Published: October 22, 2009
Updated: October 22, 2009
Applies To: Windows 7, Windows Server 2008 R2
|This content applies to Windows 7. For Windows 8 content, see Windows Deployment with the Windows ADK.|
When you develop your deployment scenarios, consider how your images will be maintained, how your images will be deployed, and the security threats in your scenarios.
It is imperative to take safety measures to guard against network risks, as well as local risks, such as unauthorized access. Configuring security mechanisms can increase your protection against such risks.
The files used to set up and deploy Windows® contain sensitive data. Unattended installation answer files contain passwords and product keys. Distribution shares contain intellectual property, licensed applications, custom applications, and other data. Windows images can contain an aggregate of this sensitive data. It is important to review safety measures to improve the security of your deployment infrastructure.
The following sections describe the possible security threats and recommended precautionary measures to improve security.
Keep up with the latest threats and updates that affect not only the Windows images that you deploy, but also the computers that comprise your operating environment. You can keep up with the latest Microsoft security updates and tips at the Microsoft Security Web site.
You can review new Windows Client security features and configuration options at this Microsoft TechNet Web site.
Improving Security for Answer Files
Answer files store sensitive data, including product keys, passwords, and other account information.
Restrict access to answer files. Depending on your environment, you can edit the access control lists (ACLs) or permissions on a file. Only approved accounts can have access to answer files.
To improve the security in answer files, you can hide the passwords for local accounts by using Windows System Image Manager (Windows SIM). For more information, see Hide Sensitive Data in an Answer File.
During unattended Windows installation, answer files are cached to the computer. For each configuration pass, sensitive information such as domain passwords and product keys are deleted in the cached answer file. However, other information is still readable in the answer file. Before you deliver the computer to a customer, delete the cached answer file in
Delete the answer file only if there are no settings to be processed during the oobeSystem pass. The oobeSystem configuration pass is processed immediately before Windows Welcome begins. This is typically the first time a customer turns on the computer. If you delete the answer file from this directory, those settings will not be processed.
Improving Security for Windows Images
Your Windows images contain custom configuration data, custom applications, and other intellectual property. There are several ways to improve the security of your Windows images, both online and offline.
Restrict access to Windows images. Depending on your environment, you can edit the access control lists (ACLs) or permissions on a file. Only approved accounts can have access to Windows images.
Update your Windows images with the latest fixes and software updates. There are many ways you can service a Windows image. For more information, see Phase 5: Managing and Servicing Your Windows Image. After servicing your Windows image, test the validity and stability of the computer.
During Windows installation, configure the computer to automatically download and install Windows updates. This extends installation time, but ensures that the Windows image that you are installing contains the latest updates. For more information, see the
DynamicUpdatesetting in the Microsoft-Windows-Setup component in the Unattended Windows Setup Reference.
Improving Security for Distribution Shares and Configuration Sets
Your distribution shares and configuration sets contain private data that only a few members of your organization can access. The following are recommendations for improving security for distribution shares and configuration sets.
Restrict access to distribution share contents. Depending on your environment, you can edit the access control lists (ACLs) or permissions on a distribution share. Only approved accounts must have access to distribution shares.
Keep applications and device drivers updated with the latest fixes and patches.
Improving Security for Windows PE and Network Boot Scenarios
The following recommendations apply to Windows PE or network boot scenarios.
Review the documentation for your network boot tools for information about how to improve the security for your network boot infrastructure.
Use a wired network. Wireless networks are a security risk.
Note You cannot use a wireless network to boot to Windows PE
For additional information about improving security with Windows PE, see the Windows PE Technical Reference.