Windows Embedded Home
Windows Embedded 8 Family
Windows Embedded 7 Family
Other Windows Embedded Products
A common requirement for Windows Embedded Standard 7 devices is controlling what applications can run on the system. If the device only runs your own custom application, such as a kiosk or set-top box, then you might want to ensure that no other applications could be run to break out of the experience. If the device runs a more open shell, such as thin clients, you may want to restrict the set of applications that are allowed to run.
Since Windows Embedded Standard 7 is based on Windows 7, we can leverage a new technology that has been introduced: AppLocker. AppLocker builds and improves on Software Restriction Policies (SRPs) to allow for easy and flexible application lockdown. You can find a thorough summary of AppLocker at its Executive Overview and other articles around the web, but I will offer some highlights and an example. Some of its features are:
Comments Product Updates
*Updated formatting - 4/13/10*
This is the second blog in a series of articles which discusses the troubleshooting and diagnosis of driver installation issues in Windows Embedded Standard 7 (Standard 7). Previously we presented the different phases of setup and a brief introduction to SetupAPI logging and the SetupAPI.dev.log file. We will now start off with the format of the SetupAPI.dev.log file.
* Updated 4/5/10 with clearer instructions for step 1*
In my last blog, I gave an overview of how AppLocker can help you lock down what applications can run on your Windows Embedded Standard 7 device. To demonstrate how AppLocker works, I’ll walk through an example of how to create a rule to block Internet Explorer from running. Here’s how, step by step:
1. AppLocker can be configured through wizards in the Local Group Policy Editor, which you can start by running “gpedit.msc”. AppLocker is located under “Computer Configuration -> Windows Settings -> Security Settings -> Application Control Policies” in that window. Navigate to the Executable Rules option in the navigation on the left. In the Action menu, click Create New Rule.
Mass deployment is the process of creating a master Windows Embedded Standard 7 runtime image on a reference system and then deploying this image to multiple target systems. The deployment process typically uses specific tools such as System Preparation tool (sysprep.exe) and Imagex.exe as well as Windows PE Environment to perform the following tasks:
- Generalize the master system by removing machine specific information
- Capture the system into a Windows image (wim) file
*Updated 3/25/10- removed section "Types of Service Packs" , added section "Service Packs and Distribution Share"*
This article discusses Service Packs and how they will be used in Windows Embedded Standard 7.
What is a Service Pack?