Here's how Windows 8 will allow administrators to sideload and manage apps
Summary: Microsoft slowly but surely is fleshing out some more Windows 8 details of potential interest to IT admins and business users.
Last week, with the rollout of the Windows 8 Consumer Preview, Microsoft officials focused on the consumer features and applications for its next-generation Windows client. But on March 6 (at 10 am CET/4 am ET), the business features are slated to be in the limelight.
Microsoft plans to show off some of the business features in Windows 8 this week at the CeBIT show in Germany. Specifically, the Softies are planning to use Chief Operating Officer Kevin Turner's keynote as another venue for demonstrating Microsoft's coming Windows client.
Microsoft posted for download last week a business-focused version of its Windows 8 Consumer Preview guide -- which seemed to indicate that Windows 8 on ARM (WOA) tablets won't be enabled to join Active Directory domains.
But the Softies also are slowly but surely posting more content on the company's Web site that may be of interest to business users and administrators charged with supporting Windows 8 in the coming months. Among the new content are articles on using the Assessment and Deployment Kit (ADK) and additional Microsoft deployment tools with Windows 8. There is a placeholder page for "managing Windows 8" but no content there yet beyond managing Windows Store.
The new Windows Store managability content does provide some details beyond what Microsoft officials shared at the company's Build conference in September 2011. It adds more details regarding the ability of IT administrators and developers to sideload line-of-business (LOB) applications. (Sideloading, enabled in both the Windows 8 Consumer Preview and the Windows Server 8 beta, allows the installation of apps directly to a device without going through the Windows Store. From that guidance:
"LOB apps do not need to be certified by Microsoft and cannot be installed through the Windows Store but they must be signed with a certificate chained to a trusted root certificate. It is recommended that IT administrators use the same technical certification that is done by the Windows Store on LOB apps."
Microsoft officials already have said that the Windows 8 Store will allow users to purchase and download Metro-style/WinRT apps. Desktop apps may findable from within in the store, but won't be downloadable or purchasable from inside it.
The latest Windows Store manageability article notes that IT administrators can turn off access to the Windows Store for specific groups of users and/or individual machines. Admins also can use group policy to fine-tune the automatic downloading of updates and apps that their users acquire from the Windows Store, and to "manage the abilities of sideloading app installations." The article notes that IT admins can only provide this level of Store manageability to Windows 8 devices which are domain-joined, so this may mean that WOA tablets cannot be regulated this way -- though we're still awaiting final official word from Microsoft on that one.
A few more tidbits:
- Admins can control access to which Metro style apps can be installed by using App Locker. These policies can be enabled on apps from the Windows Store or Metro style LOB apps that have been sideloaded by the admin
- App updates from the Windows Store cannot be managed by the IT admin
- All updates to apps that come from the Windows Store must be initiated by the user
- Admins can configure the ability of the Windows Store to auto download (but not install) available updates via group policy
The Windows 8 Consumer Preview has gotten a lot of positive public feedback from consumers and some press. But some business users and IT admins have expressed qualms about the mouse and keyboard navigation -- even with the Consumer Preview improvements; a desire to circumvent the tiled Metro interface; and early worries about the amount of retraining that will be required with the much-different-looking OS.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Great. Just great. Now individual developers have to be expert in...
Another proprietary technology to be locked in to. The MS deadly embrace. Sigh.
Did you actually read the article?
How do you get from that to individual developers needing to be experts in Active Directory?
So, basically they are limiting the functionality
Looks like you didn't read it...
Developers don't need to
Active Directory adminstrators? Nope, not...
That's what I was saying: More proprietary crap to deal with to be a one-person development shop.
proprietary proprietary proprietary
Android is proprietary, too. Remember that.
So Enterprises get control
Que? Where does it say that?
Oh But It Does Say Exactly That
Why Metro is likeable?
No.
?
you dont like it??? you dont think it Works for desktop and laptops... even though I AM using it as my main os and it Works perfectly fine. yeah with my mouse and keyboard, and using desktop software and it Works so much better than old start menu in alot of stuff.
why dont you help yourself alittle and mature??? maybe? move on and keep using your current OS, and then maybe get a life in the process?.
It is.
No sideloading to WOA?
[i]"We offer support for enterprises that want direct control over the deployment of Metro style LOB apps. Enterprises can choose to deploy Metro style LOB apps directly to the Windows 8 PCs they manage without going through the Windows Store infrastructure."[/i]
So if Windows on ARM (WOA) devices can't join a domain in order to come in under IT admins management, then there will be a lot of metro-style applications that can't be installed to WOA PCs.
Why would anyone develop processor architecture independent apps if the apps will only be allowed to run on x86 anyway? This sounds so silly that it makes me believe that WOA PCs can join a domain and have metro-style LOB apps installed on them.
Because there will a sh!tload of apps that won't be used on ADs
Practically any app that currently runs on iOS or Android could be ported to run on WOA without needing to hook into ADs. That's a lot of apps that could be targeted to ARM and x86/x64 Win8 devices.
Also locks out Open Source applications
No more home development for the same reason.
I'm not following...
There is or will likely be a mechanism to allow any apps you develop to be side loaded onto your box (or perhaps any developer box - the way WP7 devs can side-load apps). Without that, developing an app would be *very* difficult.
Riiiiiiiiiiiiight.
Firstly, ANYONE can develop apps for Windows 8 - just go download Visual Studio 2011 Beta (or updated dev tools from other vendors) and get going. If you were unable to side-load and test your own code on your dev & test machines, how on earth would you ever manage to test your apps?
The certification and signing process described above is all about making sure that packages which are certified by Microsoft and published to the store are cryptographically "signed with a certificate chained to a trusted root certificate". This means that the signing cert must be issued by one of the officially recognized certificate authorities and/or in the case of enterprises the corporation's trusted cert service. The aim of this is to ensure that packages installed on your PC are signed by someone you can find should you need to contact them for some reason, and that the package has not been tampered with since it was created.
This will prevent, for example, users being tricked into downloading hacked apps and drivers which have been modified to carry a toxic payload that is installed behind the scenes and which can reap havoc on your machine/device.
This has NOTHING to do with Microsoft trying to kill open-source. Nothing could be further from the truth. Microsoft is already contributes to several open source projects including Linux Kernel, jQuery, nodeJS, etc. and ships several open-source projects of its own e.g. ASP.NET MVC, IISNode, etc.