+ Reply to Thread
Results 1 to 5 of 5
  1. Senior Member horusthesun's Avatar
    Join Date
    Apr 2013
    Location
    Buffalo,NY
    Posts
    284

    Certifications
    MTA 98-365 MTA 98-366 & MTA 98-367 C)SS & C)VA & MCSA Windows 8 & MCTS Configuring Active Directoy 70-640. Comptia Sec+, VCA-DCV, C)PEH,C)ISSO
    #1

    Default Horus' quick study guide for 70-687

    70-687 super duper study guide

    Windows 8 Editions

    Windows RT (Surface Tablets)

    ARM processor
    Only runs Windows Store Apps

    Windows 8
    • Basic...
    • For home and SOHO...
    • Geared toward consumers
    Windows 8 PRO
    • Small to medium Businesses
    • Encryption (Bitlocker & Bitlocker to go)
    Windows 8 Enterprise
    • Mobility (Direct Access)
    • WTG- Windows to go (Windows on a USB flash drive)
    32 or 64 bit?
    Answer is always 64 on 64 bit CPUs
    Higher CPU utilization
    32 bit can consume up to 4 GB (including shared video memory)
    Win 8 (64bit) -> 128 GB Win 8 Pro/Enterprise (64bit) -> 512GB
    Client Hyper-V
    Better Security (DEP= Data Execution Prevention, KAP, Requires Signed Drivers)
    Broad driver availability (Most Win 7 on Win
    Screen Resolution:
    Minimum Start screen / Windows 8 nave apps : 1024 X 768
    “Snap” Feature: 1366X 768 (load win 8 apps side by side)
    Maximum: 2560 X 1440

    Which SKU to upgrade?

    Full Upgrade
    Windows 7 starter, home basic/Premium -> Win 8
    Windows 7 starter, Home Basic/Premium, Professional, Ultimate ->Win 8 Pro
    Windows 7 Pro, Ent -> Win 8 Ent


    Migration:
    -Vista RTM /SP1, XP SP3 -> Win8, Win8 pro

    32-bit -> 32-bit
    64-bit -> 64bit








    Upgrade or Clean Install

    “Fully Compatible” upgrade Clean Install
    Personal Files (User Folder) inherit no problems
    Windows Settings Requires Centrally Stored data
    Profile home directory or backup/restore
    Hardware settings Must install APPs
    Applications app deployment solutions
    Some might need reinstallation Baseline Images (golden image )
    Disable A/V Check vendor upgrade Reconfigure windows Settings
    Minimal Interaction & Fast (Roaming profiles)
    5-Step process
    1 Evaluate (ACT, MAP, ADK)
    2 Back up
    3 Upgrade
    4 Verify
    5 Update
    Windows to Go
    Problem: in another location /w no pc of your own (BYOD)
    Reluctance to loan a workstation
    Concern of malware
    Solutions:
    RDP, CITRIX
    GUEST VMs
    Windows to Go!
    Used on a flash drive (External HDD) it is better to use with USB 3.0
    32BG only works with Windows Enterprise (may need to configure BIOS)


    Windows to Go Overview
    Entire Win8 Enterprise
    OS
    User Settings Can use Reference Image
    Programs
    DATA
    Considerations
    Windows recovery not available (re-image)
    Bitlocker Available w/o TPM
    No push button RESET
    No Hibernate/Sleep mode
    No Internal Disk visible
    Loads appropriate drivers & reloads when reconnecting
    Might need to suspend Bitlocker on host
    Store is disabled by default

    Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows 8 deployment tools such as DiskPart, ImageX, and the Deployment Image Servicing and Management (DISM) tool.
    These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the Windows Assessment and Deployment Kit to review deployment tools available

    Make sure you use the versions of the deployment tools provided for Windows 8. The deployment tools from previous version don’t support Windows to go

    Windows key + F, Type Windows to go --> follow the Wizard



    *Must use a password … no TPM*
    List of windows to go certified USB drives
    Imation IronKey Workspace
    Kingston DataTraveler Workspace
    SPYRUS Portable Workplace
    SPYRUS Secure Portable Workplace (w/ Hardware Encryption)
    SuperTalent Express RC8

    For Host PC:
    When assessing the use of a PC as a host for a Windows To Go workspace you should consider the following criteria:
    • Hardware that has been certified for use with either Windows 7 or Windows 8 operating systems will work well with Windows To Go.
    • Running a Windows To Go workspace from a computer that is running Windows RT is not a supported scenario.
    • Running a Windows To Go workspace on a Mac computer is not a supported scenario.
    The following table details the characteristics that the host computer must have to be used with Windows To Go:
    Item Requirement
    Boot process Capable of USB boot
    Firmware USB boot enabled. (PCs certified for use with Windows 7 or Windows 8 can be configured to boot directly from USB, check with the hardware manufacturer if you are unsure of the ability of your PC to boot from USB)
    Processor architecture Must support the image on the Windows To Go drive
    External USB Hubs Not supported; connect the Windows To Go drive directly to the host machine.
    Processor 1 Ghz or faster
    RAM 2 GB or greater
    Graphics DirectX 9 graphics device with WDDM 1.2 or greater driver.
    USB port USB 2.0 port or greater

    Migration Overview
    Goal: Transfer Data & User settings to New Windows 8 computer
    Upgrade no t available
    Want clean install w/o loss
    AKA “Refresh Computer Scenario”
    Two Methods
    In place:Source & Destination PCs are the same
    Side-by-Side Source & Destination PCs are Different
    Requires more time & steps
    ADVANTAGES DISADVANTAGES
    VERY CLEAN MORE TIME CONSUMING
    UPGRADE PATH NOT RELEVANT REQUIRES MIGRATIONS TOOLS
    Windows Easy Transfer
    User State Migration tool
    IMPROVED PERFORMANCE REINSTALL APPS
    AVOIDS INHERITING
    Poor configurations
    Malware
    Remnant files, deprecations
    STORAGE FOR SETTINGS
    MAY IMPACT USER PRODUCTIVITY

    WET Migration
    On win8 DVD
    Source: old PC, Target: NEW Win8
    Migrate:
    1. User profile (Admin: All users)
    2. Data
    3. App Settings
    Single, Small Migration
    Transfer via cable (USB easy transfer cable), network, ext storage
    Helpful tip decrypt all EFS files before transfer with WET
    User State Migration Tool (USMT) Technical Reference- The User State Migration Tool (USMT) 5.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 8. USMT provides a highly customizable user-profile migration experience for IT professionals.
    USMT 5.0 includes three command-line tools:
    • ScanState.exe version 6.2
    • LoadState.exe version 6.2
    • UsmtUtils.exe version 6.2
    USMT 5.0 also includes a set of three modifiable .xml files:
    • MigApp.xml
    • MigDocs.xml
    • MigUser.xml
    Single or multiple (script)
    No direct side-by-side (network)
    Export w/ scan state
    Import w/load state
    **No DC Necessary to apply domain profiles**
    **Run as Admin to ensure all settings migrate (elevate to admin in command prompt) **
    Example:
    Source PC
    C:\ scanstate m:\scanstate /o /ue:*/* /ui:example\user /i:migdocs.mxl /i:migapp.xml /encrypt /key:”usmtsecret”
    Target PC
    C:\loadstate m:\scanstate /mu:example\user :example\user /i:migdocs.xml /i:migapp.xml /decrypt /key:”usmtsecret”


    VHD (X) Advantages
    • VHDX= windows server2012
    • VHD = windows server 2008
    • Useful for VM and physical machines
    • Device detection
    • Software
    • Uniform File Management
    • Common Tools
    • Single File Restore
    • Performance Compared to VMS
    Install to VHD Deploy WIM to VHD
    WINPE WINPE,SHIFT-F10,DISKPART
    SHIFT-F10 COPY WIM to VHD
    DISKPART IMAGEX /APPLY
    INSTALL DETACH VDISK, COPY to Server
    Copy to Client
    BCDBOOT

    Folder Redirection:

    Default “My Documents”
    Locally Stored no central backup no central virus scan
    Might be illegal
    Folder Redirection Fixed theses problems
    Do not depend on roaming profiles
    Manual configuration in my Documents properties or AUTOMATE in GPO (uses Users setting in Group Policy)
    Speeds logon
    Enables offline files


    What is a Device Driver?
    Intermediary software that exchanges communication between the OS and the hardware
    Associated Files: .sys, .inf, .cat, .dll
    32-bit + 64-bit
    Signed
    Plug and Play Automation
    Install/Attach device
    OS searches for driver based on Hardware ID
    Devices usually available immediately
    Substantially more reliable than initial versions
    Some Devices also need accompanying software

    Signed Drivers
    Required in 64-bit
    Driver tested in WHQL (Windows Hardware Quality Labs)
    Good Drivers Receive Signature in CAT
    If Driver files change signature doesn’t match (Integrity)
    Signature Tools: sigverif + driversquery /si



    The Driver Store
    C:\ Windows\Systems32\Driverstore
    Many default drivers
    More added/updated
    *windows updates
    *pre-staging with pnputil.exe in command prompt
    Need to be at least a Local admin to add/update drivers
    Users can load existing drivers
    Can use Alternate driver locations
    Driver path = registry Hkey_Local_Machine --> Software Microsoft Windows CurrentVersion DevicePath
    Windows update
    Manual from media website
    Device Manager
    Primary device UI devmgmt.msc
    Main Functions
    Add legacy hardware
    View hidden devices (in the top menu view show hidden devices)
    View device properties
    Driver Management (update, disable, rollback uninstall)
    Very specific details
    View events
    Power management
    Resources
    Configure driver settings



    (work in progress)
    Last edited by horusthesun; 05-25-2013 at 02:00 AM. Reason: work in progress
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member horusthesun's Avatar
    Join Date
    Apr 2013
    Location
    Buffalo,NY
    Posts
    284

    Certifications
    MTA 98-365 MTA 98-366 & MTA 98-367 C)SS & C)VA & MCSA Windows 8 & MCTS Configuring Active Directoy 70-640. Comptia Sec+, VCA-DCV, C)PEH,C)ISSO
    #2
    Sorry I haven't add anything lately
    been busy at work
    People quite, so I am pulling doubles and training noobs
    Reply With Quote Quote  

  4. Senior Member horusthesun's Avatar
    Join Date
    Apr 2013
    Location
    Buffalo,NY
    Posts
    284

    Certifications
    MTA 98-365 MTA 98-366 & MTA 98-367 C)SS & C)VA & MCSA Windows 8 & MCTS Configuring Active Directoy 70-640. Comptia Sec+, VCA-DCV, C)PEH,C)ISSO
    #3
    Secure boot :

    Signature Databases and Keys:
    The firmware has two databases.
    1) List of the signers or image hashes of the UEFI applications, OS loaders and UEFI drivers(Signature DB)
    2) list the revoked images for items that are no longer trusted (Revoked Signature DB)

    Microsoft signs the Microsoft Operating System Loader (called Boot Manager) with a signer that must be included in the database when systems are manufactured.
    Key Enrollment Key database (KEK) is a separate database of signing keys that can be used to update the signature database and revoked signatures database. Microsoft requires a specified key to be included in the KEK database so that in the future Microsoft can add new operating systems to the signature database or add known bad images to the revoked signatures database.

    The OEM stores the signature database, revoked signatures database, and KEK signature databases on the firmware nonvolatile RAM

    After these databases have been added, and after final firmware validation and testing, the OEM locks the firmware from editing, except for updates that are signed with the correct key or updates by a physically present user who is using firmware menus, and then generates a platform key (PK). The PK can be used to sign updates to the KEK or to turn off Secure Boot.

    Boot Sequence:

    When the pc is turned on ... signature databases are checked against the platform key
    IF the firmware is not trusted, the UEFI firmware must initiate OEM-specific recovery to restore trusted firmware
    When the Windows Boot manager fails to load the firmware will attempt to boot a back copy of Windows Boot Manager.
    When the back up Windows Boot manager the firmware will initiate the OEM-specific remediation
    After Windows Boot Manager has started running, if there is a issue with the drivers or NTOS kernel, Windows Recovery Environment (Windows RE) is loaded so that theses drivers or the kernel image can be recovered.
    After this, Windows loads anti-malware software
    Finally, Windows loads other kernel drivers and initializes the user mode processes



    *Secure Boot does not require a Trusted Platform Module (TPM).*

    Reply With Quote Quote  

  5. Senior Member horusthesun's Avatar
    Join Date
    Apr 2013
    Location
    Buffalo,NY
    Posts
    284

    Certifications
    MTA 98-365 MTA 98-366 & MTA 98-367 C)SS & C)VA & MCSA Windows 8 & MCTS Configuring Active Directoy 70-640. Comptia Sec+, VCA-DCV, C)PEH,C)ISSO
    #4
    Example of manage-bde

    C:\WINDOWS\system32>manage-bde -status
    BitLocker Drive Encryption: Configuration Tool version 6.2.9200
    Copyright (C) 2012 Microsoft Corporation. All rights reserved.


    Disk volumes that can be protected with
    BitLocker Drive Encryption:
    Volume F: [Catwoman]
    [Data Volume]


    Size: 1863.01 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found


    Volume G: [redhoodbackupdrive]
    [Data Volume]


    Size: 736.10 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found


    Volume C: [Gateway]
    [OS Volume]


    Size: 684.54 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Key Protectors: None Found


    Volume A: [share]
    [Data Volume]


    Size: 195.41 GB
    BitLocker Version: None
    Conversion Status: Fully Decrypted
    Percentage Encrypted: 0.0%
    Encryption Method: None
    Protection Status: Protection Off
    Lock Status: Unlocked
    Identification Field: None
    Automatic Unlock: Disabled
    Key Protectors: None Found
    Reply With Quote Quote  

  6. Senior Member horusthesun's Avatar
    Join Date
    Apr 2013
    Location
    Buffalo,NY
    Posts
    284

    Certifications
    MTA 98-365 MTA 98-366 & MTA 98-367 C)SS & C)VA & MCSA Windows 8 & MCTS Configuring Active Directoy 70-640. Comptia Sec+, VCA-DCV, C)PEH,C)ISSO
    #5
    RandoM Windows 8 Knowledge

    When you add multiple gateways under the Advance TCP/IP settings and change the metric for each gateway, the computer will use the lowest metric as log as it is reachable When the gateway becomes unreachable, it will use the gateway with the next lowest metric

    You Should use the same Microsoft account to log onto all the computers, to ensure all the computers have the same Windows Store Apps
    * Associated the Windows settings with your user account and make them available when you sign in t your windows 8 pc
    * Save sign-in Credentials for the different apps and websites and associate the with your Microsoft Account
    * Make your purchased windows apps available on multiple Windows 8 PC

    Unified Extensible Firmware Interface is the new standard for PC firmware. It has Windows boot components that are incompatible with PCs that still use the older style BIOS firmware
    In order to configure a Windows to GO USB stick to support both types of machines you need to run this command

    bcdboot %windir% /s <your USB stick drive letter> /f ALL

    by doing this, you can create a single FAT32 partition at the start of the USB stick that supports booting from either type of PC firmware. In this instance, the Windows 8 OS partitions is still protected by NTFS and bitlocker

    To create a custom system image that can be used for windows refresh you should use the recovery image creation utility, recimg.exe.
    This utility is designed for creating a snapshot of the OS and installed applications. The snap shot is stored in the .WIM file
    Last edited by horusthesun; 06-26-2013 at 11:07 PM. Reason: Random Access Memories
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks