Part 1: WES7: Start IBW Installation

Part 1: WES7: Start IBW Installation

Demo: Windows Embedded Standard 7 IBW Installation 03

Create Bootable USB WES7 IBW Memory Stick Create bootable USB IBW (Image Builder Wizard) Prepare bootable NTFS USB stick: Diskpart List Disk Select Disk 5 Clean Create Partition Primary Active Format fs=ntfs quick Assign Copy IBW (32- or 64-Bit) DVD or Download 1:1 to root of USB stick

WES7: Start IBW Installation Boot target system direct from IBW (Image Builder Wizard) 32- or 64-Bit: Select Build an Image -> Setup is starting Please read and accept (check) the license terms -> Next Choose Application Compatibility template -> Next Choose system language, time/currency and keyboard -> Next Check Unmapped Devices and remember to install drivers in audit phase later. Do not check Modify Drivers. Check Modify Features -> Next

WES7: Start IBW Installation Select following feature packages: Boot Environments: Select: Enhanced Write Filter Boot Environment (if EWF is used) Embedded Enabling Features Edition Branding: Select: Windows Embedded Standard Startup Screen De-select: Bootable Windows USB Stack (to install the OS on USB stick) Select: Dialog Box Filter Select: EWF (Enhanced Write Filter with Hibernate Once, Resume Many) Select: FBWF (File Based Write Filter)

WES7: Start IBW Installation Select following feature packages: Embedded Enabling Features Select: Message Box Default Reply Select: Registry Filter Security De-select: Bitlocker Secure Startup (Creates hidden 100 MB system partition) SKU Compliance WS7E (E=Win 7 Professional features / P=Win 7 Ultimate features)

WES7: Start IBW Installation Select following feature packages: User Interface Windows Shell Select: Command Prompt Shell with Custom Shell Support De-select: Resolve optional dependencies De-select: Include applicable updates

WES7: Start IBW Installation Resolve Dependencies De-select: Windows Explorer Shell (Explorer Shell will stay in image!) -> Next De-select :AntiMalware, Photo Viewer and Tablet PC Support -> Next Done Click next, click next Delete all partitions over Drive options (advanced) (Trick: Press SHIFT+F10 for CMD/Diskpart, works for Windows 7 Professional or Home version) Next -> Install WES7 to the clean partition

Part 2: Overview Microsoft Embedded

Extending Windows to Specialized Devices

How does the end-user see your product? The embedded user sees a device and the desktop OS user sees a computer. Dedicated Application installed by OEM User does not see the Windows UI Product Lifecycle Extended Availability of the Embedded Platform User/Customer has full flexibility to install application PC Boots into Windows UI

Embedded Devices: Vertical Markets Measurement Devices Mobile Devices Gambling Machines Appliances, Screens, Entertainment Devices Image & Printing Devices Medical Systems Industrial Automation Ticketing Machines, POS, Retail Devices

The Microsoft Embedded Product Portfolio Classic Microsoft Operating Systems (for embedded systems): DOS 6.22 Windows 2000 (Professional + Server) Windows XP Professional / XP Pro 64 bit Windows Vista Business / Ultimate Windows 7 Professional / Ultimate Windows 8 / 8.1 Professional Real Embedded Microsoft Operating Systems : Windows CE / Windows Embedded Compact 7 / 2013 Windows NT Embedded 4.0 (Workstation + Server) Windows XP Embedded / Windows Embedded Standard 2009 WePOS / POSReady 2009 / POSReady 7 / Embedded 8.1 Industry Pro Retail Windows Embedded Standard 7 / Windows Embedded 8 Standard Windows Embedded 8.1 Industry Pro Embedded Server Microsoft Operating Systems : Server 2012 R2 / Server 2012 / Server 2008R2 / Server 2008 / Server 2003 / Server 2000 SQL Server / Storage Server / ISA / DPM Server Server Appliance Kits (SAK) HomeServer

Microsoft Embedded Licenses Availability 5 years mainstream support 5 years extended support 5+ years license availability Product Supported License Available Launch Date Min. 15 years total of license availability!!!

XP Professional FES: Support / License Availability Dates for Windows XP Professional SP3 for embedded systems: http://support.microsoft.com/lifecycle/search/default.aspx?sort=pn&alpha=windows+xp+professional&filter=filterno Start General Availability: 31.12.2001 End of mainstream support: 14.04.2009 End of extended support: 08.04.2014 End of distribution: 31.12.2016 } These dates where extended for 2 years End of Distribution: OEMs are not allowed to ship new products with this license any more. Already licensed products (with attached COAs) are ok to ship (i.e. RMA).

WES7: Support / License Availability Dates for Windows Embedded Standard 7: http://support.microsoft.com/lifecycle/search/default.aspx?sort=pn&alpha=windows+embedded+standard+7&filter=filterno Start General Availability: 29.07.2010 End of mainstream support: 13.10.2015 End of extended support: 13.10.2020 End of distribution: 27.07.2025 End of Distribution: OEMs are not allowed to ship new products with this license any more. Already licensed products (with attached COAs) are ok to ship (i.e. RMA).

Differences in Microsoft Mainstream/Extended Product Support Support provides Mainstraem Support phase Extended Support phase Paid support (per-incident, YES YES per hour, and others) Security update support YES YES Required extended hotfix Non-security hotfix support YES agreement purchased within 90 days mainstream support ending No charge incident support YES NO Warranty claims YES NO Design changes and feature request YES NO Product-specific information that is available by using the online Microsoft YES YES Knowledge Base Product-specific information that is available by using the Support site at YES YES Microsoft Help and Support to find answers to technical questions

Microsoft Windows Embedded: An OEM Channel OED: OEM Embedded Devices Target market: Embedded OEMs Full version preinstalled and Embedded COA Support from Embedded OEM Cheap Can be distributed only with HW (bundled) Worldwide export rights Imaging possible through Embedded OEM Recovery medias from Embedded OEM (optional) Language independent Longtime availability OEM pre-activated (OA) possible

Part 3: WES7 Installation: OOBE

WES7: IBW Installation: OOBE Enter User Name (administrator) Define Computer name -> Next Set password, do not leave empty -> Next Enter Product key, 3 possibilities: 1: No Key -> 30-day Eval Image -> Next, Next 2: Eval-Key: -> 180-day Eval Iamge -> Next, Next 3: OEM Key (per E-Mail from Microsoft) -> Full version (SHIFT+F10 for cmd to copy key with notepad.exe) -> Next http://msembedded.biz/de/windows-embedded-standard-7/standard-7-pid-nummer-coa-alp.html

WES7: IBW Installation: OOBE Define Update policy (Ask me later) Set time, date & timezone -> Next Connect to wireless networks or skip this page Now, WES7 will boot into Command Shell

Part 4: Configure a WES7 Installation

WES7: Configure eshell for a WES7 SP1 Image Start REGEDIT.EXE (Confirm UAC) The Custom Shell Support will set following key to start up the eshell.exe: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell= eshell.exe -> Change it back to explorer.exe The eshell.exe gets its parameters from this key: [HKLM\Software\Microsoft\Windows Embedded\EEF\Shell Launcher] Shell= cmd.exe AllOtherReturnCodeAction: 0 Restart the custom shell. (default) 1 Restart the device. 2 Turn off the device. 3 No action.

WES7: Configure eshell for a WES7 SP1 Image eshell.exe will execute Run and RunOnce registry keys and monitor the shell via the ReturnCode. When starting the own custom shell direct over the normal shell registry, the Run and RunOnce keys will not be processed.

WES7: Reboot into Explorer.exe Reboot machine with command: shutdown r t 0 Now, WES7 will boot into Explorer Shell

Demo: Configure EWF for a WES7 SP1 Image Start CMD.EXE as administrator (Confirm UAC) Use EWFMGR.EXE to show configuration Main commands for EWFMGR: EWFMGR enable c: (note: EWFMGR is enabled over the Volume ID!) EWFMGR disable c: EWFMGR c: -commit EWFMGR c: commitanddisable EWFMGR c: -activatehorm EWFMGR c: -deactivatehorm

Demo: Configure FBWF for a WES7 SP1 Image Start CMD.EXE as administrator (Confirm UAC) Use FBWFMGR.EXE to show configuration Main commands for FBWF: FBWFMGR /enable FBWFMGR /addvolume c: FBWFMGR /addexclusion c: \test FBWFMGR /overlaydetail FBWFMGR /commit c: \test2\file.txt FBWFMGR /disable

Demo: Registry Filter in WES7 SP1 You can only use Registry Filter to persist custom keys in the HKLM registry root. Registry Filter is not guaranteed to persist all registry keys in the SYSTEM hive because the system can update registry keys early in the boot process before Registry Filter loads. Registry Filter can only persist registry keys that change after it loads and starts tracking registry changes. HKLM\SYSTEM\CurrentControlSet\services\RegFilter\Parameters\MonitoredKeys\MyKey ClassKey REG_SZ HKLM FileNameForSaving REG_SZ mykey.rgf RelativeKeyName REG_SZ Software\mykey This will secure the Registry except: HKLM\Software\mykey\

EWF / FBWF design guide for WES7 Both filters work with RAM overlay Not suitable for a 24/7 system Need reboots to clean RAM overlay from time to time A full overlay result in an unstable system! System must be designed to write any data to other partition i.e. Log Files No page file is allowed Attention to Registry! Many applications need t write to the registry API is available for EWF and FBWF

Demo: Message Box Default Reply Message Box Default Reply can be configured and will intercept i.e.: x=msgbox("box test",1,"box Title") HKLM\System\CurrentControlSet\\Control\Error Message Instrument Here are the keys that may be of interest with their default values resulting from the build: \Error Message Instrument\EnableDefaultReply=1 \Error Message Instrument\EnableLogging=1 \Error Message Instrument\LogSeverity=0 For logging, use: HKLM\System\CurrentControlSet\Services\EventLog\Application\Error Instrument\ TypesSupported=0x00000007 HKLM\System\CurrentControlSet\Services\EventLog\Application\Error Instrument\ EventMessageFile=%SystemRoot%\System32\User32.dll

Demo: Dialog Box Filter Define your own interaction with Dialog boxes Use: ProgramData\Microsoft\DialogFilter\ConfigurationList.XML Use the Dialog Filter Editor installed with ICE to gnerate xml file Example: <?xml version="1.0" encoding="utf-8"?> <CL:dialogs xmlns:cl="urn:dialogs"> <dialog> <ProcessImageName>test_1.exe</ProcessImageName> <Title>Test</Title> <Class>#32770</Class> <Buttons> <Button>Yes</Button> <Button>No</Button> <Button>Cancel</Button> <Button>Close</Button> </Buttons> <Actions> <Action>Close</Action> </Actions> </dialog> </CL:dialogs>

Demo: The power of DISM DISM: Deployment Image Servicing and Management Tool Can be used /online on running systems as well as /offline on WIM images Apply Unattend files (i.e. registry data, files ) Add, Remove drivers Set international settings like UILanguage, keyboard layout or time zone AppInfos about MSI Installer packages on the system Add / Remove operating system packages from Microsoft

Demo: Change Language with DISM Change language with DISM: Get installed language pack name from package list: DISM /online /get-packages /format:table >c:\packages.log De-install installed languge: DISM /online /remove-package /packagename:microsoft-windows-embedded- LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.1.7600.16385 Install new language pack (from IBW Disk: DS\Packages\LanguagePack): DISM /online /add-package /packagepath:c:\lp\de\lp.cab Normal way: First install new language before deleting the system language!

Part 5: WES7 Image Documentation

Demo: Document an Image: Panther Read out unattend.xml from C:\Windows\Panther directory Logfile from Setup.exe (IBW) WES7 installer. Stops logging after setup.exe ended Can be used to be imported into ICE toolkit

Demo: Document an Image: DISM Start an CMD as Administartor Use following command: DISM /online /get-packages /format:table >c:\packages.log Now, DISM can be used to add / remove packages after installing

Part 6: Prepare WES7 for Deployment / Recovery

Demo: WES7 SP1 Recovery Image with ImageX / DISM Use ImageX.exe (or DISM) to create an image.wim file from your installation : ImageX /capture c: d:\wes7.wim DriveC or Dism /Capture-Image /ImageFile:c:\wes7.wim /CaptureDir:C:\ /Name:"WES7" Use ImageX.exe (or DISM) to recover the image: ImageX /apply 1 d:\wes7.wim c: or Dism /Apply-Image /ImageFile:d:\wes7.wim /index:1 /ApplyDir:C:\ Create Recovery Media with OEM tools: Windows PE to boot from DVD / USB stick / Network Diskpart to prepare / clean HD / SSD ImageX/DISM to handle WIM files (FreeImageX for end customer usage)

WES7: IBW Installation: Audit Phase Now configure your system as a Golden Master : Set Auto-logon (Windows+R: control userpasswords2) Add drivers Add applications Add Updates Add GPOs Set up network Set up Users Set Run / RunOnce Keys -> Use RunOnce keys for configuring the Clone Set automatic Restart (BSOD Restart) Disable EWF / FBWF

Create OEM Image: Sysprep Image Generalize OS for deployment Attention: Rearm count

Create OEM Image: Sysprep Image: Minimal Sysprep with unattend.xml: Sysprep /generalize /oobe /shutdown /unattend:minunattend.xml <?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/wmiconfig/2002/state" xmlns:ew="urn:schemas-microsoft-com:embedded.unattend.internal.v1"> <settings pass="generalize"> <component name="microsoft-windows-pnpsysprep" processorarchitecture="amd64" publickeytoken="31bf3856ad364e35" language="neutral" versionscope="nonsxs" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"> <PersistAllDeviceInstalls>true</PersistAllDeviceInstalls> </component> </settings> <settings pass="oobesystem"> <component name="microsoft-windows-shell-setup" processorarchitecture="amd64" publickeytoken="31bf3856ad364e35" language="neutral" versionscope="nonsxs" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"> <OOBE> <SkipUserOOBE>true</SkipUserOOBE> <SkipMachineOOBE>true</SkipMachineOOBE> </OOBE> </component> </settings> </unattend>

Create OEM Image: If you don t want to use sysprep. Not official supported by MS i.e. for backup / recovery You need to reset the partiton/volume ID else the image will not boot from another (new) partition. (winload.exe error) Absolute Minimum Sysprep : bcdedit /set {default} device partition=c: bcdedit /set {default} osdevice partition=c: bcdedit /set {bootmgr} device partition=c:

Part 6: Create WES7 Recovery Solution

Recovery Solution: Step #1: Download and install free Windows Assessment and Deployment Kit (ADK) tool from Microsoft on a development machine Link: http://www.microsoft.com/de-de/download/details.aspx?id=30652 Next version from WAIK toolkit (Windows Automated Installation Toolkit) Advantage PE4.0: You can use.net applications! Free to use and distribute for Embedded OEMs!!!

Recovery Solution: Step #2: Create bootable Windows PE USB stick Start from installed Programms Windows Kit -> Windows ADK -> Deployment and Imaging Tools Environment as an Administrator Use following commands: copype.cmd x86 c:\winpe_x86 MakeWinPEMedia.cmd /UFD /f c:\winpe_x86 e: (e: is the USB stick drive) ATTENTION: File System will be FAT32. Max. File size 2GB. Not suitable for WIM files. Create own bootable NTFS stick and copy PE content on the stick! -> Copy c:\winpe_x86 \media folder from Win PE to root of USB memory stick.

Recovery Solution: Step #3: Mount Windows PE wim file to change the start script Use following command: Dism /Mount-Image /ImageFile:e:\sources\boot.wim /index:1 /MountDir:C:\mount - C:\mount must be an empty directory - E: must be the USB stick drive with windows PE 4.0

Recovery Solution: Step #4: Change Win PE start script startnet.cmd in c:\mount\windows\system32\: @echo off REM ******************* REM * Running WPEInit * REM ******************* echo Starting WPEInit... Setting up network... Please wait... Skipped... REM wpeinit :BATCHSTART Cls REM *********************************** REM * Search for WinPE USB Drive Path * REM *********************************** set INSTALL_PATH=NO FOR %%a in (Z X W V U T S R Q P O N M L K J I H G F E D C) do if exist %%a:\sources\boot.wim set INSTALL_PATH=%%a: IF %INSTALL_PATH%==NO goto NOPATH echo. echo Win PE boot storage found under drive letter: %INSTALL_PATH% GOTO PATHEND :NOPATH echo No Win PE boot drive letter was identified... GOTO BATCHEND :PATHEND REM ****************** REM * Security Pause * REM ****************** echo Apply Image from USB stick to Partition1 echo Attention: This will erease all data on Disk 0 /Partition 1!!!! pause REM ************************************************* REM * Prepare Disk 0 / Partition 1 R: NTFS bootable * REM ************************************************* REM **************************** REM * Select Bootsector: * REM * * REM * nt52 for XP/Server2003 * REM * nt60 for Vista/Win7/S2k8 * REM **************************** REM BootSect R: /nt52 REM *************** REM * Apply Image * REM *************** Dism /apply-image /imagefile:%install_path%\wes7.wim /index:1 /ApplyDir:R:\ REM ******************************************* REM * Reset Partition ID for Vista/Win 7/S2k8 * REM ******************************************* echo. bcdedit /set {default} device partition=r: bcdedit /set {default} osdevice partition=r: bcdedit /set {bootmgr} device partition=r: REM *********** REM * Reboot * REM *********** echo. echo Image restored. Rebooting now the system... echo. exit :BATCHEND diskpart /s startnet_diskpartscript.script

Recovery Solution: Step #5: Add text file: diskpartscript.script in c:\mount\windows\system32\ select disk 0 clean create partition primary active format fs=ntfs quick assign letter=r: exit

Recovery Solution: Step #6: Dismount Windows PE boot.wim and commit changes Use following command: Dism /Unmount-Image /MountDir:C:\mount /commit

Recovery Solution: Step #7: Boot the target system from the WinPE and capture WES7 image Boot from Win PE USB stick on target machine Interrupt recovery batch (security pasue in startnet.cmd) with CTRL+C Use following commands to capture system partition and OS partition and write the WIM files to the root of the USB memory stick: Dism /Capture-Image /ImageFile:e:\wes7.wim /CaptureDir:c:\ /Name: WES7

Recovery Solution: Step #8: Check solution Reboot target system and boot from USB memory stick This will boot now windows PE Start automatically startnet.cmd and process the script Script will clean Disk 0 Create new partition and formats it Apply back the WIM image Reset Partition ID Reboot