Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 Domai 1: Idetifyig Cause of ad Resolvig Desktop Applicatio Issues Idetifyig ad Resolvig New Software Istallatio Issues This sectio will help admiistrators: Troubleshoot software istallatio failures Verify istallatio requiremets Uderstad how AppLocker: Provides improvemets over previous versio Software Restrictio Policies (SRP). Facilitates digital sigig. Ca block software istallatios. You ca ecouter software errors ad failures durig or after istallatio: Errors that appear durig istallatio ca result from policy/permissio costraits, availability issues, or istallatio settigs. Errors displayed immediately after istallatio ca be associated with policy restrictios or compatibility problems. Errors displayed log after istallatio commoly result from chages i cofiguratio. To successfully istall software o Widows 7, you should uderstad cocepts such as: Admiistrator privileges Istallatio code ad data Applicatio compatibility ad depedecies AppLocker SRP Geerally, there are two meas of istallig software o systems ruig Widows 7: Maually istall a program. Software deploymet techology such as: Group Policy you may be required to use Group Policy to verify trusted sites, cofigure Applicatio Cotrol Policies (AppLocker), or to facilitate obtaiig a certificate from a third-party software publisher store. Microsoft System Ceter Cofiguratio Maager System Ceter Cofiguratio Maager, formerly Systems Maagemet Server (SMS), is a system maagemet software product by Microsoft for maagig large groups of Widows -based computer systems. Cofiguratio Maager provides remote cotrol, patch maagemet, software distributio, operatig system deploymet, etwork access protectio, ad hardware ad software ivetory. The most frequetly used feature is ivetory maagemet, which provides both hardware ad software ivetory across a busiess eterprise.) LearSmart Cloud Classroom: Video Traiig s Mauals
Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 Widows Automated Istallatio Kit (Widows AIK or WAIK) a collectio of tools ad techologies produced by Microsoft desiged to assist i the deploymet of Widows. It was first itroduced with Widows Visa. Widows AIK Versio 2.0 was released with Widows 7 beta. Sigificatly, a sigle ew tool, DISM, took over the fuctios of several earlier tools icludig PEImg ad ItlCfg, which were deprecated. The ew WiPE 3.0 has AeroSaps - a feature itroduced for Widows 7. The User State Migratio Tool (USMT) was added to this WAIK. Microsoft Deploymet Toolkit 2010 Kit 2010 Suite (formerly Busiess Desktop Deploymet) a piece of server software that permits etwork deploymet of Microsoft Widows. It ca curretly distribute Widows XP, Widows Vista, Widows 7, Widows Server 2003, Widows Server 2008, ad Widows Server 2008 R2. Hardware drivers, Widows updates, ad software ca be icluded with the istallatio. The followig topics explai some causes of software errors/failures, ad provide suggestios for how to resolve them. Media Locatio before istallig a applicatio, esure that all required files are saved i the right locatios. Logo Testig Widows 7 logo testig is a feature that examies software beig istalled ad checks for: Compliace with specific ati-spyware guidelies Isolatio from protected resources i Widows Reversible istallatio Digital sigature o all files If you receive a warig that a applicatio has ot passed Widows 7 logo testig, you should avoid istallig it. Verifyig Exteral Coectios determie if the software istallatio requires data (such as product key) from a exteral source. For example: Database Maiframe Web site Licese server Applicatio server Verifyig Applicatio Depedecies if applicable, determie if the software requires ay of the followig to be pre-istalled: Updates Features Service packs Other applicatios LearSmart Cloud Classroom: Video Traiig s Mauals
Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 Local Admiistrator Requiremets To successfully istall software, the user accout ormally must at least have local domai admiistrator privileges, ad the accout should have local admiistrator privileges o the computer uploadig the software. Additioally, the accout should be a member of the Admiistrators group o the computer to have rights to istall software o the system. If you get hug up o the User Accout Cotrol prompt while tryig to istall software o a computer, you should verify that the accout used for istallatio is grated local admiistrator privileges o the computer. Normally havig domai admiistrator privileges is sufficiet because by default, domai admiistrators are members of the local Admiistrators group o every computer that is a member of the same domai. But, you may eed to verify your access rights eve if you are already a domai admiistrator; the Domai Admiistrators group may have bee removed from the local Admiistrators group. To determie whether you are a member of the local Admiistrators group o a particular computer, you ca use the Local Users ad Groups cosole. To ope the cosole i Widows 7, click Start, type edit local users ad groups, ad press Eter. The, i the cosole tree of the Local Users ad Groups cosole, select Groups, ad double-click the Admiistrators group i the details pae. The Admiistrators Properties dialog box appears (as displayed below) listig all local admiistrators for that computer. Figure 1: Local Users ad Groups, Admiistrators Properties LearSmart Cloud Classroom: Video Traiig s Mauals
Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 O the Local Admiistrators dialog box, local admiistrators ca press the Add butto to add ew admiistrators. I a eterprise etwork, it is preferable to cotrol local group membership by usig the Restricted Groups feature i Group Policy. Local Group Policy is the oly local GPO that allows both computer cofiguratio ad user cofiguratio settigs to be applied to all users o a computer. Use the followig path to access ad maage local GPO: 1. Click Start, type MMC, ad press Eter 2. I Microsoft Maagemet Cosole, click File Add/Remove Sap-i 3. I the Add or Remove Sap-is dialog box, click Group Policy Object Editor Add 4. The Select Group Policy Object dialog box appears After verifyig that you are listed as a admiistrator, ad you get a message while istallig the program that admiistrator rights are required, the choose the optio to ru the istaller program as a admiistrator. Right-click Istallatio ad click Ru as Admiistrator (as show below). If a User Accout Cotrol coset or credetial prompt appears, eter the required cofirmatio or admiistrator credetials. Figure 2: Ruig a Program as Admiistrator Licesig Restrictios You may ot be able to istall a applicatio if it requires a licese or product key; or the applicatio may require that the computer is coected to a licese server before allowig the istallatio. LearSmart Cloud Classroom: Video Traiig s Mauals
Maual Widows 7 Eterprise Desktop Support Techicia (70-685) 1-800-418-6789 Applicatio Cotrol Policies ad Digital Sigig vs. Software Restrictio Policies (SRP) Widows XP ad Vista supported SRP, a meas by which admiistrators created rules to restrict what programs particular users or groups could ru, by specifyig that what programs could ru. Busiesses that use SRP usually develop blacklists: Group Policy Objects (GPOs) that block kow malware based upo source etwork zoe, path ame, hash or siged certificate. Specifically, SRP rules override a defied default security level by removig restrictios or addig restrictios. However, because robust SRP rules are hard to defie, most busiesses default to urestricted, givig ay program ot explicitly disallowed a free pass. Microsoft s replacemet for SRP, AppLocker, is available i Widows Server 2008 R2 ad Widows 7 Eterprise ad Ultimate editios. For backwards compatibility, GPOs ca iclude both SRP ad AppLocker rules. I such cases, AppLocker rules are oly applied to PCs ruig Widows 7, while SRP rules are oly applied to older PCs. Like SRP, AppLocker ca allow or dey a program to lauch. However, AppLocker imposes a default disallow stace. After you start the Applicatio Idetity (AppID) service ad apply a AppLocker rule, a program ot ecompassed by AppLocker rules will fail to lauch, displayig the message: The program is blocked by group policy. I this way, AppLocker ecourages busiesses to defie whitelists rather tha blacklists. Although AppLocker whitelists still require maiteace, they make it easier to idetify all of the programs with permissio to ru, istead of listig all the ukow ad potetially harmful programs that wat to block. Rules Like SRP, AppLocker lets you create rules defiig what programs are allowed to ru, ad assig them to security groups or idividual users (but ot to idividual computers). You ca make three differet types of rules: Path Rules (allow you to restrict users to lauchig apps oly from specified folders) Hash Rules (idetify allowed programs based o a cryptographic hash) Publisher Rules (idetify allowed programs by the digital sigature) Publisher Rules i AppLocker replace the Certificate Rules i SRP. Publisher Rules work with a wider variety of applicatios ad are more flexible. You ca restrict applicatios based o the followig iformatio cotaied i rules: Publisher (software compay) Program ame File versio This iformatio is i stored i the digital sigature. You ca apply ay of the rules to the followig: Executable files Scripts Istallatio files (such as.msi packages ad.dll or.ocx libraries) You cofigure AppLocker rules through Group Policy (either domai policies or local security policies). I the local security policy i Widows 7, you ll fid AppLocker uder the Applicatio Cotrol Policies ode. LearSmart Cloud Classroom: Video Traiig s Mauals