ABOUT PRODUCTS IN DEVELOPMENT
Join the discussion of ongoing development efforts in the Windows Embedded product family.
The Windows Embedded Team Blog brings together a range of voices to spotlight Windows Embedded news and information and reflect the evolving world of intelligent systems and specialized devices.
Posted By J.T. KimbellProgram Manager
This is the last entry in this week’s series about the lockdown features found in Windows Embedded Standard 8. In this post Brendan Rempel goes into more depth about how to manage your lockdown features. Brendan is a Software Development Engineer who works on a variety of Windows Embedded device lockdown features. Outside of Embedded, Brendan spends all remaining time with his family, fueling two boys’ obsessions with loud toys, especially the Washington State’s steam trains and model rockets.
But before Brendan gets into the meat of this article, he’s got a story to share.
A while back I had nifty a car alarm. It had all the typical features for preventing theft and even had an engine starter. But the best part was the remote. It had a little picture of a car and realistic LCD indicators to represent its state. I could press a button to see if the doors were locked and lock them if they weren’t. It could tell me if the engine was started correctly. It would also beep loudly if someone tried to break in. Best of all, it had a ¼ mile range and worked even when in deep underground parking. While it didn’t stop break-in attempts, I was able to respond fast when someone did and never worried about the car being secure.
Windows Embedded Standard 8 introduces many new and improved features related to securing devices and maintaining their primary purpose. We’ve also added consistent user interface through the MMC and a consistent set of WMI providers for easy scripting. This was all meant to help administrators manage devices, regardless of how that’s done.
Using history as our teacher, we learned that many Lockdown related problems in devices go undetected. It’s easy to remember being at an airport, freeway, or game and see a digital sign showing a Windows error message or logon screen. This is as embarrassing to us as it is for the person who made the device, but often only the public knows when this happens. This is why we’ve done our best to stop these problems, but we’ve added several new features to help administrators detect when problems sneak through and record when we succeed.
All our features use the Event Tracing for Windows (ETW) to report problems in their typical scenarios. This includes:
Comments Windows Embedded Standard
Today I’m going to share a demo of something pretty awesome with you guys. Not as awesome as the recently announced Microsoft Surface tablet, but it’s still pretty cool. On Monday, we gave an overview of all the lockdown features on Windows Embedded Standard 8, and today I’m going to be showing you how you can easily manage those lockdown features by using the Unified Configuration Tool (UCT), a Microsoft Management Console (MMC) snap-in.
UCT comes as part of the Windows Embedded Standard 8 toolkit and can be installed by running emblockSetup_amd64.msi or embblockSetup_x86.msi (depending on your developer machine’s architecture). Download our second Community Technology Preview (CTP2) to try it out. With the tool, the lockdown features on your Windows Embedded devices can be remotely or locally managed by graphical user interface. From changing your custom shell for Shell Launcher to selecting what processes to block with Dialog Filter, there is a lot that UCT lets you configure.
With some help from Brendan Rempel, a developer working on UCT, I created the following video that shows you UCT in action and teaches you more about it.
Over the next week we’re going to have a small series highlighting various Lockdown features on Windows Embedded Standard 8. In this first post Kevin Asgari gives us an overview of the Lockdown and Branding features found in Windows Embedded Standard 8. Kevin is a Writer for the Windows Embedded team and in his spare time enjoys reading, skiing, visiting wineries, and spending time with family.
Windows Embedded Standard provides a building block version of the Windows operating system, enabling you to create a smaller, customized version of Windows by removing functionality that your device does not need. In addition, Windows Embedded Standard provides additional functionality for embedded devices that is not available in the full Windows OS. In Windows Embedded Standard 7 and earlier, we called these new features “embedded enabling features”, or EEFs for short.
However, “embedded enabling features” is not a very descriptive term. In Windows Embedded Standard 8, we now call these features lockdown and branding features.
Lockdown features enable you to provide a controlled device experience, mainly by limiting the ways in which an end user can interact with the device. For example, your device may be a dedicated cashier device that runs a full screen cashier application, and you may want to prevent users from being able to use Windows shortcut keys like Alt+Tab to switch out of the application, or Alt+4 to close the application.
Branding features enable you to hide or change many of the parts of the OS that identify it as a Windows product. You may want the devices your company produces to show only your company’s branding to your customers for better brand recognition, or you may want to hide the underlying OS so that end users are less likely to try to break out of the tailored device experience.