Security Considerations (Standard 7 SP1)
When you develop your deployment scenarios, consider how your images are maintained, how your images are deployed, and the security threats in your scenarios.
You must take safety measures to guard against network and local risks, such as unauthorized access. Configuring security mechanisms can increase your protection against such risks.
The files that are used to set up and deploy Windows Embedded Standard 7 contain sensitive data. Unattended installation answer files contain passwords and product keys. Distribution shares contain intellectual property, licensed applications, custom applications, and other data. Standard 7 images can contain an aggregate of this sensitive data. It is important to review safety measures to improve the security of your deployment infrastructure.
The following sections describe the possible security threats and recommended precautionary measures to improve security.
Keep up with the latest updates and watch for new threats that affect not only the Standard 7 images that you deploy, but also the computers that are made up of your operating environment. You can keep up with the latest Microsoft security updates and tips at the Microsoft Safety & Security Center.
Standard 7 includes many new security features. For a review of new features and configuration options, you can go to the Security TechCenter.
Answer files store sensitive data. This includes product keys, passwords, and other account information.
Restrict access to answer files. Depending on your environment, you can edit the access control lists (ACLs) or permissions on a file. Only approved accounts can have access to answer files.
To improve the security in answer files, you can hide the passwords for local accounts by using Image Configuration Editor. For more information, see Hide Sensitive Data in an Answer File.
During unattended Standard 7 installation, answer files are cached to the computer. For each configuration pass, sensitive information such as domain passwords and product keys are deleted in the cached answer file. However, other information is still readable in the answer file. Before you deliver the computer to a customer, delete the cached answer file in %WINDIR%\Panther.
Delete the answer file only if there are no settings to be processed during the oobeSystem pass. The oobeSystem configuration pass is processed immediately before Windows Welcome begins. This is typically the first time that a customer starts the computer. If you delete the answer file from this directory, those settings are not processed.
Your Standard 7 images contain custom configuration data, custom applications, and other intellectual property. There are several ways to improve the security of your Standard 7 images, both online and offline.
Restrict access to Standard 7 images. Depending on your environment, you can edit the ACLs or permissions on a file. Only approved accounts can have access to Standard 7 images.
Update your Standard 7 images with the latest fixes and software updates. There are many ways that you can service a Standard 7 image. For more information, see Maintaining Images. After servicing your Standard 7 image, test the validity and stability of the computer.
During Standard 7 installation, you can configure the computer to automatically download and install Standard 7 updates. This extends installation time but guarantees that the Standard 7 image that you are installing contains the latest updates.
Your distribution shares and configuration sets may contain private data that only approved members of your organization should access. The following are recommendations for improving security for distribution shares and configuration sets.
Restrict access to distribution share contents. Depending on your environment, you can edit the ACLs or permissions on a distribution share. Only approved accounts must have access to distribution shares.
Keep applications and device drivers updated with the latest fixes and updates.
The following recommendations apply to Windows Preinstallation Environment (Windows PE) 3.0 and network boot scenarios.
Review the documentation for the network boot tools for information about how to improve the security for the network boot infrastructure.
Use a wired network. Wireless networks are a security risk.
For more information about how to securely use Windows PE, see the Windows PE Technical Reference.