(Recommended) option.
This option stores your computer’s state by storing certain settings from the computer’s memory into a file called hiberfil.sys in the root of the C: drive.
When you start up the computer, it loads up the file in what is called Hybrid Startup mode.
Applications that are configured to start up during Windows boot can also affect the startup speed of the computer. You can view and manage the
startup applications from the Task Manager. Use the steps that follow to view the startup applications.
Step 1. Right-click the taskbar and select Task Manager from the pop-up menu (or press Ctrl+Shift+Esc).
Step 2. Click the More Details option at the bottom of the Task Manager window.
Step 3. From the Details view, select the Startup tab.
The Startup tab of Task Manager displays your startup applications, similar to Figure 18-2. The screen lists all the applications that will start up during Windows boot, along with the Publisher, the Status, and the Startup impact.
Figure 18-2. Startup Tab of the Task Manager Details View Allowing You to View and Manage Startup Applications
Notice from Figure 18-2 that impact shown for OneDrive is High. This indicates that OneDrive can significantly impact the startup speed of the system. From the dialog box you can select Microsoft OneDrive from the list and then click the Disable button. OneDrive will then not start up during the Windows boot. You can still use and access OneDrive after the system boots, or when you need to use it, but it will automatically start and sync up your OneDrive files. You can start it later from the Start menu to reenable the file sync.
Windows Store for Business
Introduced for Windows 10 and Windows 10 Mobile is the Windows Store for Business. It is designed for businesses that want to purchase and deploy store apps for their users from a central location. In this way it provides value to organizations by enabling volume purchases of apps and a central point for managing distribution. You can also use the Windows Store for Business for deploying Line-of-Business (LOB) apps that you have developed for
employees.
Windows Store for Business requires Windows 10 on a computer or mobile device, and users need Microsoft Azure AD accounts, which you create in the Azure AD. You can optionally use Microsoft Intune to manage distribution of the apps to users and devices. You learned about Microsoft Intune in Chapter 13, “Microsoft Intune.”
Signup and User Configuration
To get started using Windows Store for Business, sign up at
https://businessstore.microsoft.com. If you already have an Azure account, after you agree to the terms of service, your account will be set up. The first person to sign in must be a Global Admin of the Azure AD tenant. You can then access the main page of the store, which will be similar to Figure 18-3.
Figure 18-3. Home Page of the Windows Store for Business
When you sign up, you can then assign roles to other employees in the Azure AD to administer the Windows Store for Business. The store is integrated with Azure AD, Office 365, and, if you are using Microsoft Intune, it can integrate with that management tool as well. You learned about these cloud services in Chapter 13.
You can assign roles to other users in your organization to help administer the store and the apps you make available through purchase or upload. From the store portal shown in Figure 18-3, click the Settings menu and then select Permission. When you first sign up, the only user will be yourself, and as mentioned, you will have the Global Admin role. To add other users, click the Add People link. This displays the page shown in Figure 18-4.
Figure 18-4. Assigning User Roles in Windows Store for Business
Using the Assign Roles to People page, click in the Search box to find a user.
Recall that users must exist in your tenant Azure AD, and you can search by name or email address. Select the user you want from the search list, and the user will be added to the box. You can select multiple users if you want to assign the same role to several people. Check the box for the role to assign, and then click the Save button.
The Store for Business administrators will have permissions to configure a number of settings in the store.
• Account information: Manage the organization account and payment information, and configure whether to make offline-licensed apps available through the Store for Business account.
• Device Guard signing: Use the Device Guard signing portal to add unsigned apps to a code integrity policy. You can also sign code integrity policies.
• LOB publishers: You can assign developers in your organizations to become LOB publishers. Your list of LOB publishers can be activated or invited. LOB publishers can add custom-developed apps to your store.
• Management tools: View the management tools integrated with Azure AD.
You can choose one for management app updates and distribution, as shown in Figure 18-5. If you used Microsoft Intune as an MDM as described in Chapter 13, it is available to activate as the management tool in your integrated Windows Store for Business account.
Figure 18-5. Selecting a Device Management Tool to Use with Windows Store for Business
• Permissions: Manage permissions for organizational employees.
• Private store: Update the name for the private store. The name will be displayed on a tab in the Store.
Device Guard is a set of features designed to improve security of connected devices using virtualization-based security options. Implementing Device Guard locks down devices so that only the software or programs from trusted software publishers is allowed to run on the device. To use LOB applications on these devices requires signing the applications so that they are trusted on the device and will be allowed to run. You learned about Device Guard in Chapter 7, “Windows 10 Security.”
Note
To learn more about Device Guard signing for Windows Store for Business, see “Device Guard Signing” at https://technet.microsoft.com/en-
us/itpro/windows/manage/device-guard-signing-portal.
Note that the preceding roles are Windows Store for Business roles.
Permissions for each role are shown in Figure 18-4. Users in your Azure AD will automatically be assigned permissions in the store, as detailed in Table 18-2.
Table 18-2. Global User Account Permissions in Windows Store for Business
Global User Billing
Permission Administrator Administrator Administrator
Assign Roles Yes Yes No
Modify Company Profile Yes No No
Manage Store for
Business Settings Yes No No
Acquire Apps Yes No Yes
Distribute Apps Yes No Yes
Sign Policies and
Catalogs Yes No No
Global user roles are assigned in Azure AD. Use the following procedure to assign Global roles in Azure AD:
Step 1. Log in to the Azure portal at https://portal.azure.com.
Step 2. Select Azure Active Directory from the menu.
Step 3. From the Azure AD submenu, select Users and Groups.
Step 4. Select All Users, and then select the user you want to configure. You can use the Search box at the top of the All Users list to find a user.
Step 5. From the user menu shown select Directory Role.
Step 6. From the Directory role page, use the option buttons to select whether the user is a normal User, a Global Administrator, or a Limited
Administrator.
Step 7. If you select Limited Administrator, a list of options appears. You can select multiple administration roles. The two that apply to the Store for Business are the Billing Administrator role and the User Administrator role.
Step 8. After making your selections, click the Save button.
When a user has an applicable Global rule in your Azure AD, she can sign into the Windows Store for Business and perform the functions based on her role, as described in Table 18-2.
Working with Store for Business Apps
Similar to the Window Store, the Windows Store for Business has thousands of apps that you can acquire and make available to your users. The apps are UWP apps, designed for Windows 10, Windows Phone, Surface Hub,
Windows IoT, and HoloLens. Some apps may have been written for
Windows 8 or Windows 8.1, but are compatible with Windows 10. When you add an app to your inventory, it will be assigned to a specific platform, or be available for all devices.
There are two licensing models for the apps you can add to your Windows Store for Business:
• Online licensing: This is the traditional model also used in Windows Store.
Users connect to the Store for Business to get an app and license, based on their Azure AD accounts. You can distribute these apps by assigning them to your users, adding it to the private store for users to download, or distribute them through a management tool.
• Offline licensing: For apps that are available for offline licensing, you can download the apps and deploy them using your private network. This allows you to deploy these apps on devices that cannot access the store. To distribute
these apps, you can either use a provisioning package in a deployment image or use a management tool such as Microsoft Intune.
Some apps in the Store for Business are free, and some require a licensing fee. To acquire apps that require a fee, add payment information to your Store for Business account, or you can provide payment method when you acquire the app. Use the following procedure to acquire apps from the Store.
Step 1. Log in to your Store for Business portal with an account that has permissions to acquire apps.
Step 2. Select the Shop menu, or use the Search bar to find an app, and then click the app you want to purchase.
Step 3. From the app description page, select the license type.
Step 4. Free apps are added to your Inventory when you select Get the App.
For paid apps, select the quantity of the app you want and click Next. If your account does not have a payment method configured, you will be prompted for payment.
Step 5. After the app has been acquired, it appears in your Inventory. Select Inventory from the Manage menu to see your apps. Your Inventory is displayed, as shown in Figure 18-6.
Step 6. To add the app to your private store, click the Actions column for the app and then select Add to Private Store.
Figure 18-6. Your Windows Store for Business Inventory
From the Inventory page shown in Figure 18-6, you can start assigning apps
to users. To do so, click the Actions column for the app and then select
Assign to People. Type the name of a user into the box provided, as shown in Figure 18-7. You can continue to add names for all the people you want to assign the app to. When you are finished, click the Assign button.
Figure 18-7. Assigning an App to Users in the Store for Business
Client Configuration
By default, when users log in to their computers using their Azure AD credentials, the Store for Business private store will be available as a tab on the Store when they open it, as shown in Figure 18-8. Users who are using a device that is not connected to the Azure AD, or who are using a local
account, can still access the private store by using the Add Work or School Account option and signing in with their Azure AD credentials, as shown in Figure 18-9.
Figure 18-8. Private Store Tab on the Windows 10 Store App
Figure 18-9. Adding a Work or School Account to the Windows 10 Store App
You can configure your devices to limit access only to your organization’s private store. If you are using Microsoft Intune to manage your devices, you can configure a policy to enforce the store setting. Use a Custom
Configuration policy and configure the
ApplicationManagement/RequirePrivateStoreOnly policy setting, as shown in Figure 18-10.
Figure 18-10. Allowing Only the Private Store Using Microsoft Intune Policy
You can also enforce the allowing only your private store setting by using Group Policy Objects. The GPO setting is found in Computer
Configuration\Administrative Templates\Windows Components\Store.
Enable the policy called Only Display the Private Store Within the Windows Store App, as shown in Figure 18-11 to allow only the private store. You can then attach the GPO to any OU in your Active Directory.
Figure 18-11. Allowing Only the Windows Store Using Windows Group Policy Objects
Note
For more information about Windows Store for Business and how to manage your private store and apps, start with the references in the article “Windows Store for Business” at https://technet.microsoft.com/en-
us/itpro/windows/manage/windows-store-for-business.
Windows Assessment and Deployment Kit (ADK)
You learned some of the features and applications available in the Windows Assessment and Deployment Kit (ADK) in previous chapters of this text.
Table 18-3 is provided here as a reference to the tools provided in the ADK that you have learned about and the chapter where it is covered. This section focuses on how the ADK can help you to implement apps and administer them on Windows 10.
Table 18-3. Tools and Features of the ADK and Where They Are Covered
Topic Chapter
Windows System Image Manager
Chapter 2, see “Performing an Unattended Installation of Windows 10”
Installing the ADK Chapter 2, see “Performing an Unattended Installation of Windows 10”
Windows Imaging and
Configuration Designer (ICD)
Chapter 4, see “The Windows Imaging and Configuration Designer (ICD)”
Provisioning Packages Chapter 4, see “The Windows Imaging and Configuration Designer (ICD)”
User State Migration Tool
(USMT) Chapter 9, see “Migrating User Profiles”
A lot of functionality is available in the ADK. You can review Chapter 2 for information about installation of the ADK and the options available to install on a reference computer or an administration computer. Several additional tools are discussed in this chapter. If you are preparing for the 70-698 exam, you should also review the topics in other chapters, and the topics in the following list are also required for the 70-697 exam.
• Application Compatibility Tools: You learn about these tools in the next section, “Desktop Application Compatibility.” The Microsoft SQL Server 2012 Express database is also available in the ADK and can be used for storing your application compatibility settings.
• Microsoft User Experience Virtualization (UE-V) Template Generator:
You learn about UE-V in this chapter in the “User Experience Virtualization”
section. The template is a useful tool for managing UE-V.
• Microsoft Application Virtualization (App-V) Sequencer: You learn about App-V in the next section, “Desktop Application Compatibility.”
Desktop Application Compatibility
As noted in Chapter 2, "Implementing Windows," when you move to a new operating system, you should look at software compatibility while you are in the planning, development, and testing phases of the new operating system.
Windows 10 is no different in this matter. Many applications that were originally developed for Windows Vista, 7, or 8.1 might not run properly on Windows 10; antivirus applications developed for older Windows operating systems in particular are often incompatible.
In this section you learn how to use the Application Compatibility Toolkit (ACT) to identify incompatible applications and develop a strategy to deal with them. You also learn about some strategies for supporting incompatible applications, and tools for handling application coexistence when it can be problematic.
Application Compatibility Toolkit (ACT) and Compatibility Database ACT is a Microsoft resource that helps administrators resolve compatibility of their applications with Windows 10. ACT is included with the Windows ADK and provides compatibility fixes, modes, and help messages; tools for created customized fixes and help messages; compatibility databases; and a query tool you can use to search for installed compatibility fixes on local computers.
Using the Application Compatibility Toolkit (ACT)
ACT helps organizations to produce a comprehensive inventory of fixes and compatibility modes. It also identifies which applications might require additional testing or the use of a shim, which is a minor system compatibility fix that assists in enabling older applications to work properly with Windows 10.
ACT 6.1 is included with the Windows Assessment and Deployment Kit (ADK), which you can download from https://msdn.microsoft.com/en-
us/windows/hardware/commercialize/adk-install. If you installed the ADK as described in Chapter 2, using the defaults as previously shown in Figure 2-9, you will need to return to the installation wizard to complete the installation and configuration of ACT. Use the following procedure:
Step 1. In the taskbar Search text box or Cortana, type adk and then select adksetup.exe.
Step 2. You are informed that the features installed are up-to-date and given additional options. Click Change and then click Continue.
Step 3. From the Select the Features You Want to Change dialog box, select Application Compatibility Toolkit (ACT) and Microsoft SQL Server 2012 Express, and then click Change.
Step 4. If you receive a UAC prompt, click Yes.
Step 5. Wait while installation of ACT takes place. Click Close when finished.
After you've installed the ACT, you can access the Compatibility
Administrator by typing compatibility administrator into the Search bar or Cortana and selecting this item from the list that appears. As shown in Figure 18-12, the Compatibility Administrator comes loaded with fixes and settings for hundreds of applications that Microsoft has tested. You can apply
compatibility fixes and compatibility modes to any application and then save the information you've configured to an SQL database, either on a computer running SQL server or by using SQL Express, available for installation of the ADK.
Figure 18-12. Compatibility Administrator Helps You to Configure the Compatibility of Hundreds of Applications Originally Written for Older Windows Versions
Note that there are two versions of the Compatibility Administrator, a 32-bit
and a 64-bit version. You need to use the 32-bit version to for 32-bit
applications, and the 64-bit version for 64-bit applications. You also need to maintain separate databases for each.
You can search for fixes that are currently installed using the Search tool. To find applications that have fixes, ensure that you are using the right version of the Compatibility Administrator (32-bit or 64-bit) for the applications you want to search: