michel barnett architect microsoft wcl201 session objectives and takeaways session objectives:...

Deploying and Rolling Out Windows Internet Explorer 8

Michel BarnettArchitectMicrosoftWCL201

Session Objectives and Takeaways

Session Objectives: Explain deployment optionsDemonstrate key deployment tasks

Leave you with an understanding of the tools used for:

CustomizationDeploymentConfigurationUpdating

Explain how Windows 7 fits with IE8 Deployment

Inconsistent configurationsUnpredictable downtimeDecentralized management

Application incompatibilityMultiple software imagesLarge-scale migration complexity

Notebook theftSecurity patchingMalware and virusesLicense complianceData protection

30–45% of the average enterprise IT budget is allocated to desktop support.1

More importantly, desktop complexity hinders end-user productivity and the overall agility of an organization.

Enterprise Desktop Challenges

Deployment Management Security

1 Infrastructure Optimization, William Barna/Microsoft, April 2006

70% of desktop TCO is labor related

100%

Desktop Total Cost of Ownership

Desktop TCO ($4600-$5000/year)

IT costs End-userHardware / SoftwareCost of IT labor and administration

Cost of self-support and downtime

Cost of hardware and software

Source: A leading analyst firm, December 2005Note: Excludes server and network costs for centrally managed services

Total

(US$

/de

skto

p/ye

ar)

30%

50%

20%

Microsoft Desktop Optimization Vision

Improve security and protect corporate data

• Reduce the impact of security breaches with unified protection

• Protect desktops from Internet-based threats

• Enhance data protection on desktops

• Apply security patches faster

• Enable secure remote access for employees

Increase control of desktop environment

• Centralize security management

• Improve visibility over malware threats

• Lock down desktop and application permissions and enforce group policy

• Protect applications and licenses from unauthorized use

Simplify IT compliance

• Verify security settings easily and in real time

• Improve license management, compliance, and cost

• Monitor and audit client configurations to maintain them and to ensure approved states

• Improve auditing with comprehensive auditing tools

Plan Build Deploy Operate

• Requirements• Specifications• Vision / Scope• Inventory• Assessments• Architecture• IO remediation

• Image engineering• Deployment

engineering (LTI/ZTI)• App Compat

testing• App Compat

remediation• App packaging• IO infra.

upgrades

• Lab deployments• Pilot

deployments• Production

deployments• Automated

provisioning (via LTI/ZTI)• Process

improvements

• Deployment reporting• Image mgmt• App mgmt• System

monitoring

Steps to an Optimized Desktop

Key Deployment Technologies

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Customization

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Internet Explorer Administration Kit

Customization WizardCreates customized versions of IE

Profile ManagerManages customization settingsSupports automatic configuration

Audience Types

Internet Service Provider (ISP)

ISP usersInternet Content Provider (ICP)

Web SitesISVs

Corporate AdministratorCorporate employees

http://go.microsoft.com/fwlink?LinkId=133798

Key Features

Distribution OptionsCD, LAN

Custom ComponentsIn-house applications

Setup experienceHands-free/ interactive

Search experienceCustom search providers

Browser experienceHome pages, favorites, toolbars

Administrator-approved Microsoft ActiveX controlsAutomatic configuration

Corporate Usage

Install on build machineIE8 must be pre-installed

Run wizard to create customized versionof browser

Platform specificDeploy customized versionManage with Profile Manager

Optional

Demonstration Topology

IEAK Build Machine

Router

IEAK

Configuration Manager

Server

Domain Controller

XP Workstation

The Scenario

Customize Internet ExplorerHome pageTitle barSearch providers

Deploy using Configuration ManagerWith slipstream option

Manage with Group PolicyUpdate using Windows Server Update Services

IEAK Customization Wizarddemo

Deployment: Configuration Manager

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Deployment Options

Group Policy

Windows Server Update Services

Windows Update

System Center Configuration Manager

Network Shared Folder

Hyperlink from Email or Web Page

CD

Managed Deployment

System Center Configuration Manager is one exampleUse the .MSI package created by the IEAK Customization WizardFour step process for System Center Configuration Manager distribution

Create the Configuration Manager packageCreate the installation programAssign to a distribution pointCreate an advertisement

IE8 Deployment with System Center Configuration Manager

demo

Deployment: Slipstreaming

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Deployment vs. Slipstreaming

DeploymentFamiliar processApplies to all supported operating systems

Windows XPWindows Server 2003etc.

Necessary if operating system is already deployed

SlipstreamingFasterNo additional rebootsMay include updates and language packagesApplies only to Vista and Windows Server 2008

How to Slipstream

Stage IE installation mediaExtract standard installation program

Stage operating system installation mediaFrom installation DVD

Mount operating system Image file (.wim)Use PKGMGR to add Internet Explorer 8Unmount operating system imageCreate ISO for OS Image

Using PKGMGR

Pkgmgr.exe/n:.\updatepackage\Windows6.0-

KB944036-x86.xml/o:.\mount;.\mount\windows/s:.\sandbox/l:.\slipstream.log

/n – unattended installation answer file/o – location of boot manager ; location of Windows directory/s – temporary storage/l – log file

Slipstreaming IE8demo

Management

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Group Policy

About 1300 group policiesUser and machine configuration

Machine takes precedence

Found in Administrative Templates in GP editor

Deploy Phase

Depth of Group Policies will be determined by the needs of the customer

Configure based on needs rather than trying to cover all policies

New and recommended Group Policies can be found here:

http://technet.microsoft.com/en-us/library/cc985351.aspx

Deploy PhaseCommonly Set Group PoliciesCustomer Need Group Policy

Lock down security settings \Internet Control Panel\Disable the Security Page

Secure users from phishing sites \Prevent Bypassing SmartScreen Filter Warnings

Prevent users from installing unapproved add-ons

\Security Features\Add-on Management\Add-on List

\Security Features\Add-on Management\Deny all add-ons unless specifically allowed in the Add-on List

Secure users from sites with fraudulent certificates

\Internet Control Panel\Prevent ignoring certificate errors

Ensure specific web sites are in specific security zones

\Internet Control Panel\Security Page\Site to Zone Assignment List

Group Policydemo

Management

•Internet Explorer Administration Kit (IEAK)

Customization

•Application: System Center Configuration Manager 2007

•Operating System: Slipstreaming

Deployment

•Group Policy

Management

•Windows Update

•System Center Configuration Manager 2007

•Windows Server Update Services (WSUS)

Updating

Windows Update

Useful for updating and installing Internet ExplorerIE8 is now available through Automatic Updates

http://blogs.msdn.com/ie/archive/2009/04/10/prepare-for-automatic-update-distribution-of-ie8.aspx

Updates will be installed based on settings on the individual clientsEffective, but doesn’t allow for centralized management

Consider implementing update management system…

Update Management with WSUS

Individual WSUS servers connect to Windows Update to download update packagesAdministrators can test updates to ensure compatibility before deploymentOnce approved, the updates are available to target machinesSystem Center Configuration Manager makes this even better…

WSUS and Configuration ManagerMicrosoft Update

Software Update Point / WSUS Server

Primary Site Server

ConfigMgr Client / WU Agent

Synch Updates

Database Synch

Deploy Updates

Update Management with System Center Configuration Manager

demo

Blocker ToolkitBlocks IE from being installed via Automatic Updates

Gives you control of when IE is installedCreates a registry key

HKLM\SOFTWARE\Microsoft\Internet Explorer\Setup\8.0\DoNotAllowIE80

Two possible settings0: Allows AU to install IE81: Blocks AU from installing IE8

Two components in the toolkitADM template for Group PolicyIE80Blocker.cmd

/B to block/U to unblock

Feature/Platform Windows 7 Other Operating Systems

Customization

Deployment

Management

Updating

Not necessary (IE8 built-in)

Supported

Windows 7 Support

Useful for Automatic Configuration

Slipstream Deploymentdemo

Internet Explorer ResourcesFeature Overview

www.microsoft.com/ie8Engineering Blog

blogs.msdn.com/ieInternet Explorer TechNet Site

technet.microsoft.com/ie IE8 Blocker Toolkit

www.microsoft.com/downloads/details.aspx?FamilyID=21687628-5806-4ba6-9e4e-8e224ec6dd8c&displaylang=en

Group Policy Settings for IE8www.microsoft.com/downloads/details.aspx?familyid=AB4655F2-0A3C-42EB-974D-24B2790BF592&displaylang=en

Internet Explorer Administration Kit (IEAK)technet.microsoft.com/en-us/ie/bb219517.aspx

question & answer

www.microsoft.com/teched

Sessions On-Demand & Community

http://microsoft.com/technet

Resources for IT Professionals

http://microsoft.com/msdn

Resources for Developers

www.microsoft.com/learningMicrosoft Certification and Training Resources

www.microsoft.com/learning

Microsoft Certification & Training Resources

Resources

Related ContentBreakout Sessions

WCL204 – What’s New for Your Enterprise in Windows Internet Explorer 85/11 2:45 PM – 4:00 PM

WUX04-INT – Top 10 Web Mistakes, and How to Avoid Them5/11 – 4:30 PM – 5:45 PM

WCL201 – Deploying and Rolling Out Windows Internet Explorer 85/12 8:30 AM – 9:45 AM

WUX301 – Advanced Cross-Browser AJAX Applications with Windows Internet Explorer 85/12 10:15 AM – 1130 AM

SIA315 – Windows Internet Explorer 8 Security, Inside and Out5/12 1:00 PM – 2:15 PM

WUX310 – Integrating Your Site with Windows Internet Explorer 8 Using Accelerators, Web Slices and Search Providers5/15 2:45 PM – 4:00 PM

Related ContentHands On Labs

WCL18-HOL – Managing Windows Internet Explorer 8 Security Settings in the Enterprise

WUX09-HOL – Windows Internet Explorer 8: Building Search Suggestions

WUX10-HOL – Preparing for Windows Internet Explorer 8: Application Compatibility

WUX12-HOL – Using Accelerators and WebSlices in the Enterprise

Track Resources→Want to find out which Windows Client sessions are best suited to help you in your deployment lifecycle? →Want to talk face-to-face with folks from the Windows Product Team?

Meet us today at the

Springboard Series Lounge, or visit us at www.microsoft.com/springboard

Springboard SeriesThe Springboard Series empowers you to select the right resources, at the right technical

level, at the right point in your Windows® Client adoption and management process. Come see why Springboard Series is your destination for Windows 7.

Complete an evaluation on CommNet and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS,

IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.