Windows 8

Managing Windows 8.1 and the MS Surface in the Enterprise – Part 1: Who’s Minding the Store?

Posted on Updated on

Love it or hate it, but Windows 8.1 was intended to be both a desktop and “device” operating system. There have been many articles written about how well it succeeds or fails at one or both of those objectives. Regardless of how you feel about Windows 8.1, if you are tasked with managing it in you enterprise, you don’t need another rant / rave post. You need some guidance on how to manage some of the intricacies that Windows 8.1 and some device form factors like the Surface bring into play. That’s what this series of posts aims to do.

I’ve been selected to deliver a session next month as part of the Microsoft MVP Virtual Conference – You can register here. My session is focussed on the managing the MS Surface in the Enterprise and as part of my preparation I’ve been assembling lots of nuggets that will be scattered throughout the presentation. This blog post series is an attempt to aggregate some of the more significant pieces from the session that may have broader appeal.

As part of Microsoft’s attempt to create an OS that is appealing to tablet device users, Microsoft introduced the Windows Store. The Windows Store is Microsoft’s version of Google Play, Apples iTunes App Store, the Amazon Appstore for Android and many other sources for device based apps. The current incarnation of the Windows Store showcases Modern UI (formerly known as Metro) applications.

Like the other AppStores, the Windows store is designed for consumers to purchase applications to run on their devices. Unlike the other AppStores, the Windows Store model needs to coexist with legacy software delivery methods in use by enterprise IT departments such as SCCM.  While inconvenient, this is not a knock against the Windows Store.  Other platforms don’t have this issue because they don’t have any legacy applications or enterprise software delivery models.

What can we do Today?

For now there are really two methods for managing Modern Apps in an enterprise setting:

1. Sideload the application

  • Requires Certificate to sign the app since it will bypass the store validation
  • Requires .Appx Bundle from the application developer / vendor
  • Applications can be inserted into image with DISM
  • Applications can be distributed with System Center Configuration Manager

2. Deep Link the application

  • Requires Windows Store account for each user (does not need to be linked to domain account)
  • Associates application with user
  • Applications cannot be included in image
  • Still requires some user input (not truly silent)

Access to the Windows store can be controlled through group policy.

If you choose to permit users to access the store there is still the ability to restrict or allow specific applications with AppLocker.

Coming with Windows 10

Microsoft has announced that this will get easier with Windows 10. Organizations will be able to setup a private “boutique” within the Windows Store and curate which applications their users will be able to browse and install. Organizations will also be able to use a single store account to make volume purchases and download the installation files and distribute them in ways that make sense for their use cases (machines without internet access, reassigning applications, etc.).

Advertisements

10 Cool things to do with your Surface

Posted on Updated on

I’ve had a few Microsoft Surface Devices over the last two years:

  • Surface RT
  • Surface Pro
  • Surface 2
  • Surface Pro 3 i7

We also have multiple iOS and Android devices in our household.

I’ve typically tried to use the device as much as possible but found it was at best a companion device and at worst less efficient than alternatives (Windows laptop or iOS tablet) for the specific use case.

I had high hopes for the Surface Pro 3. The screen size and keyboard dimensions were very close to my vintage Dell Latitude e6220 i7. I was truly hoping to be able to replace the Dell as my primary device. My first impressions were less than stellar. I had two major issues with my pre-ordered device:

  1. Wi-Fi would remember the last connected network and show it as connected even if I was in a different location and couldn’t possibly connect to it – and of course the connection did not work. I had to restart the wireless every time I changed location to connect to the new location.
  2. The fan would come on with minimal workloads and the sound was very noticeable and the tone was bothersome. I couldn’t bring this into a meeting to take notes as it would be disruptive.

Many early adopters had similar issues. I was disappointed to say the least. This is supposed to be a flagship device and my initial experience was very negative.

In September, Microsoft exchanged my device (Lot 1429) with a newer device (Lot 1431). The replacement did not suffer from these issues.

In the last month a lot has changed. My Surface has become my single most used device after my phone. My i7 laptop hasn’t been turned on for normal use since September. I did have Windows 10 Preview installed on it but I haven’t used it for anything other than tinkering. This weekend my son noticed that the iPad wasn’t charged as it hadn’t been used in weeks.

I really can use it just about anywhere. I can work in very tight spaces like an economy class airline seat and get work done. In fact I have written the all of my blog posts since Labour Day on it. Many of them have started on the go and been finished back in the dock with the full sized keyboard and some have been written entirely with the Surface keyboard. The keyboard is much better than previous versions and the infinitely adjustable kickstand makes it easier to find a comfortable viewing and working position. I have even found myself hooking it over my knees on occasion while watching TV.

So what am I doing with the Surface Pro 3 i7? In truth I’m doing many of the same things I did with previous incarnations of the surface, another tablet or my laptop. As such I’ve described the enabling technology so that you can get some of the same coolness even you don’t have a Surface. I’ve even provided a link where applicable so you can learn how to do it for yourself. Without any further ado, here is my top 10 list:

Cool Thing Enabling Technology
1 – Automatically Synchronize OneNote workbooks across devices. OneDrive
2 – Use Miracast or Intel WiDi to wirelessly watch media in my hotel room, make a presentation, or add a second screen when working. Surface 2 and Higher + Intel
3 – Picture Password – To unlock my device when a keyboard is not attached. Surface + Windows 8.x
4 – Run Virtual Machines in Hyper-V including touch enabled Virtual Machines like the Windows 10 Community Technology Preview. Surface Pro + Windows 8.x
5 – Use the stylus to start OneNote, take handwritten notes, and draw diagrams or to even sign documents. Surface
6 – Automatically create a meeting notes template from an outlook meeting request. OneNote + Outlook
7 – Tethering to my phone for internet sharing and enforcing metered connections to minimize the impact on my data plan. Windows 8.x
8 – Markup documents (including annotating and signing PDF files) using the stylus. Surface
9 – Use Alt+Tab & Win+Tab to switch between Applications (Modern UI and Desktop Apps). Windows 8.x
10 – Use the backlit keyboard in the dark. Surface Keyboard

What are some of the cool things you are doing with your devices? What would you like to be able to do that you can’t now?

Notes from the field: How to demo with Windows 8.1 and Hyper-V

Posted on Updated on

I often get asked to do presentations at conferences or user group meetings and although I drive a mean PowerPoint, I feel that showing the actual product and putting it through a few laps adds value and credibility to the production. I’m doing a user group presentation in Montreal next week and I was setting up for it with a colleague of mine. HE asked some interesting questions about why I was setting up my laptop a certain way and I realized that I take for granted that I have been cursed by the demo and presentation gods so many times that I have a few tricks up my sleeve to thwart them. Here are a few of the things I do to minimize the impact of unknown venues with unknown networks:

  1. Always have a backup of your presentation and and demo VMs.  An external drive and/or a cloud drive SkyDrive or Google Drive can be a real saviour when something unexpected happens.
  2. Always rehearse your demos in the environment you will be presenting in to see how it runs and looks in the venue. Make any changes or restructure the presentation to accommodate for any issues. You don’t want to be surprised on camera.
  3. Have a backup internet connection avaialbe. A portable hotspot or a mobile phone that has internet connection sharing (like my Nokia Lumia 920)
  4. Always have a local demo available, even if it’s just a screen recording like Camtasia (full disclosure: TechSmith gives Microsoft MVPs free Camtasia and SnagIt licenses – I also like Faststone Capture since it is inexpensive and also runs as a portable application from a USB key ). Relying on a remote demo is asking for trouble. If you can’t connect to your demo environment for some reason (VPN blocked, network stability, etc.). Also if something goes wrong in the remote location, it is very difficult to troubleshoot.
  5. If you have multiple systems as part of your demo (virtual or physical) consider using the Sysinternals tool  BGINFO or a custom wallpaper with the machine name and/or description to make the different systems readily apparent to the audience (and sometimes to you).
  6. Make sure your passwords are current and you know what they are.  Consider setting demo password properties to “never expire”.
  7. Set the task bars on your remote demo systems to be in a location other than your primary system so that you don’t get confused as to which task bar you are launching from.
  8. Explain to the audience the limitations of the demo environment (hardware, data sets, connections to complementary systems, etc.) so that they understand why your demo is designed in a particular way and that it may not be reflective of how a production implementation would work.

I’ve been using Windows 8 and 8.1 since both were in customer preview and I’ve really come to depend on Hyper-V for my demo environment. Before windows 8, I would either boot Server 2008 R2 (or server core) to have a hypervisor available (see my previous blog post about that environment. Before that I would use VMware Workstation or Virtual Box. But they weren’t ideal for every use case as they are type 2 hypervisors not type 1.

I’ve got a few tricks that I use in my demo environment to help build it out and make it present better:

  1. Don’t rely on the Hyper-V Virtual Machine Connection. Enable remote desktop services in your VMs and connect them to an internal network. This allows you to do two things that you cannot do with the Virtual Machine Connection:
    1. Adjust the screen resolution to meet the needs of the display devices at the venue
    2. Map local resources like USB drives and printers.
  2. A cool feature in Windows 8.x and Server 12.x is the ability mount an ISO directly in the OS. Unfortunately, you can’t mount an ISO that is connected through RDP device mapping. You will get the following error:

However, you can mount it in the host OS, it will appear as a DVD drive, and then you access it from the guest VM:

If the demo VM(s) need(s) an internet connection, I like to use ICS to share my wireless connection with my demo VMs. I like this better than the Hyper-V virtual switch bridge because the IP addresses won’t keep changing with the venue. This makes it easier to RDP to them. For step-by-step instruction on how to share a wireless connections try these posts:

  1. Using ICS

  1. Using the virtual switch