CTE Ottawa Seminar Day - September 7th, 2012 Indeed, these are exciting times. The IT world is yet again taking another giant technological step forward. With the release of System Center 2012, Cloud services, and Server 2012, to name a few, IT Pros are quickly trying to ramp up their skills for this latest generation of products. Now Windows 8 is upon us and not since Windows 95 have we seen a major overhaul of the user interface. Much has been said and published about Microsoft's latest client OS. Join us at CTE to take an honest "Enterprise" look under the hood of Windows 8 so that we can tackle hot topics like improvements for deployment, security, usability, reliability, compatibility, virtual desktop infrastructure, networking, etc.

1. www.ctesolutions.com
Welcome to CTE Solutions
Windows 8 in the Enterprise
Training with Impact. 1

2. Introduction
Gérald F. Tessier
 Senior Trainer at CTE Solutions, Inc.
 Training for 16 years
 MCITP, MCTS, MCSE 2003/2000/NT,
MCSA, MCP+I, MCT, ITIL V3 Foundations,
ITIL OSA, ITIL RCV, CTT, Security+,
Network+, A+, EIEIO+
2

3. Windows 8 in the Enterprise
1. Overview of Windows 8
2. Deploying Windows 8
3. Navigating the Windows 8 Interface
4. Securing Windows 8
5. 10 Reasons to Upgrade to Windows 8

4. Part I: Overview of Windows 8
 Introducing Windows 8
 Windows 8 Editions
 Advantages of 64 bit

5. Introducing Windows 8
Windows 8 represents the largest change in the Windows
operating system since Windows 95
Key new features:
• Start Screen
• Cloud integration
• Reset and Refresh your PC
• Windows To Go
• Remote Desktop Services
• Hyper-V
• Support for multiple form factors
• Powershell v3.0

6. Understanding Windows 8 Editions
Windows 8 comes in three editions:
• Windows 8
• Windows 8 Pro
• Windows 8 Enterprise
Windows RT is the ARM-specific version of Windows 8
designed for mobile devices that use the ARM processor
architecture

7. Understanding Windows 8 Editions (cont.)
Windows 8 Enterprise offers the following advantages:
o BranchCache
o Applocker
o DirectAccess
o Side-load Metro Apps
o Virtualization through RemoteFX
o Windows To Go

8. Advantages of 64-bit Windows 8 Versions
Advantages of 64-bit processors:
• Improved performance
• More memory
• Improved device support
• Improved security
Limitation:
• Does not support the 16-bit Windows on
Windows (WOW) environment

9. Part II: Deploying Windows 8
 Hardware Requirements for Installing Windows 8
 Determining Device Compatibility and Screen Resolution
 Common Application-Compatibility Problems
 Methods for Mitigating Common Application-
Compatibility Issues
 Options for Installing Windows 8
 Imaging with MDT 2012 Update 1
 Windows 8 to Go

10. Hardware Requirements for Installing Windows 8
Windows 8 minimum recommended hardware
requirements:
• 1 GHz or faster processor
• 1 GB RAM (32-bit) or 2 GB RAM (64-bit)
• 16 GB available hard disk space (32-bit)
or 20 GB (64-bit)
• DirectX 9 graphics device with WDDM 1.0 or
higher driver
Windows 8 feature-specific requirements:
• UEFI-based BIOS for secured boot process
• 64-bit processor with second level address
translation support
• TPM for full BitLocker support

11. Determining Device Compatibility and Screen
Resolution
Use the Compatibility Center for Windows 8 website to
check hardware compatibility
• Processor
• Memory
• Network card
• Hard disk
Metro-based apps require a screen resolution of 1024x768
or higher

12. Common Application-Compatibility Problems
Common application compatibility problems may relate to
the following areas:
• Setup and installation of applications
• User Account Control
• Windows Resource Protection
• Internet Explorer Protected Mode
• 64-bit architecture
• Windows Filtering Platform
• Operating system version changes
• Kernel-mode drivers
• Deprecated components

13. Methods for Mitigating Common Application-
Compatibility Issues
You can use the ACT to determine whether your
applications are compatible with Windows 8
Other mitigation methods include:
• Verify your application, device, and computer compatibility
with a new version of the Windows operating system
• Verify a Windows update's compatibility
• Become involved in the ACT community and share your
risk assessment with other ACT users
• Test your web applications and websites for
compatibility with new releases and security updates
to Internet Explorer

14. Options for Installing Windows 8
Clean installation
• Install Windows 8 on a new partition
• Replace an existing operating system on a partition
Upgrade installation
• Replace an existing version of Windows with Windows
8
• All users applications, files, and settings are retained
Migration
• Move files and settings from an old operating system
to Windows 8
• Side-by-side or wipe and load

35. Part III: Navigating the Windows 8 Interface

36. Part III: Navigating the Windows 8 Interface

37. In the news…
Microsoft
Work Exposes
Magnitude of
Botnet Threat
Microsoft's Security
Intelligence Report
sheds light on the
expanding threat
that bots…
Researchers
Discover Link
Between a
Series of
Trojans
A difficult to remove
rootkit behind
numerous
sophisticated attacks,
appears to have helped
spread yet another

38. Computing and Societal Trends

39. Windows for the Enterprise
Devices & Enterprise-Grade
Experiences Solutions
Users Want
Love
Enterprise Scenarios

40. Microsoft Experience and Credentials
Trustworthy Computing SAS-70
Initiative (TwC) Certificati
on
Malware
BillG Protection ISO 27001
Memo Center Certification
Microsoft
Global FISMA
Microsoft Security Security
Foundation Certificati
Response Center Engineering
Services on
(MSRC) Center/
(GFS) Security
Development
Lifecycle

41. Security Landscape
Private Cloud Public Cloud
APPS
On-Premise Online
INFORMATION ACCESS ANTI- POLICY RESEARCH SECURE
PROTECTIONCONTROL MALWARE MANAGEMENTRESPONSE
& DEVELOPMENT
DEVICES

42. Microsoft End-to-End Client Protection
Protect Against and Protect Sensitive Data Secure Access
Manage Threats to Resources
Universal Extensible Firmware Interface Trusted Platform Model (TPM)
(UEFI)
• Maintain software with a patch • Secure data that is at rest with • Manage the full identity lifecycle
management solution encryption • Validate user identity with strong
• Deliver software that is secure by • Protect data that is in motion authentication
design with encryption • Secured and always connected
• Operate a malware resistant platform • Protect data that is in use with remote access
and applications access controls • Protect resources as
• Defend against malware threats environment changes
Secured Windows Standard User Windows 7 BitLocker Active Directory
Boot Accounts MDOP -BitLocker Administration and Direct Access
Measured User Account Control, and Monitoring Network Access
Boot AppLocker Office Information Rights Management Protection
Protected Modern Applications (IRM) Dynamic Access Control
View Defender Office Encrypted File System
IE Smart Active Directory Rights Management
Screen Services z

43. Microsoft Security Development Lifecycle
Educati Proce Accountabili
on ss ty
Ongoing Process Improvements – 12 month
cycle

44. Protection Starts with Patch Management
• Setting the industry standard for
threat response
• Engaging with over 70 “Active
Protection” partners
• Further reducing the impact of
zero-day vulnerabilities
• Predictable IT patch cycle
• Streamlined update process with
WSUS
• Integration with System Center
250% Configuration Manager
Patch Manage
200% with WSUS
150%
100%
2H06 1H07 2H07 1H08 2H08 1H09 2H09 1H10

45. Protection Starts with Patch
Management
Patch management is among the top 5 security priorities for
2010
Based on Gartner Survey: Top 10 Security Technology Project Priorities for 2010, Dec 2009
240% The number of
enterprises with
220% regular patch Patch Manag
with WSUS
200% management has
180% significantly grown
160%
®
140%
120%
100%
Microsoft Security Intelligence Report Vol. 9, Oct
2010

46. • Establish a managed, • Set a security • Manage security tasks
common identity baseline with SCM with System Center
infrastructure with • Leverage Microsoft Configuration
Active Directory® security guidance for Manager
• Easily enforce device compliance • Ensure corporate
and user policies with • Customize your desktops comply with
Active Directory Group security configuration desired configuration
Policies with settings packs and security baseline
• Monitor, control, and
• Simplify identity, strong
authentication, and
gain visibility of
access management physical and virtual
with Forefront Identity Manager and
With Forefront® Identity desktop environments
Manager (FIM)
Active Directory, we have the
comprehensive identity and access
management solution that we need to
support our banking operations.”

47. • Securing the Code • Mitigate exploits through the
sandboxed Protected View
• Securing the Boot Process which allows users to view
untrusted files without harming
• Securing the Core their computer
• Securing Sign-In • Reduce the attack surface by
validating file schemas, limiting
• Securing while Desktop is in file types, blocking embedded
code, and leveraging built-in
Use Windows security mechanisms
• Securing Access to • Improve the user experience
with fewer security decisions that
Resources
“[With Windows 7 security “We are using SharePointand more
need to be made Workspace
enhancements], 2010 to expand our security initiatives,
instrumental instructions to pre-
we will save more than $10 for each of which will help us ensure that our
empt helpdesk calls
information is protected, correct, and
our 16,000 PCs.
That equals more than $160,000 in accessible.”

48. • Securing the Code •Protect from social
• Securing the Boot Process engineering and phishing
• Securing the Core •Protect desktop from malicious
downloads
• Securing Sign-In
•Enhance protection based the
• Securing while Desktop is in
needs per Zone
Use
•Protect system and IE from
• Securing Access to
malicious applications
Resources “Internet Explorer …is a definite
positive step in terms of a protected
•Protect from webpage
browser”
–Neil MacDonald/Gartner, Network World,
manipulation (XSS)
6/21/2010

49. •Proactive protection against
• Minimize impact of threats
application vulnerabilities and
•Dynamic updates through cloud
exploits with integral service
mechanisms developed from the
Security Development Lifecycle •Centralized security and firewall
policies
• Prevent unauthorized •Security compliance alerts,
operations by running in tracking, and reporting
“standard user” mode using User •Builds on Microsoft industry-
Account Control leading anti-malware engine
• Protect against network threats
with built-in firewall
• Restrict applications
installation and usage with • Global threat intelligence and real-time
Windows AppLocker policies response backed by Microsoft Malware
Protection Center

50. • Windows BitLocker® • Data extraction • Office Information
protects data on hard-
through USB devices Rights Management
drives with encryption
is centrally controlled (IRM) sets boundaries
• Data cannot be • Protect data on for sensitive data
extracted in the event of removable drives with • Keep documents and
loss or theft, complying BitLocker To GoTM email communication
with FIPS 140-2 (in encryption to authorized
process)
• Restrict device types corporate users
• Hardware integration and block writes to • Mark content
(TPM) prevents access unprotected drives manually or by
on a tampered OS or through Group Policies automated inspection
another device in Microsoft Exchange
• Microsoft BitLocker and SharePoint®
Administration and
Replaced a third party solution
Enforce password
• Implemented BitLocker and
Monitoring enhancesBitlocker
with protection,To Go
BitLocker digital
provisioning, $100,000 in licensing
and saved signatures and limit
for all mobile workers
monitoring, and key
and maintenance data extraction from

51. Establish a managed,
• •Add strong authentication with
common identity Windows 7
infrastructure with Active
•Use Windows 7 Biometric or
Directory, enhanced with
Smart-card frameworks
Forefront Identity Manager
to authenticate users at logon,
• Create a common, single sign for admin access or drive
on across on-premises and encryption
cloud services •Simplify Enrollment and end to
end lifecycle management of
• Manage access to resources
PKI
with policy controlled groups
certificates for both IT and end
in Active Directory
users
Enhance and automate
• •Extend remote access
identity and access  authentication with PKI

provisioning / deprovisioning  certificates, smart-cards
• Empower users with self
or RSA One Time Password
service tools for group and

52. vides various options for remote access
• Enable DirectAccess connectivity for continuous manageability of remote corporate
laptops
• Apply OS patches, maintain anti-virus signatures,
and keep applications updated at all times
• Keep configuration and security policies up to date
• Set access policy based on device type and health
• Validate and remediate remote devices before granting access to corporate
resources
• Support access from unmanaged PCs and phones
• Allow any device with a browser to access internal portals through Unified
Access Gateway
• Provide asset and compliance reporting with System Center for devices
connected via Exchange ActiveSync

53. • Manual tagging by
content owners
• Expression based • Automatic RMS
• Automatic Classification access conditions and protection for Office
auditing with support documents based on
• Application based
for user claims, device file tags
tagging
claims and file tags • Near real time
• Central access policies protection soon after
targeted based on file the file is tagged
tags • Extensibility for non
• Access denied Office RMS protectors
remediation
• Policy staging audits
to simulate policy
changes in a real
environment

54. Modern Security
Touch Thinner, New
Lighter, Form
Faster Factors
Sensors Long
Battery
Life

55. ffective IT investment for desktop security needs

56. Top 10 Reasons to Upgrade to Windows 8
1. UEFI Fast boot
2. Secure Boot
3. Improved Authentication
4. Client Hyper-V
5. Live Performance Feedback
6. Powershell v3.0
7. Windows to GO
8. DirectAccess
9. Unified Experience
10. Who really likes the old start menu?
11. *Bonus: Cloud Integration!