-> Software => new interface andapp model enablesbusinessestocreatetheirown lob appsto help improveproductivity-> The operating systems is faster, more reliableand more secureHardware makers delivered 90 million PCs in Q4 2012
-> Software => new interface andapp model enablesbusinessestocreatetheirown lob appsto help improveproductivity-> The operating systems is faster, more reliableand more secure
The reason for this is that in Windows 7, the upgrade process preserved the customer’s applications in the Program Files folder and their files in the Users folder by moving each file to a transport location (so that the original folders can be deleted to make way for the newer installation), and then moving them back again to complete the installation. With music and photo collections, it’s not unusual to have hundreds of thousands of files, so even relatively fast move operations can really add up.Simplifying the transport In Windows 7 the transport (this is the place where we store the files and settings being preserved between the old and new operating systems) was comprised of two folders: “Windows.~q” and “Windows.~tr”. In Windows 8 we have simplified this to just one folder. We have repurposed the “Windows.old” naming convention for consistency with clean install (which creates a “Windows.old” folder containing the previous OS in order to be able to roll back should the installation fail). Merging the transport folders into the single Windows.old folder speeds up the upgrade process, as it removes the need to move files between the ~tr and ~q folders.Switching to hard links In upgrades to Windows 7, files were moved between the old OS, the transport, and Windows 7 by using file move operations. In upgrades to Windows 8, we use hard link operations instead. This means we can link to the actual data on disk in the transport location without having to physically move the file, which has a significant performance gain. And if something goes wrong with setup and we have to roll back, we just need to delete the hard links, and the files are completely unaffected on disk.
What isit? It’s a full no compromis pc on a memory stick
■■ Offline internal disks When booted into a Windows To Go workspace, internal harddisks are disabled by default. The Windows To Go workspace completely disassociatesitself from the other drives in a machine. This minimizes the risk of unwantedmanipulationof either device as well as data leakage.■■ Absence of Trusted Platform Module (TPM) Traditionally, BitLocker isimplementedusing the TPM integrated hardware. Because the TPM is linked with aspecific computer, it cannot be used with Windows To Go because it can be used onmultiple computers. To replace TPM for a Windows To Go workspace, a preoperatingsystem boot password is used for security.■■ Disabled hibernation Hibernation has been disabled by default to maximize aworkspace’s versatility to move between machines. If a machine is in hibernate, a usermight remove the USB media, thinking the computer is turned off.■■ Removed Windows Recovery Environment In a Windows To Go workspace, theWindows Recovery Environment is not available. In the event that a recovery is needed,re-image the drive.■■ Disabled Push Button Reset This feature was disabled due to the nonsensicalnatureof resetting to the manufacturer’s standard for a computer while runningWindowsTo Go.■■ Disabled Microsoft Store The Windows store uses hardware identification forlicensing purposes. For this reason, the Windows Store is disabled on Windows To Go.If the Windows To Go workspaces will not be moving to multiple computers, the storecan be re-enabled.■■ Absence of Multiple Activation Key (MAK) method The MAK activation methodis not supported for Windows
Windows To Go can be configured to boot on both UEFI and BIOS computersBoth sets of boot components are placed on a FAT32system partition
Boot a PC from the USB stick + play a movie + remove the USB stick
Thoroughly => clean whipe, option will write random patterns to every sector of the drive, overwriting any existing data visible to the operating systemQuick => ETA 6minThorough => ETA 23min
Unlike manually reinstalling Windows, you don’t have to go through the Windows Welcome screens again and reconfigure all the initial settings, as your user accounts and those settings are all preservedETA => 8 min
we deliberately chose not to preserve the following settings, as they can occasionally cause problems if misconfigured:File type associationsDisplay settingsWindows Firewall settings
Install a metro appand a non metro app + refresh the pc => show the existingapp is stillthere, the legacyapp is listerd in the TXT file.
2,2TB max boot MBRhttp://en.wikipedia.org/wiki/Master_boot_recordFASTERThe ExperienceLong Bios boot + difficult to get to the functionsSecurity risksVGA dependency = low resolutionBoot disk size limit 2,2 TB (MBR)
Bios standardsince 1980
BIOS issues:- Time delay at POST - Boot Kit threats- Lots of <Fn> key options at boot- Confusing OS boot menus- No connection between OS and BIOS boot menus- BIOS menus circa 1980- Boot disk size limited to 2.2TBPost mustbe long to show logo’s and have x secondsfor the FunctionkeysOS initialisation takes long as kernel, drivers,... NeedtoberestartedServices & app, all the appsneedtocome back online.Win8 hiberfile is a hibernation of Session0
http://www.youtube.com/watch?v=35D0_feZnK8Secure Boot does not require a Trusted Platform Module (TPM).Youcannotjust update dbanddbx => they are protectedfrom editing via the KEK. An update on dbanddbxneedstobesignedby a key in the kek. To update the kek the update must besignedbysomething in PK.PK is pre injectedduring Setup mode byvendorAllcoponents are bakedinto a machine
http://www.youtube.com/watch?v=oiqcog1sk2EIs a boot loaderand os feature thatuses TMP to keep a record of early boot components as they load, Starting at Bios/Uefi => beforeach next component in the boot sequence is loaded the previouscomponentscomputes the hash of the next component and stores it in the TPM into the PCR’s of the TPMBios hash of bootloader (bootmanger.exe) => hands off to bootmanger.exe thathasheswinload,exe or winresume.exe => launch the kernal => the kernal loads the early drivers into memory andbeforeitinitialises the early boot drivers itinitilises ELAM that scans the drivers beforethey load.
http://mbt.codeplex.com/http://www.youtube.com/watch?v=oiqcog1sk2EA TPM based feature, itallows a boot log tobeevaluatedby a remote system andcanallows a policy beevaluatedClient boots andcreates log, Log signedwithyourtpmkey, the log is sent to remote system forverification, the remote server thansends a token back. The clientcanthensendthis token onwardsand say i’m clean
Awindows 8 will have 3 types of statesOnConnectedstandbyOffYouwillhardly ever go to the shutdown state on a connectedstandby device.Whenyoususspend the system there is a very short time where the appscan save their state.
Win 7 PCDimm display at 60 secTurn off display after 120 minutesSleep state after 180 seconds S3-mode => nothinghappens no connectivityPhone180 seconds screen offIdle time has small pieksbursts of stuff happening, cellconnecting, sms,...
Graph 1 => win7with screen off => 15,6 ms timer tickGraph 2 => win8 connectedstandby > rarand well structured power usageThe cpuonlywakeswhen i has something “important” to doWindows 8 connected standby requiresNon-rotational boot volumeWiFi device supports NDIS 6.3 features (D0 offload, Wake on Push, etc.)ACPI 5.0 flag indicating low-power S0 over S3
Its logical capacity is listed as 10TB although the underlying physical disks in the pool have only 4TB of total raw capacity. As a result, you no longer need to worry up-front about the size.Resiliency is built in by associating the mirrored attribute, which means that there are at least two copies of all data contained within the space on at least two different physical disks. Because the space is mirrored, it will continue to work even if one of the physical disks within the pool fails.
Create a storage space on the home computer
We developed a new method of communication that describes types of corruptions as “verbs” that act upon the key components and points of the design – the file system driver (NTFS), the self-healing module, the spot-verification service, and the chkdsk utility. All file system corruptions are classified as needing one of 18 different “verbs” that we’ve defined in Windows 8. We have also left room for possible new verb definitions that can help us diagnose issues even better in the future.Online and healthy – In this state there are no detected file system corruptions and there is no action required of you. The file system remains in this state most of the time.Online spot verification needed– The file system stays in this transient state only for a brief instant after the file system finds a corruption that it cannot self-heal; it puts the volume in this state until the spot verification service verifies the corruption. Again, there is no user action required.Online scan needed– When the spot-verification service confirms the corruption, it puts the file system in the “online scan needed” state. In the next maintenance window, an online scan is performed; there is no user action required. This state is reflected in the Action Center, so you can run the scan manually if you want to do that before the next maintenance window. The scan is run as a background operation, which means that you can continue using the computer while the scan is performed. During this online scan, all verified issues and fixes are logged for later repair. On Windows Server 8 systems, idle time is determined by monitoring the CPU and storage idle times.
Online and healthy – In this state there are no detected file system corruptions and there is no action required of you. The file system remains in this state most of the time.Online spot verification needed– The file system stays in this transient state only for a brief instant after the file system finds a corruption that it cannot self-heal; it puts the volume in this state until the spot verification service verifies the corruption. Again, there is no user action required.Online scan needed– When the spot-verification service confirms the corruption, it puts the file system in the “online scan needed” state. In the next maintenance window, an online scan is performed; there is no user action required. This state is reflected in the Action Center, so you can run the scan manually if you want to do that before the next maintenance window. The scan is run as a background operation, which means that you can continue using the computer while the scan is performed. During this online scan, all verified issues and fixes are logged for later repair. On Windows Server 8 systems, idle time is determined by monitoring the CPU and storage idle times.
Online self-healing: The NTFS self-healing feature was introduced in Windows Vista (and in Windows Server 2008) to reduce the need to run chkdsk. Self-healing is a feature built into NTFS that fixes certain classes of corruptions encountered during normal operation, and can make these fixes while still online. If all issues that are detected are self-healed online, there is no need for an offline repair. In Windows 8 we increased the number of issues that can be handled online and hence reduced any further need for chkdsk.Online verification: Some corruptions are intermittent due to memory issues and may not be a result of an actual corruption on the disk; so we added a new service to Windows 8, called the spot verification service. It is triggered by the file system driver and it verifies that there is actual corruption on the disk before moving the file system along in the health model. This new service runs in the background and does not affect the normal functioning of the system; it does nothing unless the file system driver triggers it to verify a corruption.Online identification and logging: When an issue is verified, this triggers an online scan of the file system, which runs as a maintenance task in the file system. In Windows 8, scheduled tasks that are for the maintenance of the computer run only when appropriate (during idle time, etc.). This scan can run as a background task while other programs continue to run in the foreground. As the file system is scanned, all issues that are found are logged for later correction.Precise and rapid correction – At the user or administrator’s convenience, the volume can be taken offline, and the corruptions logged in the previous step can be fixed. The downtime from this operation, called “Spotfix,” takes only seconds, and on Windows Server 8 systems with cluster shared volumes, we’ve eliminated this downtime completely. With this new model, chkdskoffline run time is now directly proportional to the number of corruptions, rather than being proportional to the number of files as in the old model.
http://www.windowsitpro.com/article/security/bitlocker-windows-8-142661Administrators can enable BitLocker pre-provisioning from the Windows Preinstallation Environment (WinPE) by using the Manage-bde BitLocker command-line utility. WinPE is a lightweight Windows environment that is used for installing the Windows OS. For example, to pre-provision BitLocker on your F drive, type the following Manage-bde command at a WinPE command prompt: manage-bde -on f:Network Unlock works like the TPM plus startup key unlock method. Instead of reading a startup key from a USB medium, Network Unlock uses an unlock key. This key is composed of a key that is stored on the machine's local TPM and a key that Network Unlock receives from a Windows 8 Windows Deployment Services (WDS) server on the trusted network. If the WDS server is unavailable, then BitLocker displays the standard startup key unlock screen
New Defrag tool Now supports SSD bydoing a doing “Trim Hints”, allows the OS totell the drive hardware thatit’snotusingcertainareas of the flash. The drive then issues a reclaimto free that areaSSD Their disadvantage is that they have a finite amount of write entries available to them over the life of the drive itself. Defragmentation involves moving lots of data to different places on the surface of a drive, so it follows that the process itself is very write-intensive. Thus, consistent and periodic defragmentation can negatively affect the life of a drive.http://www.corsair.com/blog/how-to-enable-trim-support-for-your-ssd/Since a memory block must be erased before it can be re-programmed, TRIM improves performance by pro-actively erasing pages containing invalid data, allowing the SSD to write new data without first having to perform a time-consuming erase command. Since a memory block must be erased before it can be re-programmed, TRIM improves performance by pro-actively erasing pages containing invalid data, allowing the SSD to write new data without first having to perform a time-consuming erase command.
Windows 8 Client Part 1 "The OS internals for IT-Pro's"
Windows 8 Client Part 1"The OS internals for IT-Pros"Tom DecaluwéInfrastructure Manager Contact me:Macintosh Retail Group email@example.com http://trycatch.be/blogs/decaluwet
Windows 8 slow adoption- Touch UI- Different- Disruptive leap- Bad economical times- We just migrated to Windows 7- Apple is better- Lack of “devices”- Lack of “time” for IT pro’s Keala group
How it differs from a normal pc• Internal disks disabled• TPM not used => replaced with pre-operating system boot password• No hibernation• No Recovery Environment• No Push button reset• Disabled windows Store• No MAK activationYou have limited hard disk space, like SSD but worse ;-)
Some usage scenarios-Contractors that bring their own PC-Shared PC’s-Quick DR-Home computing / BYOD-…
Computer roamingWindows uniquely identifies computers based on constant characteristics of the machinefirmware -SMBIOS UUID if present or certain SMBIOS stringsThis ID is used to ensure when Windows returns to a computer, only the necessary set ofdrivers are loadedWhen roaming to a new computer drivers are installed on the first boot, similar to the first timeyou boot a generalized Windows image System Partition - Boot Files Operating System Partition - Apps, Data, Settings • FAT32 File System • 300MB • NTFS File System • Legacy Boot Manager (Bootmgr) • UEFI Boot Manager (Bootmgfw.efi)
Boot Disk RemovalBoot disk removal is detected by the USB stackThe kernel freezes the systemThe stack will wait 60 seconds for the boot disk to return and then power down the systemIf the boot disk is returned, the system will resumePut it back in the same USB port
Quick DR Keep all personal data, Metro style apps, and important settings from the PC, and reinstall Windows. Remove all personal data, apps, and settings from the PC, and reinstall Windows Recovery Environment
Reset you PC Remove everything and start from scratch1. Win RE - Boots into the Windows Recovery Environment2. Win RE - Erases and formats3. Win RE - Installs a fresh copy4. PC restarts into the newly installed OS
Refresh your PC Fix a problem with your computer It’s a reinstall without losing your data, settings, and Metro style apps1. Boots into Windows RE2. Win RE scans the hard drive for your data, settings, and apps, and puts them aside (on the same drive).3. Win RE installs a fresh copy of Windows.4. Win RE restores the data, settings, and apps,5. The PC clean boots
Kept or removed?Kept Removed• Wireless network connections • File type associations• Mobile broadband connections • Display settings• BitLocker and BitLocker To Go • Windows Firewall settings settings • Classic apps• Drive letter assignments• Personalization settings such as lock screen background and desktop wallpaper• Metro apps (not the classic apps)
Include the appsRefresh from a previous statemkdir C:RefreshImagerecimg -CreateImage C:RefreshImage
Bios vs UEFI boot speed Explorer Ready Windows 7 Service & App POST OS Initialization Initialization Explorer ReadyWindows 8 POS Service & T App Init Device Initialization Hiberfile Read (Session0) End-users judge their pc performance according to boot speed
Power -> logon Seamless single graphics transition Post with highest supported native from firmware to native OS driver resolution Clean, high-resolution branding elements persist through OS boot User View OEM OEM Logo Logo Boot Phase Device POST Hiber Resume Explorer Init. Init. Seconds 2s 4s 6s 7s
How to shutdown Shutdown => system kernel hibernate Restart => full restart null boot shutdown /s /full /t 0 => force full shutdown without hibernate file
UEFI secure boot “Protects against bootkits by verifying the boot loader before loading” Step1: MS creates a signature of the boot loader and pre-stages it onto PC’s MS RSA2048 key pair Priv Pub Boot loader Hash sig SHA256 Encrypt
UEFI secure bootStep2:UEFI firmware database are pre-staged on Windows 8 logo devices • db: sig database, keys you trust • dbx: forbidden signature database, blacklist a loader or key • KEK: key exchange keys, to update db or dbx • PK: platform key => to update KEKFor windows 8 certified devices they must adhere to the hardware certification requirements => KEK andDB must contain a Microsoft key, secure boot must be enabled out of the box.
Measured boot Creates a log with hash of everything that was loaded BIOS Hash of next item(s) Boot loader Kernel Kernel initializes ELAM can look at the hashes of the drivers and decide Early Early to load yes/no before loading early drivers into memory Early Drivers Drivers Drivers
Remote AttestationAllow a boot log to be evaluated and enforce a policy Measured boot log Client Attestation Server TOKEN
All 3 components UEFI POST Win8Boot loader Measured boot log Attestation Windows server ELAM Kernel Anti- 3rd party Windows TOKEN Malware software logon software
Connected Standby Screen On Screen Off Shutdow n (Active) (Connected Standby) User not User present present, and using User not present, no context device still connected savedNew Windows power stateThe PC’s screen is off, but the device remains in a very low idle stateThe network adapter maintains a connection to the networkMetro style apps continue to receive live tile updates and toast notificationsBackground Tasks and Push Notifications enable customers to receive real-timecommunication via apps such as email, IM and VoIP
Consistent plow powerLess than 5% battery drain over 16 hour period in Connected Standby
App model for connected standby App model is right by design for power Apps are suspended when the computer enters Connected Standby Apps may register background activity in Background Tasks Notifications API allows suspended apps to handle incoming events from the cloud Pattern matching and wake used for push notifications and real-time apps
Checkdisk Win7Only two states Fix corruption with a minimum of downtime- Volume is healthy- Volume is not healthy => volume goes offline ReFS => no longer requires fixing offlineFix time was directly related to #files on the volumeA disk has 2 health states A disk has 4 health states