Export (0) Print
Expand All

Add lockdown and branding features to your image by using Windows SIM (Industry 8.1)

7/8/2014

Learn how to add lockdown and branding features to your Windows Embedded 8.1 Industry (Industry 8.1) image or device by using Windows System Image Manager (Windows SIM).

By default, lockdown and branding features are not included in the image when you first install Windows Embedded 8.1 Industry (Industry 8.1). You can use Windows System Image Manager (Windows SIM) to configure an answer file to add lockdown and branding features to your image during installation or deployment.

When you first run Windows SIM, you will need to open an Industry 8.1 .wim file and create a catalog before you can create a new answer file. Adding a feature does not necessarily enable the feature. After you add a feature to the image, you may have to configure settings for the feature in order to enable them. To enable lockdown and branding features to work correctly, you must first add the Windows Foundation Page to your answer file, then enable the ISKU-Embedded-Features, then add individual lockdown components to the appropriate configuration pass of your image and configure them as desired.

  1. Run Windows System Image Manager.

  2. On the File menu, click Select Windows Image.

  3. In the Select a Windows Image window, navigate to the location of install.wim on your Industry 8.1 media.

  4. Select install.wim and click Open.

  5. If this is the first time you are opening an Industry 8.1 .wim file, Windows SIM will ask you if you want to create a catalog file. Select Yes to allow Windows SIM to create the catalog.

  6. In the Windows Image pane, expand Packages > Foundation.

  7. Right-click the Microsoft-Windows-Foundation-Package for your architecture and select Add to Answer File.

  1. In the Microsoft-Windows-Foundation-Package pane, under Windows Feature Selections, expand ISKU-Embedded-Features.

  2. Select ISKU-Embedded-Features, click the drop-down icon, and select Enabled.

    Dn609858.Caution(en-us,WinEmbedded.82).gifCaution:
    If you do not enable ISKU-Embedded-Features, no Industry 8.1 lockdown features will be added to your image, even if you enable them, and any lockdown settings will not be applied.
  3. Under ISKU-Embedded-Features, select any lockdown features that you want to add to your image, click the drop-down icon, and select Enabled.

  1. To configure lockdown feature settings, in the Windows Image pane, expand Components, and then right-click the corresponding component to add it the settings to the pass.

    For example, to configure Keyboard Filter settings, right-click Microsoft-Windows-Embedded-KeyboardFilterService, and then select Add Setting to Pass 2 offlineServicing.

  2. In the Answer File pane, expand Components, and then expand the pass that contains the settings component for the lockdown feature.

  3. Select the component. The properties pane will contain a list of modifiable settings for the component.

    Dn609858.Caution(en-us,WinEmbedded.82).gifCaution:
    If you do not change any setting values, then the component settings will not be added to the answer file.
  4. To make further modifications to your image, see Windows SIM How-to Topics on MSDN.

The following are the lockdown and branding packages available in Windows SIM in Industry 8.1.

Custom Logon 

Package name

Microsoft-Windows-Embedded-EmbeddedLogon

Description

You can use Custom Logon to suppress Windows 8.1 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a Custom Logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.

Custom Logon settings do not modify the credential behavior for Winlogon, so you can use any credential provider that is compatible with Windows 8.1 to provide a custom sign-on experience for your device.

You must configure Custom Logon settings at design time by adding the settings to the answer file. You cannot change the configuration of Custom Logon during run time.

Package details

Microsoft-Windows-Embedded-EmbeddedLogon

Dialog Filter 

Package name

Microsoft-Windows-Embedded-DialogFilterService

Description

You can use Dialog Filter to control which dialog boxes and windows are displayed on the screen and to automatically handle dialog boxes by taking a default action, such as to close or show the dialog box. Also, in Industry 8.1, you can configure Dialog Filter to always show dialog boxes from specific processes, regardless of the specified default action.

Package details

Microsoft-Windows-Embedded-DialogFilterService

Gesture Filter 

Package name

Microsoft-Windows-Embedded-GestureFilter

Description

You can use Gesture Filter to disable the edge and corner gestures available in Industry 8.1. Gesture Filter allows you to block edge gestures (left, right, top extended swipe, and each corner) individually.

Package details

Microsoft-Windows-Embedded-GestureFilter

Keyboard Filter 

Package name

Microsoft-Windows-Embedded-KeyboardFilterService

Description

You can use Keyboard Filter to suppress undesirable key presses or key combinations. Keyboard Filter works with physical keyboards, the Windows On-Screen Keyboard, and touch keyboards. Keyboard Filter also detects dynamic layout changes, such as switching from one language set to another, and continues to suppress keys correctly, even if the location of suppressed keys has changed on the keyboard layout.

Package details

Microsoft-Windows-Embedded-KeyboardFilterService

Shell Launcher 

Package name

Microsoft-Windows-Embedded-ShellLauncher

Description

You can use Shell Launcher to replace the default Windows 8.1 shell with a custom shell. You can use any application or executable as your custom shell, such as a command window or a custom dedicated application.

Package details

Microsoft-Windows-Embedded-ShellLauncher

Toast Notification Filter 

Package name

Microsoft-Windows-Embedded-ToastFilter

Description

You can use Toast Notification Filter to prevent system toast notifications from displaying in Industry 8.1.

Package details

Microsoft-Windows-Embedded-ToastFilter

USB Filter 

Package name

Microsoft-Windows-Embedded-USBFilter

Description

You can use USB Filter to allow trusted USB devices to connect to a system. USB Filter intercepts device connect requests and allows an administrator to set which devices are allowed to be active and detectible based on the device product ID, device vendor ID, or device class ID.

Dn609858.Caution(en-us,WinEmbedded.82).gifCaution:
Although USB Filter settings are shown in Windows SIM, there is a known issue that causes these settings to be incorrectly implemented in an image. We recommend that you use Control Panel or DISM to turn on USB Filter and to use the USB Filter WMI provider to configure USB Filter.
Package details

Microsoft-Windows-Embededd-USBFilter

Unbranded Boot 

Package name

Microsoft-Windows-Embedded-Bootexp

Description

Package details

Microsoft-Windows-Embedded-Bootexp

Unified Write Filter (UWF) 

Package name

Microsoft-Windows-Embedded-UnifiedWriteFilter

Description

You can use UWF to help protect your physical storage media, including most standard writable storage types that are supported by Windows 8.1, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to made read-only media appear to the OS as a writable volume.

UWF intercepts all write attempts to a protected volume and redirects those attempts to a virtual overlay.

Package details

Microsoft-Windows-Embedded-UnifiedWriteFilter

Windows 8 Application Launcher 

Package name

Microsoft-Windows-Embedded-EmbeddedAppLauncher

Description

You can use Windows 8 Application Launcher to start a Windows Store app immediately after a user signs in to an Windows 8.1 device and to restart the app when the app exits. You can configure Windows 8 Application Launcher to launch different apps for different users. If the Windows Store app is written specifically to work with Windows 8 Application Launcher, you can configure Windows 8 Application Launcher to perform a specified action based on an exit value returned by the app.

Package details

Microsoft-Windows-Embedded-EmbeddedAppLauncher

Show:
© 2015 Microsoft