Update Windows Embedded 8.1 settings after deployment

  • Article

9/16/2013

Microsoft Corporation

September 2013

Summary

Helps you use System Center Configuration Manager to manage settings on a device running Windows Embedded 8.1 Industry (Industry 8.1).

Applies To

Windows Embedded 8.1 Industry Pro

Windows Embedded 8.1 Industry Enterprise

Introduction

In most cases, you manage Industry 8.1 settings in the same manner you manage Windows 8.1 settings. The exceptions are when your devices have Unified Write Filter (UWF) enabled, and when you need to update embedded-specific settings.

To manage embedded-specific settings on devices after deployment, change the lockdown and branding settings on a reference device, and then use Lockdown Baseline Tool (LBT) to capture the settings using and put them into a cabinet file that you can import into Configuration Manager. From Configuration Manager, you can then use compliance settings to redeploy the settings to multiple devices.

The LBT creates Windows PowerShell scripts of the settings for the following features:

  • Windows 8 Application Launcher
  • Assigned access
  • Dialog Filter
  • Gesture Filter
  • Keyboard Filter
  • Shell Launcher
  • Toast Notification Filter
  • UWF
  • USB Filter

LBT parameters

LabBaselineGenerator.exe [-u [domain\] username] [-p password | *] [-n cabinetname] [machinename]
  • domain
    User domain of the account that has the lockdown and branding settings that you want to capture.
  • username
    User account name. If null, the current user’s account will be used.
  • password
    User password. To prompt for the password, set this value to an asterisk (*).
  • cabinetname
    Name of the cabinet file that will hold the lockdown and branding settings information. This name will also be used as the baseline name in Configuration Manager. If null, LabBaseline will be used as the name.
  • machinename
    The name of the device from which to fetch the lockdown and branding settings. If null, the local device will be used as the name.

Deploy embedded settings from a reference device

Prerequisites

  • The updated lockdown and branding features are set on a reference device.
  • The LBT is on your primary computer in %Windir%\System32. You can download it from the Microsoft Download Center if needed.
  • You have access to Configuration Manager, a remote client management suite.

To capture lockdown and branding features

  1. Run the LBT as shown in the following example, where the parameters identify your reference device.

    LabBaselineGenerator.exe [-u [domain\] username] [-p password | *] [-n cabinetname] [machinename]

    The tool creates Windows PowerShell scripts of the updated settings for the lockdown and branding features that are on machinename and puts them in a configuration XML file. It then creates a cabinet file with the name that you specified as cabinetname.

  2. Import the cabinet file into Configuration Manager under Compliance settings. For more information, see How to Create Configuration Baselines for Compliance Settings in Configuration Manager on TechNet.

  3. Deploy the configuration baseline to devices. For more information, see How to Deploy Configuration Baselines in Configuration Manager on TechNet.

    The Windows PowerShell scripts run automatically and apply the updated lockdown and branding settings to the devices.

  4. Optionally, you can monitor the result of the deployment. For more information, see How to Monitor for Compliance Settings in Configuration Manager on TechNet.

Conclusion

These instructions should help you update embedded settings in Industry 8.1 devices that are deployed. Using Configuration Manager, you can not only change a configuration baseline, but you can then monitor compliance.

Additional Information

For information about how to deploy to devices that have UWF enabled, see Update Windows Embedded 8.1 devices that are protected by UWF on MSDN.