Introduction to Windows 8.1 Administration
- 11/15/2013
- Getting started with Windows 8.1: the quick tour
- Understanding 32-bit and 64-bit computing options
- Deploying Windows 8.1
- Installing Windows 8.1
- Running Windows 8.1
- Windows 8.1 architecture
- Getting started with Windows 8.1: the quick tour
- Understanding 32-bit and 64-bit computing options
- Deploying Windows 8.1
- Installing Windows 8.1
- Running Windows 8.1
- Windows 8.1 architecture
Windows 8.1 is designed primarily as an operating system for client devices. This chapter covers getting started with Windows 8.1 and the fundamental tasks you need for Windows 8.1 administration. Throughout this and the other chapters in this book, you’ll find detailed discussions of changes that enhance all aspects of computer management and security. Although this book focuses on Windows 8.1 administration, the tips and techniques discussed throughout the text can help anyone who develops for, works with, or supports Windows 8.1.
This book zeroes in on user and system administration tasks. You’ll find detailed coverage of the following topics:
- Customizing the operating system
- Optimizing the Windows environment
- Configuring hardware devices
- Installing and maintaining programs
- Managing user access and global settings
- Troubleshooting system problems
Also, it is important to note that just about every configuration option in the Windows operating system can be controlled through Group Policy. Rather than add caveats to every discussion that feature A or B can be configured only if allowed in Group Policy, I’m going to assume that you understand the global impact of Group Policy on system configuration and management. I’m also going to assume that you are familiar with the command line and Windows PowerShell. This will allow me to focus on essential tasks for administration.
Getting started with Windows 8.1: the quick tour
Windows 8.1 is the latest release of the Windows operating system for client computers. Windows 8.1 natively supports image-based installation and deployment. Windows 8.1, Windows 8.1 Pro, and Windows 8.1 Enterprise support 32-bit x86 and 64-bit x64 processors for PCs and tablets. Windows 8.1 RT supports ARM processors. For many advanced features, including BitLocker, Encrypting File System, Domain Join, Group Policy, and the Remote Desktop host, computers will need Windows 8.1 Pro or Windows 8.1 Enterprise.
Windows 8.1 has many enhancements to improve security, including memory randomization and other improvements to prevent malware from inserting itself into startup and running processes. Windows 8.1 uses address space layout randomization (ASLR) to randomly determine how and where important data is stored in memory, which makes it much more difficult for malware to find the specific locations in memory to attack.
Windows 8.1 has enhanced support for devices that use Trusted Platform Module (TPM). Although always-on devices require TPM 2.0, all other devices require at least TPM 1.2. Firmware can use TPM to store hashes, which verify that important operating system files haven’t been changed, and keys, which verify that digital signatures are valid.
Windows 8.1 requires a processor that includes hardware-based Data Execution Prevention (DEP) support. DEP uses the Never eXecute (NX) bit to mark blocks of memory as data that should never be run as code. DEP has two specific benefits. It reduces the range of memory that malicious code can use and prevents malware from running any code in memory addresses marked as Never eXecute.
If your organization doesn’t use an enterprise malware solution, you’ll also be interested to know that Windows Defender for Windows 8.1 has been upgraded to a more fully featured program. Windows Defender now protects against viruses, spyware, rootkit, and other types of malware. Rootkit detection helps to safeguard PCs and tablets from malware that inserts itself into non-Microsoft drivers. If Windows Defender detects that a non-Microsoft driver has been infected, it prevents the driver from starting. It’s important to point out that other features, such as Secure Boot, Trusted Boot, and Measured Boot, protect Microsoft drivers and other critical operating system files.
Separate distribution media is provided for 32-bit and 64-bit editions of Windows 8.1. To install the 32-bit edition of Windows 8.1 on an x86-based computer, you need to use the 32-bit distribution media. To install the 64-bit edition of Windows 8.1 on an x64-based computer, you need to use the 64-bit distribution media. Generally, if you are running a 32-bit operating system and want to install a 64-bit operating system (on hardware that supports both), you need to restart the computer and boot from the installation media. The same is generally true if you want to install a 32-bit operating system on a computer running a 64-bit operating system.
Windows 8.1 uses modularization for language independence and disk imaging for hardware independence. Each component of the operating system is designed as an independent module that you can easily add or remove. This functionality provides the basis for the configuration architecture in Windows 8.1. Microsoft distributes Windows 8.1 on media with disk images that use compression and single-instance storage to dramatically reduce the size of image files. The format for disk images is the Windows Imaging (WIM) format.
The Windows Preinstallation Environment (Windows PE) replaces MS-DOS as the preinstallation environment and provides a bootable startup environment for installation, deployment, recovery, and troubleshooting. The Windows Preboot Environment provides a startup environment with a boot manager that lets you choose which boot application to run to load the operating system. On systems with multiple operating systems, you access operating systems prior to Windows 7 in the boot environment by using the legacy operating system entry.
User Account Control (UAC) enhances computer security by ensuring true separation of standard user and administrator user accounts. Through UAC, all applications are run by using either standard user or administrator user privileges, and you get a security prompt by default whenever you run an application that requires administrator privileges. The way the security prompt works depends on Group Policy settings. Additionally, if you log on by using the built-in Administrator account, you typically do not get elevation prompts.
Windows 8.1 has several key UI elements, including the following:
- Start screen
- Charm bar
- Search panel
- Settings panel
- PC Settings screen
- Apps screen (also referred to as All Apps)
The Start screen replaces the traditional Start menu. Start is a window, not a menu. Programs can have tiles on the Start window. Tapping or clicking a tile runs the program. When you press and hold or right-click a tile, an options panel rather than a shortcut menu normally is displayed.
From Start, one way to quickly open a program is by simply typing the file name of the program and then pressing Enter. This shortcut works as long as the Everywhere Search box is in focus (which it typically is by default).
Pressing the Windows key switches between the Start screen and the desktop or the current app you are working with (or, if you are working with PC Settings, between Start and PC Settings). On the Start screen, there’s a Desktop tile that you can tap or click to display the desktop. You also can display the desktop by pressing Windows key + D or, to peek at the desktop, press and hold Windows key + , (that’s the Windows key plus the comma key).
The Charm bar is an options panel for Start, Desktop, and PC Settings. With touch UI, you can display the Charm bar by sliding in from the right side of the screen. With a mouse and keyboard, you can display the Charm bar by moving the pointer over the hidden button in the upper-right or lower-right corner of the Start, Desktop, or PC Settings screen; or by pressing Windows key + C.
The Charm bar has the following five charms:
- Search Tap or click the Search charm to display the Search panel. Any text typed while on the Start screen is entered into the Search box on the Search panel. Areas the Search box can be focused on include Everywhere, Settings, or Files. When it is focused on Everywhere, you can use Search to quickly find installed programs, files, settings, and more. When it is focused on Settings, you can use Search to quickly find settings and options in Control Panel. When it is focused on Files, you can use Search to quickly find files.
- Share Tap or click the Share charm to share from a desktop app. For example, when working with the Maps app, you’ll typically get options for sharing the map with which you are working.
- Start Tap or click the Start charm to switch between Desktop and Start (or, if you are working with PC Settings, between Start and PC Settings).
- Devices Tap or click the Devices charm to work quickly with attached devices, such as a second screen.
- Settings Tap or click the Settings charm to access the Settings panel, which provides access to important options, including the power options for sleep, shutdown, and restart.
You also can display the Settings panel by pressing Windows key + I. From the settings panels, you can:
- View connected networks and network status.
- View and change audio output levels.
- Change brightness levels of the display (portable devices only).
- Hide notifications temporarily.
- Access power options.
- Display the touch keyboard (touch UI devices only).
- Access the PC Settings screen (by clicking Change PC Settings).
Start Settings, Desktop Settings, and PC Settings have nearly—but not exactly—identical Settings panels. The Start Settings panel has a Tiles option that you can tap or click to display an option for adding or removing tiles for the administrative tools to the Start screen and an option for clearing personal information from tiles. The Desktop Settings panel has several quick links, including:
- Control Panel For opening Control Panel
- Personalization For opening personalization settings in Control Panel
- PC Info For opening the System page in Control Panel
- Help For opening Windows Help and Support
Thus, when you are working with the desktop, one way to quickly open Control Panel is by pressing Windows key + I, and then clicking Control Panel on the Settings panel.
File Explorer is pinned to the desktop taskbar by default, which means you can also access Control Panel by following these steps:
- Open File Explorer by tapping or clicking the taskbar icon.
- Tap or click the leftmost option button in the address list.
- Tap or click Control Panel.
Another technique you’ll want to quickly master is getting to the Apps screen, which lists installed apps alphabetically within app categories. Apps are listed first in the results whenever you perform an Everywhere search. On the Start screen, you’ll find a button with an arrow pointing down; tapping or clicking this button displays the Apps screen. On the Apps screen, you’ll find lists of all installed programs, organized by category. Apps listed in the Windows System category are ones you’ll often use for administration, including Command Prompt, Control Panel, Task Manager, File Explorer, This PC, and Windows PowerShell. Administrative tools are only displayed on the Apps screen if you previously selected the Tiles option on the Start Settings panel and then selected Show Administrative Tools.
With Windows 8.1, you might want to use Windows PowerShell as your go-to prompt for entering both standard Windows commands and Windows PowerShell commands. Although anything you can enter at a command prompt can be entered at the Windows PowerShell prompt, it’s important to remember that this is possible because Windows PowerShell looks for external commands and utilities as part of its normal processing. As long as the external command or utility is found in a directory specified by the PATH environment variable, the command or utility is run as appropriate. However, keep in mind that Windows PowerShell execution order could affect whether a command runs as expected. For Windows PowerShell, the execution order is (1) alternate built-in or profile-defined aliases; (2) built-in or profile-defined functions; (3) cmdlets or language keywords; (4) scripts with the .ps1 extension; and (5) external commands, utilities, and files. Thus, if any element in 1 to 4 of the execution order has the same name as a command, that element will run instead of the expected command.
Windows 8.1 ships with Windows PowerShell. When you’ve configured Windows PowerShell for remote access, you can execute commands on remote computers in a variety of ways. One technique is to establish a remote session with the computers with which you want to work. The following example and partial output shows how you can check the Windows edition on remote computers:
$s = new-pssession -computername engpc15, hrpc32, cserpc28 invoke-command -session $s {dism.exe /online /get-currentedition}
The following is the resulting partial output:
Deployment Image Servicing and Management tool Version: 6.1.7600.16385 Image Version: 6.1.7600.16385 Current Edition : Ultimate The operation completed successfully.
The internal version number for Windows 7 is 6.1, whereas the internal versions for Windows 8 and Windows 8.1 are 6.2 and 6.3 respectively. Thus, based on this output, you know the computer is running Windows 7 Ultimate edition (and hasn’t been upgraded to Windows 8.1 yet).