Speaker: Michael Niehaus, Senior Product Marketing Manager, Microsoft
A week-long tech event in Las Vegas,; on Thursday morning things generally get quiet at MMS so I was surprised to see a fair showing at this mornings break out. I was even more pleasantly surprised to see Michael Niehaus was presenting (I guess I could have read the detailed session schedule). Anyway…
Focus here is on new features of Windows 8 that affect Windows 8 deployment.
Windows 7 to Windows 8 Image size is identical: 1.96GB and 7.76GB expanded (actually a touch smaller than Windows 7). Installation time is now 10 minutes (down from 15) and upgrade time is now 20 minutes (down from 30). Physical hardware requirements are the same for Windows 8 as they were for Windows 7. Several small improvements to the Windows stack have resulted in the performance improvements listed here. It is recommended that you use the new deployment tools for Windows 8 to deploy Windows 7 even if you are not ready for Windows 8 for performance enhancements (mostly from Windows PE improvements).
A new hardware requirement a processor feature can cause problems with older systems. VMware 5.0 or earlier as well as some older computers may fail to boot into the new Windows PE.
Windows 8 BitLocker enhancement: You can now encrypt the disk before the operating system is installed (initiated from Windows PE). It now encrypts only used disk space for a big performance improvement. Once the OS is running you can turn on the protectors very easily/quickly. If you use the new ADK and Windows PE, you can do this with Windows 7 deployments as well.
You can also have BitLocker automatically unlocked when on a trusted wired network so you don’t have to enter a PIN to boot on your work network, but you do if you are home or on the road.
UEFI 2.3.1 is important to Windows 8. The start up and speed is greatly improved. There are 2 seconds allowed by Windows 8 logo requirements for an SSD drive to POST once the power button is hit. And with this UEFI you can boot to PXE (requires latest WDS release).
When you are running a machine in native UEFI mode you need to use a matching boot image. You can’t run a x32 OS on a x64 system with a x64 boot image. So cross platform support may be an issue if you wish to include older operating systems on the drive (multiboot).
UEFI also enables Windows 8 secure boot feature. This protects the system until the system is up to the point where it can protect itself, blocking rootkits. This can be turned off for older operating systems.
Windows Store Apps were covered again, but such information as captured in my session notes for a previous session and you can find those notes here.
Windows to go is the new ability to run Windows 8 from a USB key (takes about 30 seconds to boot). You can tell Windows 8 to look for the USB key to boot or not. By default, the Windows to go drives are configured not to appear as a mounted drive within Windows. It requires Windows 8 enterprise due to licensing restrictions (the ability to create Windows to go drives is provided as part of your software assurance package). A simple wizard is used to collect the installation media and set up the drive. You can configure a series of task sequences so that when it comes up you can automate things like security updates, domain joins, etc.
Hyper-V Client Hypervisor means that you can run virtual machines on your client system as you could previously on servers. Hyper-V requires that you have Windows 8 64-bit, 4gb RAM, hardware-assisted virtualization and SLAT (second-level address translation) support which is a client side requirement due to video card. Vendors refer to this SLAT requirement differently. For example: Intel calls it EPT (enhanced page tables). There are also some new cmdlets provided by PowerShell to create and manage virtual machines.
Refresh and Reset your PC is the successor to Windows RE (recovery environment). This is more of an OEM recovery feature that is not expected to be used in enterprises, but a quick description:
- Reset your PC = removes all personal data, apps, and settings from the PC and reinstalls Windows from an image preserving nothing.
- Refresh your PC = Keeps all personal data, Windows 8 apps, and important settings from the PC and reinstalls Windows. Any non-Metro apps will need to be reinstalled.
New deployment challenges are introduced by the fact that slates and tablets don’t normally have a keyboard. If you don’t have a keyboard you cannot enter a password or anything from Windows PE—there is touch support, but no on-screen keyboard. You can’t do OS deployments over Wireless and most slates don’t have a NIC so you’d need a Ethernet dongle or USB storage to deploy to slates and tablets.
Assessment and Deployment Kit (ADK) is the new Windows AIK. All the core Windows 8 deployment tools are now found here. Everyone can download the ADK from the Microsoft Download Center. ARM tools are not included (so MDT does not support ARM processor systems). The ADK should not coexist with Windows AIK (uninstall the AIK first, having both may break the ability to mount WIM files). The ADK can only be installed on Windows 7, Windows Server 2008 R2, and Later OSs.
ImageX is going away (get used to DISM which will replace it soon).
Windows PE 4.0 now offers feature packs to include .NET Framework 4 PowerShell 3.0 and a bunch of provisioning related cmdlets.
The new USMT still supports Windows XP as a source. You can also now extract the contents of a USMT store as part of a new verification and recovery tool.
DISM can now create VHD files along with WIM files. There are some PowerShell cmdlets for some operations.
There is a new Windows Performance Toolkit. It captures and analyzes information to help troubleshoot Windows performance issues (slow boot, GPO processing delays, application performance issues, etc.).
Disk partitioning in Windows 8: PowerShell is replacing DISKPART functionality. Right now it is still there and you can use it. Disk Manager still uses DISKPART today. In a preview release of Windows 8 there was a warning that DISKPART would be deprecated but it caused so much noise the message was taken away but the plan remains.
Roles and Features will now be managed by DISM (and a ServerManager PowerShell module). Older tools were deprecated with Windows Server 2008 R2 (Server ManagerCmd.exe and OCSetup.exe).
You cannot install applications as a task sequence because the task sequencer runs as local system and applications are installed per user.