This session was by Mark Minasi, who is one of the must hear TechEd speakers. Highly entertaining and highly informative. If you ever come to TechEd, you must attend one of his sessions. This session was focused on Windows 8, and going beyond the arguably ugly skin and going under the covers to the hidden gold. If you can get past the UX issues with Win8, there are a lot of great features under the covers, including big security improvements.
Windows 8 is worth trying out
- Best reason: Domain join your tablet
- Learn the shortcut keys to navigate Windows
- Windows Key + D get back to the desktop from the start screen
- Windows + E Opens Explorer
- Windows + . (cycles through snap options)
- Windows + z (shows options)
- Alt-F4 closes Modern app windows
- Windows + x (lots of goodies)
- Windows + c (for charms)
- Windows + I (settings)
- Windows Page Up/Down swaps Modern screen on dual monitors
- Windows + o locks orientation
Understanding the new Apps
- Modern Apps, Windows Store Apps, Immersive Apps
- Very sandboxed and extremely hard to write malware within the app
- You can screw up your own profile settings but not system settings
- Non-admin users can install apps
- App deployment story is quite different
- Four ways to get a store app:
- 1) User installs it herself with the Windows Store application
- 2) User installs it himself from a private “company app store” the admin created
- 3) User finds a provisioned app that is on the computer (up to 24 apps)
- 4) User runs a PowerShell command “add-appxpackage” to install the app (side loading)
- Codeplex has a free Company app store tool
- If an administrator installs a Modern app, it does NOT install it for all users. Only the user can install apps for themselves.
- Provision apps in your image
- Each 64K of an appx package has a hash, and if any byte changes, the app kills itself
- To provision a Modern app you must have the appx package. You can’t get the appx package from the app store yourself. You must contact the developer/company to get the package.
Sideloading Apps
- Group policy setting to enable side loading
- Win8 home cannot side load
- Only WindowsRT and Windows 8 Pro/Enterprise can sideload
- Applications must be digitally signed (can use your own CA)
- Enterprise comes with a license to sideload, must be purchased for professional
- Powershell: import-certificate to load a certificate into the Windows store
- Domain joined enterprise server has a built-in free license
- Windows Professional requires license (MS sells them for $30 each in packs of 100)
New Cool Stuff
- Native 4K support (faster, cheaper, bigger drives)
- Windows 8 recognizes SSDs and turns off defragmenter and uses the TRIM command
- Most of the new SAN like storage spaces from server 2012 are in Windows 8
- You could mount ISOs and VHDs from Explorer
- Chkdsk is way smarter and faster
- chkdsk /f /sdcleanup driveletter: finds and removes dead SIDs on ACLs
- chkdsk /scan runs at low priority several times a day and makes mental notes on stuff to fix later
- chkdsk /spotfix will just fix the list of problems
- Powershell: repair-volume (but does NOT warn you when it takes a volume offline)
- Recovery tip: make a recovery stick
- F8 doesn’t take you safe mode anymore
- Create a recovery disk on a USB stick from the control panel (search on “recovery”)
Security Upgrades
- UEFI support means “secure boot” which means rootkits and bootkits are nearly impossible
- Hyper-V 2012/R2 can now create UEFI VMs
- Early launch anti-malware protection (ELAM)
- Defender protects against malware now
- Look at “offline defender” for cold scanning a suspected infected machine
PowerShell Goodies
- 2000+ PowerShell commandlets
- disk cmdlets: get-volume, clear-disk, get-tpm, set-partition changes drive letters easily
- networking: add-vpnconnection, set-dnsclientserveraddress, get-smbopenfile
- -scheduledtask commandlets
- printing: get-printerdriver, add-printerdriver (admin rights needed), add-printer, get-printer,
Other Goodies
- Use the Windows 8 ADK tomake a bootable USB stick:
- makewinpemedia /ufd c:\winpe4-64 h:
- WinPE 4.0 supports PowerShell
- “Refresh” returns your PC back to a known state
- Roaming profiles can be limited to “primary” PCs using set-aduser to limit roaming settings
- powercfg /batteryreport
