disable the Task Manager
This step will prevent the Task Manager from running and appearing as an option when right-clicking on the Task Bar.
- Click Start, Run, RegEdit.
- Since this next step is per-user, you will need to browse to the HKEY_CURRENT_USER to change this setting. If you are changing it for another user, you will have to change their version of this key in HKEY_USERS.
- Assuming you are changing this for the current user, browse to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
- If a “System” key does not exist, create it.
- Within System, create a new REG_DWORD key called DisableTaskMgr, set it equal to 1.
Alternatively, we can achieve this using GPEdit.msc.
- Click Start, Run, GPEdit.msc.
- Under User configuration click Administrative Templates, System, Ctrl+Del+Options.
Double click on “Remove Task Manager” and Select enable option.
Block the Task Manager from Running
While the Ctrl + Alt + Del combo is effectively disabled, however a strange and unfortunate problem occurs:
While quite annoying, according the Spy++, it’s actually the Task Manager executable showing this message box. Knowing this, there are many ways to block this message, however only one Registry key is really all that’s required.
- In RegEdit, browse to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Create a key called TaskMgr.exe. From this key, create a REG_SZ item called “Debugger”, set the value to “blank” (or some nonsense value).
The File Execution Options key is often used to debug applications that crash on start up. Less common, it is also used to work around application compatibility issues. Unfortunately this option is system wide. Administrators are going to have to find another way to look at the running processes. One way might be to run a copy of Task Manager by a different name, such as AdminTaskMgr.exe.
These settings should take effect immediately, so try it out.
Undo
If you ever want to revert back to the old way, undo each of the 3 steps above. Order isn’t important, but all are required.
-Brendan
There can be confusion between securing a device and being PCI compliant. Often people may think that making the POS device as secure as possible will ensure it will be compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. More information on the PCI Data Security Standard can be found here: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
Unfortunately, locking down the operating systems is not enough to reach and retain PCI compliance, and, sometimes these actions may hinder compliance. According to the Payment Card Industry Data Security Standards (PCI-DSS), requirement 6.1 mandates that security updates must be applied to systems in the field within 30 days of the security update release. By not applying updates, known vulnerabilities are left exposed to threat. Also, PCI-DSS requirement 5 requires that anti-virus software is deployed and updated regularly. You may be able to get around these requirements if the systems do not process credit card data, but only a Qualified Security Assessor can make that call.
There are also requirements for user accounts, firewalls, handling of cardholder data, network topology, etc. that are involved in PCI assessment. There are hundreds of POS applications and each have different requirements and handle payment data differently. We provide general guidance through whitepapers such as "Securing the Retail Store" and "Microsoft's Payment Card Industry Data Security Standard Compliance Planning Guide", but only the PCI Data Security Standard has a detailed description of what is required to be compliant.
The PCI Security Standards Council has a Merchant & Service Providers Resource Center which contains references for Qualified Security Assessors (QSA'a) as well as information on Self-Assessment to assist you as you implement your PCI Compliance strategies.
-Terry
In a recent announcement the National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) have agreed to merge. The NRF encompasses the Association for Retail Technology Standards (ARTS) which provides industry standards used within the point of service and retail space. According to the executive director of ARTS, plans for 2009 are continuing to move forward and have not been impacted at this time.
Currently ARTS is working on a major revision to the Unified POS standard as well as other standards used by the industry. Microsoft is a member of ARTS and is currently active on the Unified POS technical committee. Last year, Microsoft released version 1.12 of Microsoft’s POS for .NET, which is the recognized .NET implementation of the Unified POS standard.
- Sylvester
Beginning the third week of April, Internet Explorer 8 (IE8) will be offered as a High-Priority update for Windows XP systems. Windows Embedded for Point of Service and Windows Embedded POSReady systems are identified as Windows XP by Automatic Update and Windows Update.
As a general rule, the product team makes plans to test and support new technologies (e.g. IE8) with the latest releases (e.g. POSReady 2009). We are currently prioritizing and scheduling application compatibility testing of IE8 with POSReady; this work is not yet complete. We do not have plans to test IE8 with Windows Embedded for Point of Service at this time.
IE8 will *not* install on Windows Embedded for Point of Service and POSReady automatically. HOWEVER, because it is presented as a High-Priority update, it is important that you *proactively* communicate with your end-users to not install the IE8 update on Windows Embedded for Point of Service or POSReady systems at this time.
Automatic Update/Windows Update gives the end-user three options: Ask later; Install now; or Don’t Install. We recommend end-users of POSReady to select “Don’t Install” until:
- The product team completes application compatibility testing of IE8 with POSReady, and
- You have completed your system compatibility testing.
If at a later date you recommend that your end-users install the IE8 update and you do not use other deployment mechanisms, they can install the update from http://www.microsoft.com/ie8.
Thank you,
Gina
Additional Information:
http://blogs.msdn.com/ie/archive/2009/04/10/prepare-for-automatic-update-distribution-of-ie8.aspx
Due to an issue with settings to minimize the footprint of WEPOS, a Security Update for GDI +, KB938464, is not getting installed. Please follow these instructions to install this important update. If you have already installed the SP3 update for WEPOS, you should use the files from the SP3QFE directory when instructed to move the QFE folder.
- Start a command prompt, this can be done by Clicking on Run from the Start menu, typing ‘cmd’ and pressing Enter.
- Extract the files from the package by changing directories to the directory where you have copied the update and typing the following at the command prompt:
WindowsXP-KB938464-x86-ENU.exe /x:<dir name>
The remainder of these steps can be done from within Windows Explorer or from the Command Prompt as shown by the examples.
- Move the SP2QFE\ASMS folder (or the SP3QFE\ASMS folder if you have installed the SP3 update for WEPOS) to the root of your extracted folder.
move <dir name>\SP2QFE\ASMS
- Execute the update.
<dir name>\update\update.exe
- You will be guided through installation wizard to install the package. After installation is complete, the system will reboot.
- You can now delete the temporary folder:
rmdir /s <dir name>
Example: (from a command prompt)
WindowsXP-KB938464-x86-ENU.exe /x:c:\temp\KB938464
cd /d c:\temp\KB938464
move SP2QFE\ASMS
cd update
update.exe
-Gina
If you have a WEPOS 1.x system and have turned on Automatic Updates or reviewed the Express Updates option on update.microsoft.com, you may have noticed that the only update you see offered is XP Pro SP3. In this article, we’ll give you some background on why this is happening, and what you can do to work around this.
One of the reasons the WEPOS operating system can be offered at a low price point is because servicing is under the umbrella of XP Pro servicing and there is little overhead, WEPOS simply consumes applicable updates because it is seen as an XP platform. Based on this, Windows Update sees WEPOS as XP Pro, it does not differentiate it as a separate operating system. So, if you do not have SP3 for WEPOS installed, Windows Update is going to tell you that you need to install the XP Pro SP3 update.
However, because the WEPOS platform is a reduced footprint OS, we could not simply consume the XP Pro SP3 update. It bloated the image significantly and added features, functionality and configurations not spec’d for WEPOS. So with the XP Pro SP3 update, we special-cased it to not install on WEPOS and instead provide a dialog message informing customers who do run the Pro SP3 Update that it is not compatible with WEPOS and a WEPOS specific update will be made available on the download center at a later date, and followed up with the Service Pack 3 for Window Embedded for point of Service and Windows Fundamentals for Legacy PCs update.
One of the outcomes of this approach, since WEPOS is seen as XP, is that all updates rolled into SP3 are no longer offered to your WEPOS system through Automatic or Express Updates because it assumes you will install the XP Pro SP3 update to get them all. Until you install the SP3 for WEPOS update, the workaround is to turn off Automatic Updates. Go to update.microsoft.com and select Custom. You will still see the XP SP3 update with a Download and Install Now link, but there is another link, Review Other Updates. Select the Review Other Updates link and you will see a list of applicable High-priority XP updates for your WEPOS system. You can select the updates you wish to install and proceed to Review and Install Updates to update your system.
Note: Prior to receiving the set of XP Updates, you may be prompted to install updates for Windows Update. Proceed with installing those updates and any required reboots, then return to update.microsoft.com, Custom, Review Other updates to update your WEPOS image.
Once you have installed the SP3 update for WEPOS, you can return to using Automatic updates successfully.
OEMs are ultimately responsible for supporting the WEPOS images they deploy. You should work with your OEM to determine your servicing model, and in particular to determine update compatibility with your WEPOS systems prior to installing updates, particularly Out of Band applications (e.g. Internet Explorer, Windows Media Player, etc.) and major OS updates such as SP3.
- Gina
At Microsoft, the Windows Embedded team is dedicated to bringing quality products to our customers at a competitive price point. Your success in this highly competitive marketplace is our passion! We listen and we act to ensure that our products meet your needs. As a result, more and more customers are turning to Microsoft to provide their POS system solutions. That is why, according to the latest study from IHL, shipments of Microsoft Windows based POS terminals increased from 71% to 76% in 2008!
These are uncertain economic times - So our team has focused on features and scenarios that would provide you with the greatest return on your investment. We are able to help you reduce your total cost of ownership by providing features and capabilities to help you navigate thru the requirements of the Payment Card Industry’s Data Security Standard (PCI DSS), providing improved customization, offering greater flexibility in how you configure your system, and by proving the latest security updates.
According to IHL, overall shipments of POS terminals have decreased by 4.2%, yet shipments of POS terminals based upon our Windows Embedded for Point of Service and Windows XP Embedded have increased during the same time period! This is because we offer a superior product, superior support, at a superior price! And with the launch of Windows Embedded POSReady 2009, the next generation of Windows Embedded for Point of Service, we hope to further meet the needs of our customers and retailers and help in their future success.
For more information about the IHL report, see
http://www.marketwatch.com/news/story/market-share-windows-based-pos-terminals/story.aspx?guid=%7B900BD514-39AE-46DD-B407-527BFFB4E35D%7D&dist=msr_8
- Sylvester
So, you may have noticed some changes to the blog's look today if you're viewing it from your computer. The team is thinking of rolling out more changes in the near future and we could definitely use your feedback. Feel free to leave us comments and let us know what sorts of things you hope to see. Looking forward to hearing from you.
-Christina
If you follow the Windows Embedded blog, you may have seen a similar posting about the Embedded Windows products. This is a shameless knock-off of that blog article re-purposed to cover the WEPOS and POSReady products…
What it is:
Microsoft Support Lifecycle policy is the Microsoft standard for product support availability throughout a product’s life. Quoting the Lifecycle policy page: “By understanding the product support available, customers are better able to maximize the management of their IT investments and strategically plan for a successful IT future.” This is true for OEMs supporting POS devices as well.
Blog-worthy Embedded Windows Dates:
The recent releases of Windows Embedded POSReady 2009 as the follow-on product to Windows Embedded for Point of Service, and Service Pack 3 for Windows Embedded for Point of Service, have initiated some support lifecycle updates that I thought would be of interest, and might become more meaningful with additional explanation.
- 10/12/2010 WESPOS releases (1.0, 1.1, 1.1 Update) if not updated with Service Pack 3 Retire, they no longer receive Security updates/Hotfix-DCR updates/support
- 4/12/2011 WEPOS (at supported Service Pack Level) exits Mainstream, enters Extended support phase
- 4/12/2016 WEPOS Product Lifecycle ends
- 4/8/2014 Windows Embedded POSReady 2009 Product exits Mainstream, enters Extended support phase
- 4/9/2019 Windows Embedded POSReady 2009 Product Lifecycle ends
You can review the Phases of the Support Lifecycle at the
Lifecycle policy page.
Detailed (read: Lengthy) explanation:
The following tables are based on the information found in each product’s Support Lifecycle listing.
In a nutshell Microsoft’s OS product Lifecycle policy is ten years; five years Mainstream support and five years Extended support. A variant to this equation is based on the follow-on product release timing. A product will have five years Mainstream support, or two years Mainstream support following the follow-on product’s General Availability Date, whichever period is longer.
For example, with the release of Windows Embedded POSReady 2009 as the follow-on product to Windows Embedded for Point of Service, the two year period of remaining Mainstream support for Windows Embedded for Point of Service commenced. When the Windows Embedded for Point of Service Mainstream support phase ends, the product will begin five years of Extended support. Review the Phases of the Support Lifecycle at the Lifecycle policy page.
A Service Pack is retired two years after the subsequent Service Pack is released, or it retires at the end of the product’s Support Lifecycle, whichever comes first. A non-retired Service Pack will be supported at the product’s current Lifecycle Phase, Mainstream or Extended, regardless of the age of that Service Pack. Learn more about Service Pack Support policy.
Date Calculations:
- General Availability dates are loosely calculated to be when a new product is available to customers in the channel after the RTM date (about 90 days later), or they reflect the RTM date for Service Pack releases.
- Retirement dates are generally calculated as the first Patch Tuesday (2nd Tuesday of each month) of the quarter which follows the actual calculated date.
For example, <deep breath> Windows Embedded POSReady 2009’s General Availability Date is 3/10/2009. That date begins the two year countdown until Windows Embedded for Point of Service exits Mainstream Support and enters Extended Support. So, 3/10/2009 plus two years takes us to 3/10/2011. The following quarter begins April, 2011, and Patch Tuesday is the second Tuesday in April. This brings us to the Windows Embedded for Point of Service Mainstream Support Retirement date of 4/12/2011. <exhale> If I lost you, please read it a few more times. :) I’ve gone over it a dozen or so times <again> to make sure it is accurate and it makes more sense to me every time.
Okay, I’m going to wrap up – the complex logic has made my eyes cross just a bit, and it’s getting hard to focus on the computer screen. I hope this has provided some useful data, given you a clue as to how the data is determined, and that the scarce amount of levity has made it a bit more palatable.
-Gina
Oh! A couple of few afterthoughts:
- This blog doesn’t consider Custom Support options available when a Service Pack is retired or a Product Lifecycle Phase ends. If you are interested in those options, please consult with your Microsoft Technical Account Manager, Account Representative, or contact a Sales Rep for more information.
- The blog also doesn’t address Product Distribution End Dates, a topic about which I know very little (oops, I think the eyes may be twitching a bit now…). Your Microsoft Technical Account Manager or Account Representative is a good resource for this information as well, and you might also find useful information at this Embedded Windows website.
- Lastly… Sincere apologies for the length of this post – unfortunately, I couldn’t trim it without de-demystifying the issue.
Microsoft will demonstrate how you can create an optimum checkout experience by mixing and matching devices for convenience and speed using UnifiedPOS based POS for .Net at the ARTS Pavilion at NRF. Come join us at the ARTS Pavilion booth where you can see demonstrations of POS for .NET with the latest devices and device capabilities. We will show how to use POS for .NET to interface with devices such as Biometric reader, secure MSR, RFID. In addition, the demonstration will be performed on POSReady 2009, the newest operating system supported by POS for .NET. Stop by the booth to meet with developers and to learn more about POS for .NET.
- Sylvester
