Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
9/16/2013
Microsoft Corporation
September 2013
Helps you use System Center Configuration Manager to manage settings on a device running Windows Embedded 8.1 Industry (Industry 8.1).
Windows Embedded 8.1 Industry Pro
Windows Embedded 8.1 Industry Enterprise
In most cases, you manage Industry 8.1 settings in the same manner you manage Windows 8.1 settings. The exceptions are when your devices have Unified Write Filter (UWF) enabled, and when you need to update embedded-specific settings.
To manage embedded-specific settings on devices after deployment, change the lockdown and branding settings on a reference device, and then use Lockdown Baseline Tool (LBT) to capture the settings using and put them into a cabinet file that you can import into Configuration Manager. From Configuration Manager, you can then use compliance settings to redeploy the settings to multiple devices.
The LBT creates Windows PowerShell scripts of the settings for the following features:
- Windows 8 Application Launcher
- Assigned access
- Dialog Filter
- Gesture Filter
- Keyboard Filter
- Shell Launcher
- Toast Notification Filter
- UWF
- USB Filter
LabBaselineGenerator.exe [-u [domain\] username] [-p password | *] [-n cabinetname] [machinename]
- domain
User domain of the account that has the lockdown and branding settings that you want to capture.
- username
User account name. If null, the current user’s account will be used.
- password
User password. To prompt for the password, set this value to an asterisk (*).
- cabinetname
Name of the cabinet file that will hold the lockdown and branding settings information. This name will also be used as the baseline name in Configuration Manager. If null, LabBaseline will be used as the name.
- machinename
The name of the device from which to fetch the lockdown and branding settings. If null, the local device will be used as the name.
Prerequisites
- The updated lockdown and branding features are set on a reference device.
- The LBT is on your primary computer in %Windir%\System32. You can download it from the Microsoft Download Center if needed.
- You have access to Configuration Manager, a remote client management suite.
Run the LBT as shown in the following example, where the parameters identify your reference device.
LabBaselineGenerator.exe [-u [domain\] username] [-p password | *] [-n cabinetname] [machinename]The tool creates Windows PowerShell scripts of the updated settings for the lockdown and branding features that are on machinename and puts them in a configuration XML file. It then creates a cabinet file with the name that you specified as cabinetname.
Import the cabinet file into Configuration Manager under Compliance settings. For more information, see How to Create Configuration Baselines for Compliance Settings in Configuration Manager on TechNet.
Deploy the configuration baseline to devices. For more information, see How to Deploy Configuration Baselines in Configuration Manager on TechNet.
The Windows PowerShell scripts run automatically and apply the updated lockdown and branding settings to the devices.
Optionally, you can monitor the result of the deployment. For more information, see How to Monitor for Compliance Settings in Configuration Manager on TechNet.
These instructions should help you update embedded settings in Industry 8.1 devices that are deployed. Using Configuration Manager, you can not only change a configuration baseline, but you can then monitor compliance.
For information about how to deploy to devices that have UWF enabled, see Update Windows Embedded 8.1 devices that are protected by UWF on MSDN.