In this blog article I will be talking about a new security feature in Windows Embedded Standard 2011 (“Quebec”). This security feature has been part of Windows Operating System since Vista timeframe. I will touch upon the usefulness of this feature. The main idea of this article is to go over the procedure of adding this package to your image and using it afterwards.
Windows BitLocker Drive Encryption (BitLocker) is a new security feature that provides better data protection for your device by encrypting all data stored on the Windows Embedded Standard 2011 operating system volume. BitLocker allows an admin of a machine to encrypt volumes to protect data contained on them.
PLEASE NOTE: The settings described in this article apply to Windows Embedded Standard 2011 CTP. The required settings may change slightly for the release to manufacturing (RTM) version of Windows Embedded Standard 2011, but for the most part the approach outlined in this article should apply to the RTM release.
One very common scenario for users of Windows Embedded Standard 2011 is to develop a completely unattended, or “hands-free”, setup. In this scenario, a Windows Embedded Standard 2011 image can be created on a target device without a single human interaction once the Setup program has been properly started (and even this can be automated with the help of a well-crafted autorun volume). For this article, a fully unattended setup will result in the target device auto logging in and reaching the desktop.
In order to help you achieve this scenario, I will touch on the different components and stages of the setup process. From a very high level, an unattended setup of Windows Embedded Standard 2011 is achieved by providing answers to every question that the setup process has. If Setup has answers to all of its different questions, then there will be no need for a UI to ask a human what to do. These answers will be provided to Setup in the form of an unattend (a.k.a. “answer”) file. This unattend file is an XML file either created by the Windows Embedded Standard 2011 Image Configuration Editor (ICE) or by hand for those who prefer.
In Windows Embedded Standard 2011, the Distribution share (DS) is a critical element in creating customized Windows images. If you have used Image Configuration Editor (ICE), you would have noticed that packages are well organized into a tree structure that represents the DS. During development, users might need to use other packages in addition to the ones already found in the DS. Examples include new package releases from the Windows Embedded team (security updates, hot fixes, new versions of the same package, etc...) as well as 3rd party supplied packages (e.g. 3rd party driver packages).
Windows Embedded Standard 2011 allows you to maintain the DS (for example you can add a new driver package or an update package) by using one of the supplied utilities that come with the Stnadard 2011 tools, importpackage.exe. This tool enables you to: