Session 1: Windows 8 with Gerry Tessier


Published on

CTE Ottawa Seminar Day - September 7th, 2012
Indeed, these are exciting times. The IT world is yet again taking another giant technological step forward. With the release of System Center 2012, Cloud services, and Server 2012, to name a few, IT Pros are quickly trying to ramp up their skills for this latest generation of products. Now Windows 8 is upon us and not since Windows 95 have we seen a major overhaul of the user interface.

Much has been said and published about Microsoft's latest client OS. Join us at CTE to take an honest "Enterprise" look under the hood of Windows 8 so that we can tackle hot topics like improvements for deployment, security, usability, reliability, compatibility, virtual desktop infrastructure, networking, etc.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Session 1: Windows 8 with Gerry Tessier

  1. 1. Welcome to CTE Solutions Windows 8 in the EnterpriseTraining with Impact. 1
  2. 2. Introduction Gérald F. Tessier Senior Trainer at CTE Solutions, Inc. Training for 16 years MCITP, MCTS, MCSE 2003/2000/NT, MCSA, MCP+I, MCT, ITIL V3 Foundations, ITIL OSA, ITIL RCV, CTT, Security+, Network+, A+, EIEIO+ 2
  3. 3. Windows 8 in the Enterprise1. Overview of Windows 82. Deploying Windows 83. Navigating the Windows 8 Interface4. Securing Windows 85. 10 Reasons to Upgrade to Windows 8
  4. 4. Part I: Overview of Windows 8 Introducing Windows 8 Windows 8 Editions Advantages of 64 bit
  5. 5. Introducing Windows 8Windows 8 represents the largest change in the Windowsoperating system since Windows 95Key new features:• Start Screen• Cloud integration• Reset and Refresh your PC• Windows To Go• Remote Desktop Services• Hyper-V• Support for multiple form factors• Powershell v3.0
  6. 6. Understanding Windows 8 EditionsWindows 8 comes in three editions: • Windows 8 • Windows 8 Pro • Windows 8 EnterpriseWindows RT is the ARM-specific version of Windows 8designed for mobile devices that use the ARM processorarchitecture
  7. 7. Understanding Windows 8 Editions (cont.)Windows 8 Enterprise offers the following advantages:o BranchCacheo Applockero DirectAccesso Side-load Metro Appso Virtualization through RemoteFXo Windows To Go
  8. 8. Advantages of 64-bit Windows 8 VersionsAdvantages of 64-bit processors: • Improved performance • More memory • Improved device support • Improved securityLimitation: • Does not support the 16-bit Windows on Windows (WOW) environment
  9. 9. Part II: Deploying Windows 8 Hardware Requirements for Installing Windows 8 Determining Device Compatibility and Screen Resolution Common Application-Compatibility Problems Methods for Mitigating Common Application- Compatibility Issues Options for Installing Windows 8 Imaging with MDT 2012 Update 1 Windows 8 to Go
  10. 10. Hardware Requirements for Installing Windows 8 Windows 8 minimum recommended hardware requirements: • 1 GHz or faster processor • 1 GB RAM (32-bit) or 2 GB RAM (64-bit) • 16 GB available hard disk space (32-bit) or 20 GB (64-bit) • DirectX 9 graphics device with WDDM 1.0 or higher driver Windows 8 feature-specific requirements: • UEFI-based BIOS for secured boot process • 64-bit processor with second level address translation support • TPM for full BitLocker support
  11. 11. Determining Device Compatibility and ScreenResolutionUse the Compatibility Center for Windows 8 website tocheck hardware compatibility • Processor • Memory • Network card • Hard diskMetro-based apps require a screen resolution of 1024x768or higher
  12. 12. Common Application-Compatibility ProblemsCommon application compatibility problems may relate tothe following areas: • Setup and installation of applications • User Account Control • Windows Resource Protection • Internet Explorer Protected Mode • 64-bit architecture • Windows Filtering Platform • Operating system version changes • Kernel-mode drivers • Deprecated components
  13. 13. Methods for Mitigating Common Application-Compatibility IssuesYou can use the ACT to determine whether yourapplications are compatible with Windows 8Other mitigation methods include: • Verify your application, device, and computer compatibility with a new version of the Windows operating system • Verify a Windows updates compatibility • Become involved in the ACT community and share your risk assessment with other ACT users • Test your web applications and websites for compatibility with new releases and security updates to Internet Explorer
  14. 14. Options for Installing Windows 8 Clean installation • Install Windows 8 on a new partition • Replace an existing operating system on a partition Upgrade installation • Replace an existing version of Windows with Windows 8 • All users applications, files, and settings are retainedMigration • Move files and settings from an old operating system to Windows 8 • Side-by-side or wipe and load
  15. 15. Part III: Navigating the Windows 8 Interface
  16. 16. Part III: Navigating the Windows 8 Interface
  17. 17. In the news… Microsoft Work Exposes Magnitude of Botnet Threat Microsofts Security Intelligence Report sheds light on the expanding threat that bots… Researchers Discover Link Between a Series of Trojans A difficult to remove rootkit behind numerous sophisticated attacks, appears to have helped spread yet another
  18. 18. Computing and Societal Trends
  19. 19. Windows for the EnterpriseDevices & Enterprise-GradeExperiences SolutionsUsers Want Love Enterprise Scenarios
  20. 20. Microsoft Experience and Credentials Trustworthy Computing SAS-70 Initiative (TwC) Certificati on Malware BillG Protection ISO 27001 Memo Center Certification Microsoft Global FISMA Microsoft Security Security Foundation Certificati Response Center Engineering Services on (MSRC) Center/ (GFS) Security Development Lifecycle
  22. 22. Microsoft End-to-End Client Protection Protect Against and Protect Sensitive Data Secure Access Manage Threats to Resources Universal Extensible Firmware Interface Trusted Platform Model (TPM) (UEFI) • Maintain software with a patch • Secure data that is at rest with • Manage the full identity lifecycle management solution encryption • Validate user identity with strong • Deliver software that is secure by • Protect data that is in motion authentication design with encryption • Secured and always connected • Operate a malware resistant platform • Protect data that is in use with remote access and applications access controls • Protect resources as • Defend against malware threats environment changes Secured Windows Standard User Windows 7 BitLocker Active Directory Boot Accounts MDOP -BitLocker Administration and Direct Access Measured User Account Control, and Monitoring Network Access Boot AppLocker Office Information Rights Management Protection Protected Modern Applications (IRM) Dynamic Access Control View Defender Office Encrypted File System IE Smart Active Directory Rights Management Screen Services z
  23. 23. Microsoft Security Development Lifecycle Educati Proce Accountabili on ss ty Ongoing Process Improvements – 12 month cycle
  24. 24. Protection Starts with Patch Management • Setting the industry standard for threat response • Engaging with over 70 “Active Protection” partners • Further reducing the impact of zero-day vulnerabilities • Predictable IT patch cycle • Streamlined update process with WSUS • Integration with System Center 250% Configuration Manager Patch Manage 200% with WSUS 150% 100% 2H06 1H07 2H07 1H08 2H08 1H09 2H09 1H10
  25. 25. Protection Starts with PatchManagement Patch management is among the top 5 security priorities for 2010 Based on Gartner Survey: Top 10 Security Technology Project Priorities for 2010, Dec 2009 240% The number of enterprises with 220% regular patch Patch Manag with WSUS 200% management has 180% significantly grown 160% ® 140% 120% 100% Microsoft Security Intelligence Report Vol. 9, Oct 2010
  26. 26. • Establish a managed, • Set a security • Manage security tasks common identity baseline with SCM with System Center infrastructure with • Leverage Microsoft Configuration Active Directory® security guidance for Manager • Easily enforce device compliance • Ensure corporate and user policies with • Customize your desktops comply with Active Directory Group security configuration desired configuration Policies with settings packs and security baseline • Monitor, control, and• Simplify identity, strong authentication, and gain visibility of access management physical and virtual with Forefront Identity Manager and With Forefront® Identity desktop environments Manager (FIM) Active Directory, we have the comprehensive identity and access management solution that we need to support our banking operations.”
  27. 27. • Securing the Code • Mitigate exploits through the sandboxed Protected View • Securing the Boot Process which allows users to view untrusted files without harming • Securing the Core their computer • Securing Sign-In • Reduce the attack surface by validating file schemas, limiting • Securing while Desktop is in file types, blocking embedded code, and leveraging built-in Use Windows security mechanisms • Securing Access to • Improve the user experience with fewer security decisions that Resources “[With Windows 7 security “We are using SharePointand more need to be made Workspace enhancements], 2010 to expand our security initiatives, instrumental instructions to pre-we will save more than $10 for each of which will help us ensure that our empt helpdesk calls information is protected, correct, and our 16,000 PCs. That equals more than $160,000 in accessible.”
  28. 28. • Securing the Code •Protect from social • Securing the Boot Process engineering and phishing • Securing the Core •Protect desktop from malicious downloads • Securing Sign-In •Enhance protection based the• Securing while Desktop is in needs per Zone Use •Protect system and IE from • Securing Access to malicious applications Resources “Internet Explorer …is a definite positive step in terms of a protected •Protect from webpage browser” –Neil MacDonald/Gartner, Network World, manipulation (XSS) 6/21/2010
  29. 29. •Proactive protection against • Minimize impact of threats application vulnerabilities and •Dynamic updates through cloud exploits with integral service mechanisms developed from the Security Development Lifecycle •Centralized security and firewall policies • Prevent unauthorized •Security compliance alerts, operations by running in tracking, and reporting “standard user” mode using User •Builds on Microsoft industry- Account Control leading anti-malware engine• Protect against network threats with built-in firewall • Restrict applications installation and usage with • Global threat intelligence and real-time Windows AppLocker policies response backed by Microsoft Malware Protection Center
  30. 30. • Windows BitLocker® • Data extraction • Office Information protects data on hard- through USB devices Rights Management drives with encryption is centrally controlled (IRM) sets boundaries • Data cannot be • Protect data on for sensitive data extracted in the event of removable drives with • Keep documents and loss or theft, complying BitLocker To GoTM email communication with FIPS 140-2 (in encryption to authorized process) • Restrict device types corporate users• Hardware integration and block writes to • Mark content (TPM) prevents access unprotected drives manually or by on a tampered OS or through Group Policies automated inspection another device in Microsoft Exchange • Microsoft BitLocker and SharePoint® Administration and Replaced a third party solution Enforce password • Implemented BitLocker and Monitoring enhancesBitlocker with protection,To Go BitLocker digital provisioning, $100,000 in licensing and saved signatures and limit for all mobile workers monitoring, and key and maintenance data extraction from
  31. 31. Establish a managed, • •Add strong authentication with common identity Windows 7 infrastructure with Active •Use Windows 7 Biometric or Directory, enhanced with Smart-card frameworks Forefront Identity Manager to authenticate users at logon,• Create a common, single sign for admin access or drive on across on-premises and encryption cloud services •Simplify Enrollment and end to end lifecycle management of • Manage access to resources PKI with policy controlled groups certificates for both IT and end in Active Directory users Enhance and automate • •Extend remote access identity and access  authentication with PKI  provisioning / deprovisioning  certificates, smart-cards • Empower users with self or RSA One Time Password service tools for group and
  32. 32. vides various options for remote access • Enable DirectAccess connectivity for continuous manageability of remote corporate laptops • Apply OS patches, maintain anti-virus signatures, and keep applications updated at all times • Keep configuration and security policies up to date • Set access policy based on device type and health • Validate and remediate remote devices before granting access to corporate resources • Support access from unmanaged PCs and phones • Allow any device with a browser to access internal portals through Unified Access Gateway • Provide asset and compliance reporting with System Center for devices connected via Exchange ActiveSync
  33. 33. • Manual tagging by content owners • Expression based • Automatic RMS• Automatic Classification access conditions and protection for Office auditing with support documents based on • Application based for user claims, device file tags tagging claims and file tags • Near real time • Central access policies protection soon after targeted based on file the file is tagged tags • Extensibility for non • Access denied Office RMS protectors remediation • Policy staging audits to simulate policy changes in a real environment
  34. 34. Modern Security Touch Thinner, New Lighter, Form Faster Factors Sensors Long Battery Life
  35. 35. ffective IT investment for desktop security needs
  36. 36. Top 10 Reasons to Upgrade to Windows 81. UEFI Fast boot2. Secure Boot3. Improved Authentication4. Client Hyper-V5. Live Performance Feedback6. Powershell v3.07. Windows to GO8. DirectAccess9. Unified Experience10. Who really likes the old start menu?11. *Bonus: Cloud Integration!