If you didn’t already know, Windows Embedded POSReady is the successor of Windows Embedded for Point of Service. Windows Embedded POSReady boasts a long list of new and/or improved features over Windows Embedded for Point of Service – just check out the 38 features listed on http://www.posready.com/.
Some of the changes we made are obvious, others are less obvious. For this post, I’m going to go over the changes we made that you’ll notice when stepping through the Setup wizard screens.
Installation Method
In Windows Embedded for Point of Service, the only way you could run Setup using an answer file was through the command line. Catching the “Press any key…” prompt can be a slight annoyance if you’re not the type to wait patiently in front of the screen. In Windows Embedded POSReady, you have the option to pass in the answer file on the second screen.
By selecting the Unattended Setup option as shown in the screenshot below, you are prompted to browse to the location of your answer file. The Setup wizard then proceeds automatically by using the values specified in your file.
Storage Drivers
Originally available only to OEMs as a supplement, the ability to add third-party mass storage drivers is now built into the Setup wizard. While you still need to supply the drivers immediately after booting from CD or DVD by pressing F6, you now don’t need to have the drivers on the CD or DVD itself in order to complete the wizard.
After selecting the Install Third-Party Storage Drivers option, as in the screenshot below, removable media locations, such as USB drives, are automatically searched for possible drivers.
Note that if you’re running Setup from a USB flash disk, you won’t need to supply the drivers immediately after booting.
See
Recipe for Mass Storage Device Support to learn more about the various driver injection options available for Windows Embedded for Point of Service 1.1 Update.
Language Settings and Regional Settings
These two wizard screens were originally combined into one screen in Windows Embedded for Point of Service. In Windows Embedded POSReady, we simplified the user interface and vastly improved the code for localizing the OS. The workaround steps previously described in this blog series no longer applies for POSReady. As well, we have also resolved the issues that were outlined in the series.
You’ll notice on the Language Settings screen that we now use language collections for localization of the UI. Use of these language collections allow for support of multiple languages at a time instead of installing support for individual languages one at a time. Another benefit to using the language collections is that they can also be uninstalled after Setup has completed, similarly to the behaviour of optional components which is described next.
More information about language collections can be found here (Locale IDs, Input Locales, and Language Collections for Windows XP and Windows Server 2003) and here (Language Collection and Fonts in Windows XP).
Installation Type
For those of you who need a vanilla POSReady image, this new screen can help to abstract the nitty-gritty details behind individual optional components and virtual memory values. Selecting Typical or Minimum is all you’ll need to do before continuing on to the next wizard screen of entering your computer name and admin password.
For the rest of you who need the option to select individual optional components and tweak the virtual memory, selecting the Custom option will bring you to the Optional Components and Virtual Memory screens that are described next.
If you really can’t decide what option to select on the Installation Type screen, keep in mind that you can always add on or remove optional components after Setup is complete, so there’s some leeway for you to make changes later.
Optional Components and Virtual Memory
If you select the custom option from the Installation Type screen, you will be taken to the Optional Components and Virtual Memory screens.
The Optional Components screen is somewhat reminiscent of that of Windows Embedded for Point of Service, but you’ll easily notice some key differences. One is that there are more options available and the options are more granular. This level of granularity can help you reduce the disk space needed for the image and reduce the time needed to install the image, among other benefits. Another difference is that the language packs have now been removed since selection of the language collections are already taken care of on the Language Settings screen.
The Virtual Memory screen was previously not offered in the Windows Embedded for Point of Service. Automatic calculation was used if you installed Windows Embedded for Point of Service through the Setup wizard and changes to virtual memory could only be done through use of the answer file when needed. With the addition of the USB Boot feature in POSReady and retail hardware catching up on the latest processing speeds nowadays, we found that direct manipulation of the paging file size in the wizard proved to be an added benefit and, sometimes, necessary.
I hope you liked this walk through of the POSReady Setup wizard. If you’re interested in trying it out yourself, you are welcome to order a trial copy and register for a Product Key from http://www.posready.com/ (see links on the far right).
Stay tuned for future posts that go into more detail behind some of the new features of POSReady!
-Christina
This release contains updates for the Microsoft .NET Framework 3.5 Service Pack 1. Microsoft .NET Framework 3.5 SP1 was included inbox with Windows Embedded POSReady 2009. These updates are for POSReady OEMs using .NET Framework 3.5 SP1 to update their POSReady systems.
Note: The updates should be installed in numerical order. Restarts may be required.
----------------------------------------------------
CD CONTENTS:
----------------------------------------------------
Supplement_Notice_POSReady_2009.txt - (Supplemental License Agreement)
Update_Information.txt - (Readme Document)
\Update_Packages - Directory containing:
NDP20SP2-KB958481-x86.exe - (KB 958481)
NDP30SP2-KB958483-x86.exe - (KB 958483)
NDP35SP1-KB958484-x86.exe - (KB 958484)
WindowsXP-KB961118-x86-ENU.exe - (KB 961118)
----------------------------------------------------
UPDATE DESCRIPTIONS
----------------------------------------------------
----------------------------------------------------
KB 958481, 958483, 958484 Application Compatibility Updates
----------------------------------------------------
MORE INFORMATION: These updates for .NET Framework 3.5 SP1 fix the issues that are described in these Microsoft Knowledge Base articles:
KB 958481 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 2.0 Service Pack 2
http://support.microsoft.com/kb/958481
KB 958483 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 3.0 Service Pack 2
http://support.microsoft.com/kb/958483
KB 958484 - List of the issues that are addressed by the Application Compatibility Update for the .NET Framework 3.5 Service Pack 1
http://support.microsoft.com/kb/958484
These updates should be installed in the following sequence:
1. Install NDP20SP2-KB958481-x86.exe
2. Install NDP30SP2-KB958483-x86.exe
3. Install NDP35SP1-KB958484-x86.exe
----------------------------------------------------
KB 961118 – Inbox PCL Printer Driver update
----------------------------------------------------
MORE INFORMATION: This update for .NET Framework 3.5 SP1 fixes the issue described in this Microsoft Knowledge Base article:
KB 961118 - All the PCL inbox printer drivers become unsigned after you install the Microsoft .NET Framework 3.5 Service Pack 1
http://support.microsoft.com/kb/961118
-Gina
On part two of our tour last week, we discussed MUI languages. We will conclude the tour this week with a look at one more wizard provided by Companion Setup.
POSReady allows for installation from a bootable USB Flash Drive. The Create USB Flash Drive Install wizard allows you to configure a USB drive as POSReady installation media. Unlike the previous two wizards I explained, which could only be accessed from within a POSReady installation, this wizard can be run on any Windows system.
This wizard will detect all USB drives connected to the system that are of an appropriate size to store the POSReady installation. When you select the drive you wish use from the dropdown menu and click Install, the wizard will format the drive, prepare it as bootable device, and then copy over the necessary files.
When the process completes, your USB drive will be fully functional POSReady installation media. This also means that it includes its own Companion Setup. During the initial preparation of the USB drive, you could have also selected various Companion Programs and MUI Languages to copy over as well such that they would be available when launching Companion Setup from the USB. And of course, you can use the Companion Setup on your newly generated POSReady USB media to generate even more POSReady USB media!
And that concludes our tour! I hope you enjoyed the trip and learned a few things along the way. Be sure to watch your head when disembarking the bus and don’t forget to tip your driver!
Ryan
National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) have suspended merger talks.
Previously it was announced that the NRF and RILA had agreed, in principle, to merge; however, this week the NRF president has indicated that the boards of both groups have decided to end merger discussions. Since the merger announcement, it was unclear, what, if any, impact this would have on the various ARTS initiatives. During this time, Microsoft has continued to remain an active member of ARTS especially as this pertains to the Unified POS standard specifications. Microsoft’s POS for .NET remains the best choice for .NET applications that wish to interface with POS peripherals in accordance with the UnifiedPOS standard. In order to help .NET developers learn more about POS for .NET and the Unified POS standard, we have recently created a new forum under the .NET developer community. The forum is available here:
http://social.msdn.microsoft.com/Forums/en-US/posfordotnet/
- Sylvester
Microsoft is proud to announce the availability of the POS for .NET forum. This forum is intended to provide an opportunity for .NET developers to share their knowledge and experiences as they leverage the power of POS for .NET. In order to help foster greater awareness by the .NET developer community of the options for interfacing with POS peripheral devices, this forum has been created under the .NET Developer Forums. Developers and end-users who previously used the Microsoft.public.windows.embedded.pointofservice newsgroup are encouraged to check-out the new forum!
The forum may be accessed via a web browser at: http://social.msdn.microsoft.com/Forums/en-US/posfordotnet/
- Sylvester
Last week on our tour we discussed Companion Programs. This week, we will be covering…
…the installation of Multilingual User Interface (MUI) languages!
Adding MUIs to your POSready installation allows you localize the operating system to any of the 33 available languages (including English). These MUIs are functionally the same as those available for Windows XP SP3. However, though functionally the same, the base Windows XP MUIs cannot be run directly on POSReady, and vice versa.
To install MUIs on an installation of POSReady, simply access the MUI installation wizard from Companion Setup, select a set of languages, and click Install. The wizard will take over and, for each language, install the appropriate Windows XP MUI, the XP SP3 MUI Update, the Internet Explorer MUI, and the appropriate Windows Media Player MUI, if applicable. What could have been several separate installations has been boiled down to one – you can’t beat that!
In the screenshot above you may notice that, in this example, the Chinese MUIs are disabled. This is because their corresponding language collection (East Asian) has not yet been installed. Additional language collections can either be installed during the initial setup process when selecting input languages, or they can be installed afterward within the OS through the “Regional and Language Options” Control Panel applet.
Ryan
When you insert the POSReady 2009 media into your machine, autorun will launch the Companion Setup wizard. Companion Setup is a simple tool that can be used to perform some common tasks relevant to your POSReady Installation. Our next three blog posts will comprise a quick three-part tour of everything that Companion Setup has to offer.
(Note: In addition to the topics these blog entries will cover, Companion Setup also provides quick links to the POSReady documentation, available in nine different languages. I’m not giving the doc links that much focus because, well, they’re a little bit more self-explanatory.)
Companion Programs
The POSReady media includes installers for several applications that you may want to add to your POSReady image after the initial installation. The Companion Programs wizard provides easy access to these installers. Just select the set of applications you wish to add, click Install, and the wizard will take care of the rest!
Applications included through the Companion Programs wizard include:
- .NET Framework (installers for both 2.0 SP2 and 3.5 SP1)
- Microsoft Office 2007 Compatibility Pack
- Microsoft Office Viewers (Excel, PowerPoint, and Word)
- POS for .NET 1.12
- Silverlight 2.0
- SQL Express 2008
It is worth noting that .NET Framework 2.0 and POS for .NET 2.0 are both also available as Optional Components that can be added during your initial POSready installation.
The Companion Programs wizard is only accessible when running on a POSReady installation.
-Ryan
This is an issue that’s come up for some customers who deploy a kiosk with a standard keyboard facing the public. In these scenarios, a keyboard is used to enter in a search criteria or personal information. Occasionally, someone may come along and correctly guess that it’s Windows under the hood. This knowledge prompts attempts to access the underlying operating system, most often by using known key combinations that could allow break-in.
To better secure these types of kiosks, it’s best to start with security tools such as Microsoft’s SteadyState to help lock down the system and File Based Write Filter (FBWF) to prevent unwanted updates. However there’s one important detail not covered by those features- the world’s most famous 3 button combo, namely Ctrl + Alt + Del.
While nothing technically bad can happen as long as the options that appear are disabled, this looks unprofessional in a kiosk environment and really doesn’t provide a kiosk with any more security.
Below are instructions on how to disable this feature. Note that this will only work with XP and XP Embedded operating systems such as POSReady. Vista and the upcoming Windows 7 do not support this feature.
The steps are as follows:
- Switch Ctrl + Alt + Del to launch the Task Manager
- Disable the Task Manager
- Block the Task Manager from Running
Switch Ctrl + Alt + Del to Launch the Task Manager
This step is certainly not the most intuitive or obvious. By switching the NT-style logon screen to the more stylish XP themed logon, the system also transfers Ctrl + Alt + Delete to start the Task Manager instead. There is one catch: it won’t work on domain systems. If your kiosk must be on a domain, you’re not going to have much luck and will have to find a different route (the GINA might be able to help).
If you’re not on a domain, enable the Welcome Screen.
- From Start Menu, Control Panel, User Accounts, click Change the way users log on or off.
- A message box may appear that says that “Fast User Switching cannot be used because Offline Files is currently enabled”. If so, then
- Click OK, uncheck “Enable Offline Files” and press OK.
- Click “Change the way users log on or off again”.
- Check “Use the Welcome Screen” and click Apply Options.
- Close the User Accounts screen and close the Control Panel.
This will change the login screen to the fancier XP style but, luckily, automatic logon will still be possible. At this point, press Ctrl + Alt +Delete. The Task Manager should appear.
For more information on GINA: http://msdn.microsoft.com/en-us/magazine/cc163803.aspx
Disable the Task Manager
This step will prevent the Task Manager from running and appearing as an option when right-clicking on the Task Bar.
- Click Start, Run, RegEdit.
- Since this next step is per-user, you will need to browse to the HKEY_CURRENT_USER to change this setting. If you are changing it for another user, you will have to change their version of this key in HKEY_USERS.
- Assuming you are changing this for the current user, browse to
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
- If a “System” key does not exist, create it.
- Within System, create a new REG_DWORD key called DisableTaskMgr, set it equal to 1.
Alternatively, we can achieve this using GPEdit.msc.
- Click Start, Run, GPEdit.msc.
- Under User configuration click Administrative Templates, System, Ctrl+Del+Options.
Double click on “Remove Task Manager” and Select enable option.
Block the Task Manager from Running
While the Ctrl + Alt + Del combo is effectively disabled, however a strange and unfortunate problem occurs:
While quite annoying, according the Spy++, it’s actually the Task Manager executable showing this message box. Knowing this, there are many ways to block this message, however only one Registry key is really all that’s required.
- In RegEdit, browse to
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
- Create a key called TaskMgr.exe. From this key, create a REG_SZ item called “Debugger”, set the value to “blank” (or some nonsense value).
The File Execution Options key is often used to debug applications that crash on start up. Less common, it is also used to work around application compatibility issues. Unfortunately this option is system wide. Administrators are going to have to find another way to look at the running processes. One way might be to run a copy of Task Manager by a different name, such as AdminTaskMgr.exe.
These settings should take effect immediately, so try it out.
Undo
If you ever want to revert back to the old way, undo each of the 3 steps above. Order isn’t important, but all are required.
-Brendan
There can be confusion between securing a device and being PCI compliant. Often people may think that making the POS device as secure as possible will ensure it will be compliant.
The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store or transmit credit card information maintain a secure environment. More information on the PCI Data Security Standard can be found here: https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
Unfortunately, locking down the operating systems is not enough to reach and retain PCI compliance, and, sometimes these actions may hinder compliance. According to the Payment Card Industry Data Security Standards (PCI-DSS), requirement 6.1 mandates that security updates must be applied to systems in the field within 30 days of the security update release. By not applying updates, known vulnerabilities are left exposed to threat. Also, PCI-DSS requirement 5 requires that anti-virus software is deployed and updated regularly. You may be able to get around these requirements if the systems do not process credit card data, but only a Qualified Security Assessor can make that call.
There are also requirements for user accounts, firewalls, handling of cardholder data, network topology, etc. that are involved in PCI assessment. There are hundreds of POS applications and each have different requirements and handle payment data differently. We provide general guidance through whitepapers such as "Securing the Retail Store" and "Microsoft's Payment Card Industry Data Security Standard Compliance Planning Guide", but only the PCI Data Security Standard has a detailed description of what is required to be compliant.
The PCI Security Standards Council has a Merchant & Service Providers Resource Center which contains references for Qualified Security Assessors (QSA'a) as well as information on Self-Assessment to assist you as you implement your PCI Compliance strategies.
-Terry
In a recent announcement the National Retail Federation (NRF) and the Retail Industry Leaders Association (RILA) have agreed to merge. The NRF encompasses the Association for Retail Technology Standards (ARTS) which provides industry standards used within the point of service and retail space. According to the executive director of ARTS, plans for 2009 are continuing to move forward and have not been impacted at this time.
Currently ARTS is working on a major revision to the Unified POS standard as well as other standards used by the industry. Microsoft is a member of ARTS and is currently active on the Unified POS technical committee. Last year, Microsoft released version 1.12 of Microsoft’s POS for .NET, which is the recognized .NET implementation of the Unified POS standard.
- Sylvester
Beginning the third week of April, Internet Explorer 8 (IE8) will be offered as a High-Priority update for Windows XP systems. Windows Embedded for Point of Service and Windows Embedded POSReady systems are identified as Windows XP by Automatic Update and Windows Update.
As a general rule, the product team makes plans to test and support new technologies (e.g. IE8) with the latest releases (e.g. POSReady 2009). We are currently prioritizing and scheduling application compatibility testing of IE8 with POSReady; this work is not yet complete. We do not have plans to test IE8 with Windows Embedded for Point of Service at this time.
IE8 will *not* install on Windows Embedded for Point of Service and POSReady automatically. HOWEVER, because it is presented as a High-Priority update, it is important that you *proactively* communicate with your end-users to not install the IE8 update on Windows Embedded for Point of Service or POSReady systems at this time.
Automatic Update/Windows Update gives the end-user three options: Ask later; Install now; or Don’t Install. We recommend end-users of POSReady to select “Don’t Install” until:
- The product team completes application compatibility testing of IE8 with POSReady, and
- You have completed your system compatibility testing.
If at a later date you recommend that your end-users install the IE8 update and you do not use other deployment mechanisms, they can install the update from http://www.microsoft.com/ie8.
Thank you,
Gina
Additional Information:
http://blogs.msdn.com/ie/archive/2009/04/10/prepare-for-automatic-update-distribution-of-ie8.aspx
Due to an issue with settings to minimize the footprint of WEPOS, a Security Update for GDI +, KB938464, is not getting installed. Please follow these instructions to install this important update. If you have already installed the SP3 update for WEPOS, you should use the files from the SP3QFE directory when instructed to move the QFE folder.
- Start a command prompt, this can be done by Clicking on Run from the Start menu, typing ‘cmd’ and pressing Enter.
- Extract the files from the package by changing directories to the directory where you have copied the update and typing the following at the command prompt:
WindowsXP-KB938464-x86-ENU.exe /x:<dir name>
The remainder of these steps can be done from within Windows Explorer or from the Command Prompt as shown by the examples.
- Move the SP2QFE\ASMS folder (or the SP3QFE\ASMS folder if you have installed the SP3 update for WEPOS) to the root of your extracted folder.
move <dir name>\SP2QFE\ASMS
- Execute the update.
<dir name>\update\update.exe
- You will be guided through installation wizard to install the package. After installation is complete, the system will reboot.
- You can now delete the temporary folder:
rmdir /s <dir name>
Example: (from a command prompt)
WindowsXP-KB938464-x86-ENU.exe /x:c:\temp\KB938464
cd /d c:\temp\KB938464
move SP2QFE\ASMS
cd update
update.exe
-Gina
If you have a WEPOS 1.x system and have turned on Automatic Updates or reviewed the Express Updates option on update.microsoft.com, you may have noticed that the only update you see offered is XP Pro SP3. In this article, we’ll give you some background on why this is happening, and what you can do to work around this.
One of the reasons the WEPOS operating system can be offered at a low price point is because servicing is under the umbrella of XP Pro servicing and there is little overhead, WEPOS simply consumes applicable updates because it is seen as an XP platform. Based on this, Windows Update sees WEPOS as XP Pro, it does not differentiate it as a separate operating system. So, if you do not have SP3 for WEPOS installed, Windows Update is going to tell you that you need to install the XP Pro SP3 update.
However, because the WEPOS platform is a reduced footprint OS, we could not simply consume the XP Pro SP3 update. It bloated the image significantly and added features, functionality and configurations not spec’d for WEPOS. So with the XP Pro SP3 update, we special-cased it to not install on WEPOS and instead provide a dialog message informing customers who do run the Pro SP3 Update that it is not compatible with WEPOS and a WEPOS specific update will be made available on the download center at a later date, and followed up with the Service Pack 3 for Window Embedded for point of Service and Windows Fundamentals for Legacy PCs update.
One of the outcomes of this approach, since WEPOS is seen as XP, is that all updates rolled into SP3 are no longer offered to your WEPOS system through Automatic or Express Updates because it assumes you will install the XP Pro SP3 update to get them all. Until you install the SP3 for WEPOS update, the workaround is to turn off Automatic Updates. Go to update.microsoft.com and select Custom. You will still see the XP SP3 update with a Download and Install Now link, but there is another link, Review Other Updates. Select the Review Other Updates link and you will see a list of applicable High-priority XP updates for your WEPOS system. You can select the updates you wish to install and proceed to Review and Install Updates to update your system.
Note: Prior to receiving the set of XP Updates, you may be prompted to install updates for Windows Update. Proceed with installing those updates and any required reboots, then return to update.microsoft.com, Custom, Review Other updates to update your WEPOS image.
Once you have installed the SP3 update for WEPOS, you can return to using Automatic updates successfully.
OEMs are ultimately responsible for supporting the WEPOS images they deploy. You should work with your OEM to determine your servicing model, and in particular to determine update compatibility with your WEPOS systems prior to installing updates, particularly Out of Band applications (e.g. Internet Explorer, Windows Media Player, etc.) and major OS updates such as SP3.
- Gina
At Microsoft, the Windows Embedded team is dedicated to bringing quality products to our customers at a competitive price point. Your success in this highly competitive marketplace is our passion! We listen and we act to ensure that our products meet your needs. As a result, more and more customers are turning to Microsoft to provide their POS system solutions. That is why, according to the latest study from IHL, shipments of Microsoft Windows based POS terminals increased from 71% to 76% in 2008!
These are uncertain economic times - So our team has focused on features and scenarios that would provide you with the greatest return on your investment. We are able to help you reduce your total cost of ownership by providing features and capabilities to help you navigate thru the requirements of the Payment Card Industry’s Data Security Standard (PCI DSS), providing improved customization, offering greater flexibility in how you configure your system, and by proving the latest security updates.
According to IHL, overall shipments of POS terminals have decreased by 4.2%, yet shipments of POS terminals based upon our Windows Embedded for Point of Service and Windows XP Embedded have increased during the same time period! This is because we offer a superior product, superior support, at a superior price! And with the launch of Windows Embedded POSReady 2009, the next generation of Windows Embedded for Point of Service, we hope to further meet the needs of our customers and retailers and help in their future success.
For more information about the IHL report, see
http://www.marketwatch.com/news/story/market-share-windows-based-pos-terminals/story.aspx?guid=%7B900BD514-39AE-46DD-B407-527BFFB4E35D%7D&dist=msr_8
- Sylvester
So, you may have noticed some changes to the blog's look today if you're viewing it from your computer. The team is thinking of rolling out more changes in the near future and we could definitely use your feedback. Feel free to leave us comments and let us know what sorts of things you hope to see. Looking forward to hearing from you.
-Christina
