System Center
United States (English) Sign in
Home 2012 Previous Versions Library Forums Gallery
This topic has not yet been rated - Rate this topic

Planning to Deploy Windows 8 Apps in Configuration Manager

Updated: April 1, 2013

Applies To: System Center 2012 Configuration Manager SP1

noteNote
The information in this topic applies only to System Center 2012 Configuration Manager SP1.

Use the information in the following table to help you plan and prepare to deploy Windows 8 applications (apps) to System Center 2012 Configuration Manager SP1 clients in your organization.

 

Process Reference

Review the available information about the basic concepts for application management in Configuration Manager.

For introductory information about application management, see Introduction to Application Management in Configuration Manager.

Review and implement the prerequisites to deploy applications in Configuration Manager.

For information about the prerequisites for application management, see Prerequisites for Application Management in Configuration Manager.

Configure and test the Application Catalog and Software Center to enable users to browse for and install software.

For information about how to configure the Application Catalog and Software Center, see Configuring the Application Catalog and Software Center in Configuration Manager.

Review the two different available methods that you can use to deploy software to computers that run Windows 8:

  • Deploy the application by providing a link to the app in the Windows Store.

  • Deploy the app installation file (.appx file) to computers directly, bypassing the Windows Store. This process is sometimes called sideloading.

No additional information.

Review the requirements and recommendations to deploy Windows 8 apps to computers in the company. If you are deploying a line of business application, work with the application developers to ensure that the following requirements are met:

  • The technical compliance of the App has been validated to ensure that it provides a consistent Windows 8 application experience, that it meets the minimum technical requirements for an app, and that it will function correctly on future versions of Windows.

  • The app is signed by a certification authority (CA) that is trusted by the Windows 8 computers that will install the app. The publisher name in the package manifest file must match the publisher name in the certificate that signs the app.

    noteNote
    Microsoft recommends that all apps that are installed by deploying application installation files are signed by a certificate that is from a trusted certification authority. By default, Windows trusts many certification authorities without any additional configuration. If the signing certificate is from one of these trusted authorities, you do not need to deploy and manage additional certificates on Windows 8 computers that will install the Windows 8 app. You can also use your internal PKI to sign the app if computers trust the certification authority that issues the signing certificate.

    Visual Studio provides a self-signing test certificate that you can use to test apps internally. Microsoft recommends that you use these self-signed certificates for internal testing only and that you do not use them on production networks for enterprise deployment.

    ImportantImportant
    When you import a Windows 8 app into Configuration Manager, no validation is done to ensure that the app is signed. Be sure to take the steps outlined in this topic to sign the application before you import it into Configuration Manager.

For information about how to validate the technical compliance of Windows 8 apps, see Testing your app with the Windows App Certification Kit in the Windows Dev Center.

For information about how to sign apps by using Microsoft Visual Studio, see Signing an app package (Windows Store apps) in the Windows Dev Center.

Configure Windows 8 computers to allow direct installation of Windows 8 apps. To do so, use group policy to configure the following sideloading registry settings:

noteNote
Client computers that run different versions of Windows 8 have different requirements for enabling the sideloading of apps. For example, you must configure the sideloading key on a computer that runs Windows 8 Enterprise if the computer is not joined to a domain. For more information about these requirements, see the section Windows 8 Sideloading Requirements in this topic.

  • On computers that run enterprise versions of Windows 8 Enterprise, use this registry setting: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1

  • On computers that run Windows 8 Professional, use this registry setting: HKEYLOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1

For more information about how to configure group policy preferences in order to configure registry settings, see your Windows documentation.

When you create an application of the type Windows app package (in the Windows Store), you must browse to a reference computer and select the application in order to create a link. Before you can do this, you must prepare the reference computer to receive Web Service Management (WS-Management) requests from the Configuration Manager console.

See Prepare the Reference Computer for Application Browsing in this topic.

Use the following information when the steps in the preceding table require supplemental procedures.

Perform the following procedure to configure an HTTPS connection between the computer that runs the Configuration Manager console and the reference computer, which is the Windows 8 computer that contains the Windows Store applications to be browsed.

  1. Ensure that the account you use to log on to the computer that runs the Configuration Manager console has Administrator permissions on both the computer running the console and on the reference computer.

  2. At a command prompt on the reference computer, enter the following command to create an HTTPS-based listener:

    Copy 
    winrm qc –Transport:HTTPS

  3. On the reference computer, enter the following command to allow Windows PowerShell to make remote connections to the computer:

    Copy 
    enable-psremoting

  4. On the reference computer, enter the following command to remove the HTTP-based listener that was enabled by the previous command:

    Copy 
    winrm delete winrm/config/Listener?Address=*+Transport=HTTP

  5. On the reference computer, configure a Windows Firewall inbound rule for port 5986, which is the default HTTPS port that will be used for communication.

Use the following table to understand when you must configure the sideloading keys in Windows 8 or Windows Server 2012 to enable the direct installation of applications:

ImportantImportant
The Desktop Experience feature of Windows Server 2012 must be enabled if you want to install applications from the Windows Store.

 

Windows version Configure AllowAllTrustedApps registry key Domain joined Sign .appx file with trusted enterprise code signing certificate Sideloading key required

Windows 8 Enterprise

Yes

Yes

Yes. Code signing certification authority is trusted on Windows 8 clients.

Required if Enterprise client is not joined to a domain

Windows 8 Professional

Yes

Not required

Yes. Code signing certification authority is trusted on Windows 8 clients.

Yes

Windows RT

Yes

Not required

Yes. Code signing certification authority is trusted on Windows 8 clients.

Yes

Windows Server 2012

Yes

Yes

Yes. Code signing certification authority is trusted on Windows Server 2012 clients.

Does not support sideloading key
noteNote
Windows 8 Home versions do not support enterprise sideloading.

See Also

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Did you find this helpful?
(1500 characters remaining)
© 2013 Microsoft. All rights reserved.