michel barnett architect microsoft wcl201 session objectives and takeaways session objectives:...
TRANSCRIPT
Deploying and Rolling Out Windows Internet Explorer 8
Michel BarnettArchitectMicrosoftWCL201
Session Objectives and Takeaways
Session Objectives: Explain deployment optionsDemonstrate key deployment tasks
Leave you with an understanding of the tools used for:
CustomizationDeploymentConfigurationUpdating
Explain how Windows 7 fits with IE8 Deployment
Inconsistent configurationsUnpredictable downtimeDecentralized management
Application incompatibilityMultiple software imagesLarge-scale migration complexity
Notebook theftSecurity patchingMalware and virusesLicense complianceData protection
30–45% of the average enterprise IT budget is allocated to desktop support.1
More importantly, desktop complexity hinders end-user productivity and the overall agility of an organization.
Enterprise Desktop Challenges
Deployment Management Security
1 Infrastructure Optimization, William Barna/Microsoft, April 2006
70% of desktop TCO is labor related
100%
Desktop Total Cost of Ownership
Desktop TCO ($4600-$5000/year)
IT costs End-userHardware / SoftwareCost of IT labor and administration
Cost of self-support and downtime
Cost of hardware and software
Source: A leading analyst firm, December 2005Note: Excludes server and network costs for centrally managed services
Total
(US$
/de
skto
p/ye
ar)
30%
50%
20%
Microsoft Desktop Optimization Vision
Improve security and protect corporate data
• Reduce the impact of security breaches with unified protection
• Protect desktops from Internet-based threats
• Enhance data protection on desktops
• Apply security patches faster
• Enable secure remote access for employees
Increase control of desktop environment
• Centralize security management
• Improve visibility over malware threats
• Lock down desktop and application permissions and enforce group policy
• Protect applications and licenses from unauthorized use
Simplify IT compliance
• Verify security settings easily and in real time
• Improve license management, compliance, and cost
• Monitor and audit client configurations to maintain them and to ensure approved states
• Improve auditing with comprehensive auditing tools
Plan Build Deploy Operate
• Requirements• Specifications• Vision / Scope• Inventory• Assessments• Architecture• IO remediation
• Image engineering• Deployment
engineering (LTI/ZTI)• App Compat
testing• App Compat
remediation• App packaging• IO infra.
upgrades
• Lab deployments• Pilot
deployments• Production
deployments• Automated
provisioning (via LTI/ZTI)• Process
improvements
• Deployment reporting• Image mgmt• App mgmt• System
monitoring
Steps to an Optimized Desktop
Key Deployment Technologies
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Customization
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Internet Explorer Administration Kit
Customization WizardCreates customized versions of IE
Profile ManagerManages customization settingsSupports automatic configuration
Audience Types
Internet Service Provider (ISP)
ISP usersInternet Content Provider (ICP)
Web SitesISVs
Corporate AdministratorCorporate employees
http://go.microsoft.com/fwlink?LinkId=133798
Key Features
Distribution OptionsCD, LAN
Custom ComponentsIn-house applications
Setup experienceHands-free/ interactive
Search experienceCustom search providers
Browser experienceHome pages, favorites, toolbars
Administrator-approved Microsoft ActiveX controlsAutomatic configuration
Corporate Usage
Install on build machineIE8 must be pre-installed
Run wizard to create customized versionof browser
Platform specificDeploy customized versionManage with Profile Manager
Optional
Demonstration Topology
IEAK Build Machine
Router
IEAK
Configuration Manager
Server
Domain Controller
XP Workstation
The Scenario
Customize Internet ExplorerHome pageTitle barSearch providers
Deploy using Configuration ManagerWith slipstream option
Manage with Group PolicyUpdate using Windows Server Update Services
IEAK Customization Wizarddemo
Deployment: Configuration Manager
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Deployment Options
Group Policy
Windows Server Update Services
Windows Update
System Center Configuration Manager
Network Shared Folder
Hyperlink from Email or Web Page
CD
Managed Deployment
System Center Configuration Manager is one exampleUse the .MSI package created by the IEAK Customization WizardFour step process for System Center Configuration Manager distribution
Create the Configuration Manager packageCreate the installation programAssign to a distribution pointCreate an advertisement
IE8 Deployment with System Center Configuration Manager
demo
Deployment: Slipstreaming
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Deployment vs. Slipstreaming
DeploymentFamiliar processApplies to all supported operating systems
Windows XPWindows Server 2003etc.
Necessary if operating system is already deployed
SlipstreamingFasterNo additional rebootsMay include updates and language packagesApplies only to Vista and Windows Server 2008
How to Slipstream
Stage IE installation mediaExtract standard installation program
Stage operating system installation mediaFrom installation DVD
Mount operating system Image file (.wim)Use PKGMGR to add Internet Explorer 8Unmount operating system imageCreate ISO for OS Image
Using PKGMGR
Pkgmgr.exe/n:.\updatepackage\Windows6.0-
KB944036-x86.xml/o:.\mount;.\mount\windows/s:.\sandbox/l:.\slipstream.log
/n – unattended installation answer file/o – location of boot manager ; location of Windows directory/s – temporary storage/l – log file
Slipstreaming IE8demo
Management
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Group Policy
About 1300 group policiesUser and machine configuration
Machine takes precedence
Found in Administrative Templates in GP editor
Deploy Phase
Depth of Group Policies will be determined by the needs of the customer
Configure based on needs rather than trying to cover all policies
New and recommended Group Policies can be found here:
http://technet.microsoft.com/en-us/library/cc985351.aspx
Deploy PhaseCommonly Set Group PoliciesCustomer Need Group Policy
Lock down security settings \Internet Control Panel\Disable the Security Page
Secure users from phishing sites \Prevent Bypassing SmartScreen Filter Warnings
Prevent users from installing unapproved add-ons
\Security Features\Add-on Management\Add-on List
\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List
Secure users from sites with fraudulent certificates
\Internet Control Panel\Prevent ignoring certificate errors
Ensure specific web sites are in specific security zones
\Internet Control Panel\Security Page\Site to Zone Assignment List
Group Policydemo
Management
•Internet Explorer Administration Kit (IEAK)
Customization
•Application: System Center Configuration Manager 2007
•Operating System: Slipstreaming
Deployment
•Group Policy
Management
•Windows Update
•System Center Configuration Manager 2007
•Windows Server Update Services (WSUS)
Updating
Windows Update
Useful for updating and installing Internet ExplorerIE8 is now available through Automatic Updates
http://blogs.msdn.com/ie/archive/2009/04/10/prepare-for-automatic-update-distribution-of-ie8.aspx
Updates will be installed based on settings on the individual clientsEffective, but doesn’t allow for centralized management
Consider implementing update management system…
Update Management with WSUS
Individual WSUS servers connect to Windows Update to download update packagesAdministrators can test updates to ensure compatibility before deploymentOnce approved, the updates are available to target machinesSystem Center Configuration Manager makes this even better…
WSUS and Configuration ManagerMicrosoft Update
Software Update Point / WSUS Server
Primary Site Server
ConfigMgr Client / WU Agent
Synch Updates
Database Synch
Deploy Updates
Update Management with System Center Configuration Manager
demo
Blocker ToolkitBlocks IE from being installed via Automatic Updates
Gives you control of when IE is installedCreates a registry key
HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\8.0\DoNotAllowIE80
Two possible settings0: Allows AU to install IE81: Blocks AU from installing IE8
Two components in the toolkitADM template for Group PolicyIE80Blocker.cmd
/B to block/U to unblock
Feature/Platform Windows 7 Other Operating Systems
Customization
Deployment
Management
Updating
Not necessary (IE8 built-in)
Supported
Windows 7 Support
Useful for Automatic Configuration
Slipstream Deploymentdemo
Internet Explorer ResourcesFeature Overview
www.microsoft.com/ie8Engineering Blog
blogs.msdn.com/ieInternet Explorer TechNet Site
technet.microsoft.com/ie IE8 Blocker Toolkit
www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en
Group Policy Settings for IE8www.microsoft.com/downloads/details.aspx?familyid=AB4655F2-0A3C-42EB-974D-24B2790BF592&displaylang=en
Internet Explorer Administration Kit (IEAK)technet.microsoft.com/en-us/ie/bb219517.aspx
question & answer
www.microsoft.com/teched
Sessions On-Demand & Community
http://microsoft.com/technet
Resources for IT Professionals
http://microsoft.com/msdn
Resources for Developers
www.microsoft.com/learningMicrosoft Certification and Training Resources
www.microsoft.com/learning
Microsoft Certification & Training Resources
Resources
Related ContentBreakout Sessions
WCL204 – What’s New for Your Enterprise in Windows Internet Explorer 85/11 2:45 PM – 4:00 PM
WUX04-INT – Top 10 Web Mistakes, and How to Avoid Them5/11 – 4:30 PM – 5:45 PM
WCL201 – Deploying and Rolling Out Windows Internet Explorer 85/12 8:30 AM – 9:45 AM
WUX301 – Advanced Cross-Browser AJAX Applications with Windows Internet Explorer 85/12 10:15 AM – 1130 AM
SIA315 – Windows Internet Explorer 8 Security, Inside and Out5/12 1:00 PM – 2:15 PM
WUX310 – Integrating Your Site with Windows Internet Explorer 8 Using Accelerators, Web Slices and Search Providers5/15 2:45 PM – 4:00 PM
Related ContentHands On Labs
WCL18-HOL – Managing Windows Internet Explorer 8 Security Settings in the Enterprise
WUX09-HOL – Windows Internet Explorer 8: Building Search Suggestions
WUX10-HOL – Preparing for Windows Internet Explorer 8: Application Compatibility
WUX12-HOL – Using Accelerators and WebSlices in the Enterprise
Track Resources→Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? →Want to talk face-to-face with folks from the Windows Product Team?
Meet us today at the
Springboard Series Lounge, or visit us at www.microsoft.com/springboard
Springboard SeriesThe Springboard Series empowers you to select the right resources, at the right technical
level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.
Complete an evaluation on CommNet and enter to win!
© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,
IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.