Migrate from Windows Embedded 8 Industry (Industry 8.1)
7/8/2014
Review the new features and tools available in Windows Embedded 8.1 Industry (Industry 8.1).
The information in this section will help you determine changes that you may need to make to your image if you migrate from Windows Embedded 8 Industry (Industry 8) to Windows Embedded 8.1 Industry (Industry 8.1).
What’s new in Windows Embedded 8.1 Industry
This section describes some of the new functionality in Industry 8.1.
Tools
In Industry 8.1, you will use Windows System Image Manager (Windows SIM) to create and manage answer files that configure and customize the default Industry 8.1 installation.
You can use Windows SIM to do the following:
- Create and manage answer files.
- Validate the settings of an answer file against a Windows image (.wim) file.
- View all of the configurable component settings in a Windows image.
- Create a configuration set that contains a complete set of portable folders with Setup files.
- Add third-party drivers, applications, or other modules to an answer file.
Windows SIM is part of the Windows Assessment and Deployment Kit (Windows ADK). For information about how to download the Windows ADK, see Windows Deployment with the Windows ADK on MSDN.
For information about how to use Windows SIM to add features to your image, see Add lockdown features to your image.
Lockdown
Assigned access lets an administrator create a single Windows Store application experience on the device. Turning on this feature turns on a predefined set of filters that blocks other actions so the end user only experiences the specified application and is unable to access system files and other applications. For more information about this feature, see Assigned access.
The new Toast Notification Filter enables you to prevent system toast notifications from displaying in Industry 8.1. For more information about this feature, see Toast Notification Filter.
The new USB Filter is a USB port and device base filter that you can use to allow trusted USB devices to connect to a system. USB Filter intercepts device connect requests and allows only USB devices with matching device product ID, device vendor ID, or device class ID set by administrator to be active and detectable. For more information about this feature, see USB Filter.
The new Lockdown Baseline Tool (LBT) captures lockdown and branding features from a reference device and puts them into a cabinet file that you can then import into System Center Configuration Manager. From Configuration Manager, you can use compliance settings to deploy the settings to multiple devices. For more information about this tool, see Capture lockdown and branding features.
End users can now install and uninstall Industry 8.1 features by using Control Panel > Programs and Features > Turn Windows Features on or off.
Industry 8.1 extends the Windows Embedded 8 Industry (Industry 8) APIs to support new lockdown functionality in the following areas:
- Gesture Filter has a new Windows Management Instrumentation (WMI) provider class that enables you to configure settings for Gesture Filter. For more information about this new class, see GF_Config.
- Unified Write Filter (UWF) has added UWF_RegistryFilter.CommitRegistryDeletion method that lets you delete a registry key or value and commit the deletion. It also has added UWF_Volume.CommitFileDeletion that lets you commit changes to a specified file to overlay for a UWF-protected volume, and to delete a file from both the overlay and the physical volume, and the following two methods that let you safely shutdown or restart a system protected by UWF, even if the overlay is full. For more information about these two methods, see UWF_Filter.ShutdownSystem and UWF_Filter.RestartSystem.
- Keyboard Filter has a new WMI class to enable and disable break out mode and key. For more information about this feature, see WEKF_Settings.
- Shell Launcher has new WMI class methods to enable or disable Shell Launcher. You must use these methods to enable Shell Launcher before you can use it. For more information, see WESL_UserSetting.IsEnabled and WESL_UserSetting.SetEnabled.
- Windows 8 Application Launcher has a new WMI provider class that enables you to configure the settings. For more information about this class, see WEMSAL_Setting.
Branding
The Unbranded Boot feature is always included in Windows Embedded 8.1 Industry (Industry 8.1) so the following settings are now off by default:
- DisableBootMenu
- DisplayDisabled
- HideAllBootUI
For information about how to change a setting, see Unbranded Boot.
The settings for Unbranded Boot are now applied in the specialize configuration pass instead of in the offline servicing pass.
You can now pass the settings to Sysprep to persist through mass deployment. For more information about mass deployment, see Mass deploy images that contain UWF.
Languages and language packs
You no longer need to install language packs by using Lpksetup or Deployment Image Servicing and Management (DISM).
You can include one of 37 default languages in each .iso image. During setup, the system automatically installs that language on the device, including the Microsoft License Software Terms in that language.
After setup, the end user can install another language pack or Language Interface Packs (LIPs) in addition to the default language by using PC Settings.
Language packs from other versions of Windows or Windows Embedded are not supported.
The following table shows the 37 languages that are available for all product keys for Windows Embedded 8.1 Industry (Industry 8.1).
Language |
ISO language-region identifier |
Arabic (Saudi Arabia) |
ar-SA |
Bulgarian (Bulgaria) |
bg-BG |
Czech (Czech Republic) |
cs-CZ |
Danish (Denmark) |
da-DK |
German (Germany) |
de-DE |
Greek (Greece) |
el-GR |
English (United Kingdom) |
en-GB |
English (United States) |
en-US |
Spanish (Spain) |
es-ES |
Estonian (Estonia) |
et-EE |
Finnish (Finland) |
fi-FI |
French (France) |
fr-FR |
Hebrew (Israel) |
he-IL |
Chinese Traditional (Hong Kong S.A.R) |
hr-HR |
Hungarian (Hungary) |
hu-HU |
Italian (Italy) |
it-IT |
Japanese (Japan) |
ja-JP |
Korean (Korea) |
ko-KR |
Lithuanian (Lithuania) |
lt-LT |
Latvian (Latvia) |
lv-LV |
Norwegian (Bokmål) |
nb-NO |
Dutch (Netherlands) |
nl-NL |
Polish (Poland) |
pl-PL |
Portuguese (Brazil) |
pt-BR |
Portuguese (Portugal) |
pt-PT |
Romanian (Romania) |
ro-RO |
Russian (Russia) |
ru-RU |
Slovak (Slovakia) |
sk-SK |
Slovenian (Slovenia) |
sl-SI |
Serbian Latin (Serbia) |
sr-Latn-RS |
Swedish (Sweden) |
sv-SE |
Thai (Thailand) |
th-TH |
Turkish (Turkey) |
tr-TR |
Ukrainian (Ukraine) |
uk-UA |
Simplified (People's Republic of China) |
zh-CN |
Chinese Traditional (Hong Kong S.A.R) |
zh-HK |
Chinese Traditional (Taiwan) |
zh-TW |
You can use DISM to install LIPs to the .iso image. The license terms for LIPs are in the parent language except for the following LIPs, which are translated to the associated language.
Display name |
Language name |
Parent language |
Basque (Basque) |
eu-ES |
es-ES, fr-FR |
Catalan (Spain) |
ca-ES |
en-ES, fr-FR |
Galician (Spain) |
gl-ES |
es-ES |
Malay (Malaysia) |
ms-MY |
en-US |
Valencian |
Ca-es-valencia |
es-ES |
The following table shows the Microsoft License Software Terms that are available for each product key.
Product key |
License terms description |
Industry 8.1 Pro (OEM and volume license) Industry 8.1 Enterprise (volume license) |
License terms for the 37 default languages are in the appropriate language. LIPs that you add to your .iso image other than Basque, Catalan, Galician, Malay, and Valencian have license terms in the parent language. |
Industry 8.1 Pro (Evaluation) Industry 8.1 Enterprise (Evaluation) |
License terms are translated for the languages shown in the following table. License terms are in English (United States) for all other languages and all LIPs. The following table shows the languages that have license terms.
LanguageISO language-region identifier
German (Germany)de-DE
English (United Kingdom)en-GB
English (United States)en-US
Spanish (Spain)es-ES
French (France)fr-FR
Italian (Italy)it-IT
Japanese (Japan)ja-JP
Korean (Korea)ko-KR
Portuguese (Brazil)pt-BR
Simplified (People's Republic of China)zh-CN
Chinese Traditional (Taiwan)zh-TW
|
Language packs from other versions of Windows or Windows Embedded are not supported.
What’s new in Windows 8.1
Because Industry 8.1 is based on Windows, all of the changes to Windows 8.1 also apply to Industry 8.1. There is no exhaustive list of changes to Windows 8.1, however the following lists show some changes that might be of interest when migrating from Industry 8.
Network features
The following list describes some new and improved network features:
- (New) To set up printing, end users can tap their device against an enterprise Near Field Communication (NFC)-enabled printer and can attach an NFC tag to their existing printers.
- (Improved) Users can now connect to Wi-Fi Direct printers without adding additional drivers or software to their device, forming a peer-to-peer network between the device and printer.
- (New) End users can pair their device through Wi-Fi Direct using NFC and then project content wirelessly from a Miracast-enabled device.
- (Improved) You can configure the VPN client to connect automatically for Microsoft and third-party inbox VPN clients.
- (Improved) Using Work Folders, end users can now create new work files and keep local copies of work files on their devices that automatically synchronize to your data center. Files created locally will sync back to the file server in the corporate environment. IT can enforce Dynamic Access Control policies on the Work Folder Sync Share, including automated digital rights management, and can require Workplace Join to be in place.
Apps
Installed apps from the Windows Store now update automatically. The following table shows changes in some specific apps.
Feature or app |
Description of change |
|---|---|
Internet Explorer 11 |
(Improved) Internet Explorer uses Windows Defender to scan binary extensions (such as. ActiveX) before potentially harmful code is executed. |
OneDrive |
(Improved) The end user sees all files and folders and can select which ones to make available offline. (Improved) OneDrive now stores end user files, start screen layout, apps and settings so the user can backup and sync across devices. |
File Explorer |
(Improved) File Explorer displays files in a simplified structure and provides a clear view of where content is stored: on OneDrive, on this PC, or on devices associated with this PC. |
Security
The following table shows some of the new and changed security features.
Feature or app |
Description of change |
|---|---|
Sign-in |
(Improved) End users can now sign in and authenticate devices using fingerprint-based biometrics and Virtual Smart Cards. |
Device Encryption |
(New) Device encryption previously found on Windows RT and Windows Phone 8 is now available in all editions of Windows. On Windows 8.1 Pro and Enterprise editions, the administrator can additionally configure BitLocker protection and add management capability. |
Web Application Proxy |
(New) The Web Application Proxy enables an administrator to publish access to corporate resources, enforce multifactor authentication, and verify a device before granting access. There is no need to provide Remote Access through Direct Access or VPN. The Web Application Proxy is a new role service in the Windows Server Remote Access role. |
Remote business data removal |
(New) Corporate data can now be identified as corporate or end user, and be encrypted or wiped on command. |
Trusted Platform Module (TPM) |
(Improved) Services such as Active Directory and web services that use certificates for authentication can now require that the certificate be bound to the hardware. This is called TPM Attestation. |
Certificate Authentication |
(New) Certificate Reputation is cloud-based service that helps protect against fraudulent certificates and help maintain trust in public key infrastructure (PKI) and the Internet. The service can detect when certificates are issued by unexpected sources, investigate any anomalies, initiate revocation, and notify certificate authority (CA) partners. |
Workplace Join |
(New) Administrators can now grant access to some corporate resources to devices not based on Windows and still enforce governance parameters on the device. Devices no longer need to be domain-joined. These capabilities work with the Dynamic Access Control features in Windows Server 2012 R2. The device must be registered with Active Directory, which allows access to corporate resources that have been published with conditional access policies. |
Devices
(Improved) You can now partition Windows to Go USB drives to have one area for the OS and a separate one for storage.
Management
The following table shows some of the new and changed management features.
Feature or app |
Description of change |
|---|---|
Remote Desktop Services |
(Improved) The virtual desktop infrastructure in Windows Server 2012 R2 enables administrators to view and remotely control active end user sessions from a Remote Desktop Session host server. |
Open Mobile Device Management (MDM) |
(New) Administrators can now use third-party MDM solutions to manage Windows 8.1. |