html5-img
1 / 34

Windows 8 After & Beyond

Windows 8 After & Beyond. Raymond P. L. Comvalius. About the speaker. Raymond P. L. Comvalius Consultant, trainer and author MVP Windows Expert IT Pro sinds 2011 raymond.comvalius@nextxpert.nl. Text/Icon/Pic. @ nextxpert. About this session. After & Beyond Windows to Go

wayde
Download Presentation

Windows 8 After & Beyond

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Windows 8 After & Beyond Raymond P. L. Comvalius

  2. About the speaker Raymond P. L. Comvalius Consultant, trainer and author MVP Windows Expert IT Pro sinds 2011 raymond.comvalius@nextxpert.nl Text/Icon/Pic @nextxpert

  3. About this session After & Beyond Windows to Go User Environment Virtualization User Account Control Enhanced Protected Mode 1.0 33 slides 5demos 0 minutes of Q&A 100% cloud free

  4. Bring Your Own Device

  5. Windows to Go Start Windows 8 vanaf USB-stick Liefst USB 3.0 voor performance Blokkeer interne schijven Drivers Direct Access BitLocker Waarom niet op JOU computer?

  6. Building Windows to Go Tools Diskpart DISM BcdBoot Windows 8 Image Notepad Text/Icon/Pic

  7. Demo Maakeen Windows to Go stick

  8. User Environment Virtualization

  9. User State Virtualization? 2009 White Paper: Folder Redirection Offline Folders Roaming Profiles

  10. User Environment Virtualization 2012: New addition to MDOP UE-V (Hoe spreekikdituit?) MS alternatiefvoor roaming profiles Integratie met App-V en Remote Desktop

  11. UE-V requirements • OS: • Windows 7 • Windows Server 2008 R2 • Windows 8 • Windows 8 Server • A shared folder per user • A shared folder for SettingsTemplates • Offlline Files for offline use • UE-V Agent Software on the client

  12. UE-V Management • UE-V Generator • XML Settings template • Tools • WMI • Registry • PowerShell Text/Icon/Pic

  13. Built-in Templates • Office 2010 • IE9 & 10 • Windows Settings • Themes • Ease of Access • Windows Accessoires • Notepad • Paint • Wordpad • Etc.

  14. Triggers • Windows • Log on & Log off • Lock & Unlock • Remote Session start • Applications • Application Start & Stop

  15. UE-V Pro’s & Con’s • Pro • Eindelijk white list voor roaming settings • Weinigvereisten • Simpelteimplementeren • Con • Weinig settings templates • Niet in het OS • Beperkt tot bestanden in %userprofile% • Kopieertalleenstatischeinformatie

  16. Demo User Environment Virtualization

  17. User Account Control

  18. The Administrator The account named ‘administrator’ An Administrator Your name with administrator privileges Protected Administrator AKA: ‘Administrator in Admin Approval Mode’ Standard User Your name without administrator privileges Windows User Types

  19. Standardizing the User Token • Administrators • Backup Operators • Power Users • Network Configuration Operators User-SID Local/Builtin Group SIDs Group Policy CreatorOwners Schema Admins Enterprise Admins Denied RODC Password Replication Group Domain Group SIDs • Create a token object • Act as part of the operating system • Take ownership of files and other objects • Load and unload device drivers • Back up files and directories • Restore files and directories • Impersonate a client after authentication • Modify an object label • Debug programs Mandatory Label Rights/Privileges

  20. Demo Analyse van het User Access Token

  21. User Account Control – “Best Practice” • Uitschakelen • Metro Apps doen het nietmeer • IE verliest “Protected Mode” • Password to Elevate • Kansvoor malware

  22. Integrity Levels • Mandatory Access Control • Levels are part of the ACLs and Tokens • Lower level object has limited access to higher level objects • Used to protect the OS and for Internet Explorer Protected Mode Medium (Default) System High Low IE Protected Mode Standard Users Administrators Services

  23. Standardizing the User Token User-SID Local/Builtin Group SIDs Domain Group SIDs • Integrity level: High (Elevated Token) Mandatory Label • Integrity level: Medium Rights/Privileges

  24. IE protected mode • Only with User Account Control enabled • iexplore.exe runs with Low Integrity Level • User Interface Privilege Isolation (UIPI) Internet Explorer 9 Internet Explorer 8

  25. IE Broker mechanism iexplore.exe Protected-mode Broker Object UI frame Command Bar Favorites Bar Medium Integrity Level Protected Mode = Off Low Integrity Level Protected Mode = On iexplore.exe (tab process n) iexplore.exe (tab process 1) Tab n Tab n Tab 1 Tab 1 Toolbar Extensions Toolbar Extensions Trusted Sites Internet/Intranet ActiveX Controls ActiveX Controls Browser Helper Objects Browser Helper Objects

  26. Demo Integrity Levels

  27. Enhanced Protected Mode • Preventietegen cross-zone attacks • “Cross-Site-Request-Forgery (CSRF)” • “Intranet Port Scanning” • Standaard in Metro Internet Explorer • Bescherming van Intranet resources • 127.0.0.1 vslocalhost

  28. AppContainer • Voorprogrammeurs in de Metro UI • Voorafmoetbekendzijnwat Apps mogen: • documentLibrary • musicLibrary • videoLibrary • picturesLibrary • microphone • Webcam • removableStorage • Location • Proximity • internetClient • internetClientServer • textMessaging • privateNetworkClient • privateNetworkClientServer • certificates

  29. Demo Enhanced Protected Mode

  30. Samenvatting

  31. Defining the business case Form factors Metro Interface Security Apps Text/Icon/Pic

  32. Weetwaar je aanbegint Services Infra Internet Access Mail UnifiedComms Remote Desktop App-V SCCM Intranet AV Mgt File Svc Werkplek PKI HD- encr Layeredapps Business apps Firewall Office Middle ware Base apps AV MgtAgents AD Client Operating System (Windows 8) IE Profile Mgt Config Deploy Drivers Hardware Print Svc LAN Wifi 3G Remote Access

  33. Q&A

More Related