Chapter 7
Configuring Applications

MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER:

• ✓   Deploy and manage Azure RemoteApp.
  • This objective may include but is not limited to the following subobjectives: Configure RemoteApp and Desktop Connections settings, configure Group Policy Objects (GPOs) for signed packages, subscribe to the Azure RemoteApp and Desktop Connections feeds, export and import Azure RemoteApp configurations, support iOS and Android, configure remote desktop web access for Azure RemoteApp distribution.
• ✓   Support desktop apps.
  • This objective may include but is not limited to the following subobjectives: The following support considerations including: Desktop app compatibility using Application Compatibility Toolkit (ACT) including shims and compatibility database; desktop application co-existence using Hyper-V, Azure RemoteApp, and App-V; installation and configuration of User Experience Virtualization (UE-V).
• ✓   Support Windows Store and cloud apps.
  • This objective may include but is not limited to the following subobjectives: Install and manage software by using Microsoft Office 365 and Windows Store apps, sideload apps into online and offline images, integrate Microsoft account including personalization settings.

  In this chapter, we will look at how to configure applications on Windows 10. One of the issues with applications is that they may not work properly on a newer operating system. We will look at the ways to allow older applications to work on Windows 10.

We will also look at two different ways to browse the Internet: Edge and Internet Explorer. As the Internet and the World Wide Web have increased exponentially in both content and features, Microsoft has continually enhanced and added new functionality to its browser. The current version is Windows Internet Explorer 11, or IE11.

With the increase in the functionality of browsers and in their ease of use, there has been an increase in the way websites are used to provide content for end users in the public space (Internet browsing) as well as for private corporate browsing. With the introduction of IE11, Microsoft has taken the usability that end users want to new levels as well as provided a good deal of security enhancement. This gives the user the best and easiest browsing environment and provides a balance of security information about the sites and pages being viewed.

Supporting Desktop Applications

As IT professionals, many of us think of managing applications simply as installing applications on the computer. But there are other details that may need to be configured to allow applications to run faster and more efficiently.

As operating systems evolve, one issue that you can run into is that your applications may not work properly on the newer version of the operating system. Microsoft has developed a few different ways to help you combat this issue.

Using the Application Compatibility Toolkit (ACT)

When new Windows operating systems are installed, applications that ran on the previous version of Windows may not work properly. The Application Compatibility Toolkit (ACT) allows an administrator to help solve these issues before they occur.

The Application Compatibility Toolkit allows IT professionals to decide if an application is compatible with the Windows 10 operating system before rolling out the new Windows 10 OS to the entire network. ACT also allows IT departments to decide how updating to Windows 10 will impact the applications on the domain.

IT professionals can use the ACT features to do the following:

• Verify that all of the corporate applications and computer hardware are compatible with Windows 10.
• Test the corporate applications for User Account Control (UAC)–related issues.
• Test the corporate web applications and websites for compatibility with new versions and security updates to Windows Internet Explorer.

After installing ACT, there are three phases of how ACT works within the network.

Phase 1: Collecting Your Compatibility Data Phase 1 consists of your IT department collecting all compatibility data from the software packages as well as creating and configuring your data-collection packages (DCPs). Phase 1 also includes information about how to distribute your DCPs and how to perform common collection tasks, such as importing or exporting DCP settings.

Phase 2: Analyzing Your Compatibility Data Phase 2 analyzes the information that you collected in Phase 1. Phase 2 allows an administrator to gather information and procedures and to filter and organize the data collected in Phase 1. Phase 2 also provides information about your application compatibility reports, issues, and solutions.

Phase 3: Testing and Mitigating Your Compatibility Issues Phase 3 consist of testing guidance and procedures for using the development tools. These tools include the Standard User Analyzer (SUA), the Internet Explorer Compatibility Test Tool (IECTT), and the Compatibility Administrator, which allow administrators to fix their compatibility issues. Phase 3 also consists of information about the application fix (also known as “Shims”) library, and the known Internet Explorer security feature issues.

Understanding Application Fix (Shims)

When new operating systems get released, older applications may not run, and you may not be able to get a newer version of the application. For example, a vendor that sold you an application may have gone out of business, but the application is still needed in your organization.

If you install the application on Windows 10, there may be issues. This is where Shims will apply. The Shims is a coding fix that allows the application to function properly.

The Shim Infrastructure consists of application programming interface (API) hooking. This means the Shim Infrastructure uses linking to redirect API calls from the Windows operating system to the alternative code called the shim.

To have Shims created, you must first contact Microsoft. Microsoft must create the Shim; Microsoft does not offer any custom tools to allow for private creation. Microsoft does include shims with Windows 10, and new shims will be available through Windows Update as they are created.

File Extension Association

When dealing with applications and software packages, you may need to associate a file extension (shown in Figure 7.1) with a software package. For example, you may want all files with the filename extension .asx to be played through Windows Media Player. You have the ability to set these file-extension associations in Default Programs in Control Panel. Within Default Programs, there is link called “Associate a file type or protocol with a specific program.”

Figure 7.1 Filename-extension association

Using Hyper-V for Desktop Applications

Virtualization—the ability to run one operating system on top of another—is sweeping the computer industry. Microsoft has a virtualization environment called Hyper-V that can operate on its client software. Hyper-V allows you to create and manage virtual machines without the need for a server operating system on different hardware. The advantage of virtualization is that you can run multiple operating systems like Windows XP, Windows Vista, Windows 7, Windows 8/8.1, or Windows 10 all on the same hardware.

Hyper-V gives you the ability to set up virtualization on a client operating system. This is very beneficial for anyone in the industry who has to do testing or configuration. Hyper-V on Windows 10 is not really meant to run a network as Hyper-V on Windows Server 2012 R2 does, but it does give an administrator the ability to test software and patches before installing them live on a network or running applications in an operating system other than the installed one. Also, it is beneficial to research problems in a controlled environment and not on a live system where you can end up doing more harm than good.

Finally, Hyper-V gives you a training advantage. Think about having the ability to train users on a real product like Windows Server 2012 R2 or Windows 10 without needing to purchase additional equipment. Hyper-V allows you to train users on products and software while using only one machine. I will now briefly explain the differences between these forms of virtualization:

Server Virtualization This basically enables multiple servers to run on the same physical server. Hyper-V is a server virtualization tool that allows you to move physical machines to virtual machines and manage them on a few physical servers. Thus, you will be able to consolidate physical servers.

Presentation Virtualization When you use presentation virtualization, your applications run on a different computer and only the screen information is transferred to your computer. An example of presentation virtualization is Microsoft Remote Desktop Services in Windows Server 2012 R2.

Desktop Virtualization Desktop virtualization provides you with a virtual machine on your desktop, comparable to server virtualization. You run your complete operating system and applications in a virtual machine so that your local physical machine just needs to run a very basic operating system. An example of this form of virtualization is Microsoft Virtual PC.

Application Virtualization Application virtualization helps prevent conflicts between applications on the same PC. Thus, it helps you to isolate the application running environment from the operating system installation requirements by creating application-specific copies of all shared resources, and it helps reduce application-to-application incompatibility and testing needs. An example of an application virtualization tool is Microsoft Application Virtualization (App-V).

---

  Hyper-V Advantages

As an instructor and consultant, I can’t say enough about how valuable Hyper-V can be as a tool. I have used it on many occasions to either test a piece of software before installation or find an answer to a problem in a controlled environment.

At the time this book is being written, I use Microsoft Windows 7 Professional on my laptop. On that same laptop I have a version of virtualization with both Windows Server 2012 R2 and Windows 10 Professional operating system virtual machines.

While I am on a client site or while I am in the classroom, having a way to test and research problems using multiple operating systems on one client computer system is invaluable.

---

Hyper-V Features

As a lead-in to the virtualization topic and Hyper-V, I will start with a list of key features, followed by a list of supported guest operating systems. This should provide you with a quick, high-level view of this feature before we dig deeper into the technology.

Key Features of Hyper-V

The following list briefly describes the key features of Hyper-V:

New Architecture The hypervisor-based architecture, which has a 64-bit micro-kernel, provides an array of device support as well as performance and security improvements.

Operating System Support Both 32-bit and 64-bit operating systems can run simultaneously in Hyper-V. Also, different platforms like Windows, Linux, and others are supported.

Support for Symmetric Multiprocessors Support for up to four processors in a virtual machine environment provides you with the ability to run applications as well as multiple virtual machines faster.

Network Load Balancing Hyper-V provides support for Windows Network Load Balancing (NLB) to balance the network load across virtual machines on different servers.

New Hardware Architecture Hyper-V’s architecture provides improved utilization of resources like networking and disks. This allows an IT department the ability to run multiple operating systems on the same host without each system interfering with the other systems.

Quick Migration Hyper-V’s Quick Migration feature provides you with the functionality to run virtual machines in a clustered environment with switchover capabilities when there is a failure. Thus, you can reduce downtime and achieve higher availability of your virtual machines.

Virtual Machine Snapshot You can take snapshots of running virtual machines, which provides you with the capability to recover to any previous virtual machine snapshot state quickly and easily.

Resource Metering Hyper-V resource metering allows an organization to track usage within the businesses departments. It allows an organization to create a usage-based billing solution that adjusts to the provider’s business model and strategy.

Scripting Using the Windows Management Instrumentation (WMI) interfaces and APIs, you can easily build custom scripts to automate processes in your virtual machines. Administrators also have the ability to use PowerShell cmdlets to do scripting.

RemoteFX Windows 10 Hyper-V RemoteFX allows for an enhanced user experience for RemoteFX desktops by providing a 3D virtual adapter, intelligent codecs, and the ability to redirect USB devices in virtual machines.

Fibre Channel The virtual Fibre Channel feature allows you to connect to the Fibre Channel storage unit from within the virtual machine. Virtual Fibre Channel allows an administrator to use their existing Fibre Channel to support virtualized workloads. Hyper-V users have the ability to use Fibre Channel storage area networks (SANs) to virtualize the workloads that require direct access to SAN logical unit numbers (LUNs).

Enhanced Session Mode Enhanced Session Mode enhances the interactive session of the Virtual Machine Connection for Hyper-V administrators who want to connect to their virtual machines. It gives administrators the same functionality as a remote desktop connection when the administrator is interacting with a virtual machine.

In previous versions of Hyper-V, the virtual machine connection gave you limited functionality while you connected to the virtual machine screen, keyboard, and mouse. An administrator could use an RDP connection to get full redirection abilities, but that would require a network connection to the virtual machine host.

Enhanced Session Mode gives administrators the following benefits for local resource redirection:

• Display configuration
• Audio
• Printers
• Clipboard
• Smart cards
• Drives
• USB devices
• Supported Plug and Play devices

Shared Virtual Hard Disk Windows 10 Hyper-V has a feature called Shared Virtual Hard Disk; Shared Virtual Hard Disk allows an administrator to cluster virtual machines together by using the shared virtual hard disk (VHDX) files.

Shared virtual hard disk allows an administrator to build a high availability infrastructure which is very important if you are setting up either a private cloud deployment or a cloud-hosted environment for managing large workloads. Shared virtual hard disks allow two or more virtual machines to access the same virtual hard disk (VHDX) file.

Automatic Virtual Machine Activation (AVMA) Automatic Virtual Machine Activation (AVMA) is a new feature that allows administrators to install virtual machines on a properly activated Windows 10 system without the need to manage individual product keys for each virtual machine. When using AVMA, virtual machines get bound to the licensed Hyper-V server as soon as the virtual machine starts.

Dynamic Memory Dynamic Memory is a new feature of Hyper-V that allows it to balance memory automatically among running virtual machines. Dynamic Memory allows Hyper-V to adjust the amount of memory available to the virtual machines in response to the needs of the virtual machine. It is currently available for Hyper-V in Windows 10.

Installing Hyper-V

To run Hyper-V, you need a minimum processor of an x64-compatible processor with Intel VT or AMD-V technology enabled. Hardware Data Execution Prevention (DEP), specifically Intel XD bit (execute disable bit) or AMD NX bit (no execute bit), must be available and enabled. Minimum: 1.4 GHz. Recommended: 2 GHz or faster.

Your system memory (RAM) should be at minimum at least 1 GB of RAM, but recommended is at least 2 GB RAM or greater (additional RAM is required for each running guest operating system) with a maximum of 1 TB.

Your system’s hard drive should be a minimum of 8 GB, recommended 20 GB or greater. (Additional disk space needed for each guest operating system.).

You can load Hyper-V on some versions of the following operating systems: Windows 10, Windows 8/8.1, and Windows Server 2008/2008 R2 and 2012/2012 R2. As for as Windows 10 Hyper-V, you need to use one of the following versions: Enterprise, Professional, or Education. Exercise 7.1 walks you through the process of installing the Hyper-V role on Windows 10 Enterprise.

---

EXERCISE 7.1

Installing Hyper-V

1. Open the Programs And Features tool by clicking Start ➢ Control Panel ➢ Programs And Features.
2. Click the Turn Windows Features On Or Off link in the upper-left corner.
3. Scroll down the features list and check the Hyper-V check box (shown in Figure 7.2). Click Next.
4. The installation wizard will take a few minutes to install Hyper-V. Once Windows has finished installing Hyper-V, click the Close button.
5. Restart your server.

---

Figure 7.2 Hyper-V check box

---

   There may be a time when you need to remotely execute PowerShell commands on a virtual machine. To do this, you need to run the Invoke-Command command and specify which VM you’re connecting to (the -VMName parameter).

---

Configuring User Experience Virtualization (UE-V)

To help you fully understand the benefits of Microsoft User Experience Virtualization (UE-V), I need to explain the benefits of roaming profiles. Roaming profiles were used to allow a user to go from one system to another but still have the exact same desktop and settings. Well UE-V is roaming profiles on steroids.

Microsoft UE-V is a virtualization platform that allows users to move from one Windows system to another but they get to keep the same Windows operating system and all of their settings. This allows users to feel comfortable moving from one device to another because their current operating system and settings follow them wherever they go.

So how does UE-V actually allow users to move around? UE-V uses XML templates that allow users to save their operating system and settings. Actually, with the use of the XML template files, you can choose which settings get saved and moved between Windows operating systems. The XML templates know exactly how all of the application settings are saved throughout the file system.

Microsoft UE-V provides the following benefits:

• Administrators have the ability to specify exactly which application and desktop settings synchronize between the operating systems.
• Administrator have the ability to create their own custom templates for third-party applications.
• Users have the ability to recover their settings and applications after any type of hardware changes.
• Users can access their settings from any location and on any Windows device.

UE-V Components

Now that you understand UE-V, let’s take a look at some of the components needed to make it all work properly. Table 7.1 lists all of the different components and describes what each component does.

Table 7.1 UE-V components

Component	Description
UE-V agent	The UE-V agent gets installed on every Windows operating system that you want to synchronize settings with. The UE-V agent also observes all of the applications and settings for the Windows operating system.
Settings packages	UE-V agents take all of the settings and applications on a system and turn those into an application package. These application packages are created locally, and then they are copied to a shared network location.
Settings storage share	Administrators must create a network share that will house all of the setting packages. The UE-V agent will verify that the network share is configured properly, and then the UE-V agent will create a hidden system folder for the user’s settings.
Settings location templates	XML templates are used to synchronize the application and settings files. UE-V includes a few templates by default, but you have the ability to create your own.
Windows apps list	The Windows apps list is used to determine which Windows applications will get synchronized. UE-V uses the Windows apps list to know which apps and files get copied to the settings package.

Installing and Configuring UE-V

Installing UE-V is not a very complicated process. First thing that you must do is download the Microsoft Desktop Optimization Pack (MDOP). Microsoft UE-V is part of the MDOP software package. Then you need to create a network share that we can store your UE-V templates at. After the share is created, you must make sure that you set up the permissions properly on that shared drive. After you have created the network share, you then have to install the UE-V agent. The UE-V agent allows the Windows operating system to share its settings to the network. Then you just need to test your configurations, and you are all set. To set up the UE-V agent, you need to run the following executable along with the path of the network share:

AgentSetup.exe SettingsStoragePath=\\server\settingsshare\%username%

When you install UE-V, certain Windows files and apps get stored automatically. The following list shows some of the apps and files that get copied automatically.

UE-V synchronizes settings for some Microsoft applications by default. Here is a partial list of just some of the applications that get synchronized by default:

• Microsoft Office 2013 applications (UE-V 2.1 SP1 and 2.1)
• Microsoft Office 2010 applications (UE-V 2.1 SP1, 2.1, and 2.0)
• Microsoft Office 2007 applications (UE-V 2.0 only)
• Internet Explorer 8, 9, and 10
• Internet Explorer 11 in UE-V 2.1 SP1 and 2.1
• Windows applications, such as Xbox
• Windows desktop applications, such as Microsoft Calculator, Notepad, and WordPad
• Windows settings, such as desktop background or wallpaper

---

   Since the Microsoft Desktop Optimization Pack is needed to do this installation, I did not include a lab. If you have the ability to download the MDOP, go to https://technet.microsoft.com/en-us/library/dn479305(v=vs.85).aspx to get step-by-step procedures for installing and using UE-V.

---

Understanding AppLocker

Since we’re talking about how we should support applications, then we also need to look at how we lock down applications. AppLocker is a feature included with Windows (Windows 7 and higher) that allows administrators to lock out certain applications from running. AppLocker can also be run from a GPO on a Windows Server (2008 and above) to lock an application out of the entire domain.

AppLocker allows administrators to control how network users can access and use certain files like executables (.exe and .com), scripts (.ps1, .bat, .cmd, .vbs, and .js), DLLs (.dll and .ocx), and Windows Installer files (.msi and .msp). AppLocker allows you to do the following;

• Test the AppLocker policy before implementing it by using the audit-only mode.
• Set file attribute rules using the application’s digital signature, product name, filename, or even file version.
• Place rules on individuals or security groups.
• Set exceptions for any rule.
• Administrators have the ability to import or export rules.
• AppLocker can be managed by using PowerShell cmdlets.

When setting an AppLocker rule, all files for that rule will be denied from working unless you create a rule exemption. If there are no AppLocker rules for a specific file format, then all of those files will be allowed to work on the system. When setting AppLocker rules, the rules can be allowed or denied.

• Allow: Administrators have the ability to determine which files are permitted to run in the corporate environment. Administrators also have the ability to configure exceptions to the rules.
• Deny: Administrators have the ability to determine which files are not permitted to run in the corporate environment. Administrators also have the ability to configure exceptions to the rules.

Understanding Azure

Before I start talking about Azure, you first must understand that Azure is more than one thing—it’s like a suite of tools and applications. Azure is a subscription-based service from Microsoft that offers many resources to help any size organization get the most out of Microsoft products. Figure 7.3 shows just some of the services offered by Azure. You have the ability to use Azure Active Directory, Azure backups, Windows applications, Azure virtual machines, and Windows Servers, among many other things.

Figure 7.3 Azure options

Azure Active Directory is the Microsoft version of Directory Services. In short, Active Directory is a set of services that help you secure and manage your network. There are multiple components of Active Directory:

• Active Directory Domain Services (AD DS)
• Active Directory Certificate Services (AD CS)
• Active Directory Federation Services (AD FS)
• Active Directory Rights Management Services (AD RMS)
• Active Directory Lightweight Directory Services (AD LDS)

---

   I will talk about Active Directory in greater detail in Chapter 9, “Configuring Network Connectivity.”

---

Let’s look at some of the Azure applications (some of which are shown in Figure 7.4) that you can configure and manage, starting with All Items in the upper-left corner.

Figure 7.4 Azure applications

All Items The All Items feature shows you all of the applications and services that you currently subscribe to. The All Items feature allows you to manage and manipulate all of your services from one location.

Web Apps The Web Apps feature allows developers to quickly develop, deploy, and manage websites and web apps. Developers can build web apps using .NET, Node.js, PHP, Python, and Java. Developers can use a single backend to create web apps and mobile apps for employees or customers.

Virtual Machines The Virtual Machine feature allows IT Administrators to quickly create and manage cloud-based virtual machines. The Virtual Machines feature allows an administrator to quickly deploy a wide range of computing solutions and pay by the minute for the use of the virtual machines. The Virtual Machine Feature allows an administrator to work with multiple operating systems including Windows, Linux, Microsoft SQL Server, Oracle, IBM, SAP, and Azure BizTalk Services.

Cloud Services Azure Cloud Services allows an organization to create, package, and deploy applications and services to the cloud with the click of a button. Once an organization creates an application, Microsoft does the rest. Azure handles all aspects from provisioning, load-balancing, and health monitoring. Your organization’s application is supported by an industry-leading 99.95-percent guaranteed uptime.

Batch Services Azure Batch services allow you to execute large-scale batch jobs. Administrators have the ability to run these batch jobs either on demand or on a schedule.

SQL Databases Azure SQL Database is a database service modeled after the Microsoft SQL Server software. The one major advantage of using the cloud-based version of SQL services is that you get all of the benefits of SQL like performance, scalability, no downtime, business continuity, and data protection—all with near-zero administration. This gives your organization the ability to focus on application development instead of focusing on managing virtual machines and infrastructure. The SQL Database feature is available in Basic, Standard, and Premium service tiers.

Storage Azure Storage provides organizations with the ability to store and retrieve large amounts of data in the cloud. Administrators have the ability to store data, such as documents and media files, while giving your organization scalability, reliability, and redundancy. Through the use of Microsoft’s Azure cloud-based system, you get a cost-efficient way to store all of your company’s data in one location.

HDInsight Azure HDInsight is an Apache Hadoop server located in the cloud. Using HDInsight allows an organization to handle any amount of data on demand, from gigabytes to petabytes.

Media Services Azure Media Services gives a company the ability to enable enterprise streaming solutions worldwide. Azure Media Services allows a company to have a powerful and scalable cloud-based encoding, encryption, and streaming system.

Service Bus Azure Service Bus is a cloud-based messaging system for connecting applications, services, and devices. The real advantage of using Azure Service Bus is that you can connect any of these items wherever the items are located. You can even use Service Bus to connect other devices like tablets or phones to an application or each other.

Mobile Engagement The Mobile Engagement feature gives an organization the ability to have real-time analytics. Using these analytics allows an IT department to solve problems with their network or applications. For example, you can see if your network is having bottlenecks and take measure to help solve the bottleneck.

Visual Studio Team Services Visual Studio is one of the most popular ways for developers to create packages. Visual Studio Team Services allows developers to plan, build, and send software across a multitude of operating systems. Since this is a cloud-based app, the advantage of using Visual Studio Team Services is that you get the benefits of Visual Studio without having the need to install or configure a single Windows server.

Cache Microsoft Azure Cache allows quick access to your corporate applications without the need to have a lot of memory local on your system. The Cache is a cloud-based memory system that is a scalable solution that allows corporations to create applications by providing fast access to data.

BizTalk Services BizTalk Services allows cloud-based applications to communicate with each other or with on-premise applications. Because cloud-based apps run in their own cloud space, there is an issue with messaging and transport protocol mismatches. This is where BizTalk can help. BizTalk bridges the gap between the apps and your onsite services.

Recovery Services Azure Recovery Services allows an organization to back up and recover their data in the cloud. Recovery Services is a subscription-based backup service that is controlled by Microsoft.

Scheduler Azure Scheduler allows an administrator to schedule jobs in the cloud that consistently initiate service requests inside or outside of Azure. Administrators have the ability to run tasks right away, on a recurring schedule, or in the future.

API Management Microsoft Azure API (application program interface) Management allows an administrator to manage APIs among internal departments, partners, and developers. API Management allows administrators to use the tools needed for provisioning user roles, developing usage plans and quotas, applying policies, and monitoring alerts.

Networks Azure Virtual Network allows you to create an isolated and secure environment that you can run virtual machines and applications in. Administrators can use private IP addresses, subnets, access control policies, and almost anything that you can do with a physical network.

RemoteApp Azure RemoteApp allows an administrator to provide secure, remote access to applications from multiple user devices. Azure RemoteApp allows users to host temporary Terminal Server sessions in the cloud. These Terminal Server sessions can be used and shared by other users in your network. RemoteApp is discussed in greater detail in the “Using Azure RemoteApp and App-V” section that follows this list of apps.

Active Directory Azure Active Directory allows an organization to use and manage an Active Directory network without the need of setting up Windows Servers. Users can still use a single sign-on for any cloud-based or web application.

Marketplace Azure Marketplace is your one-stop store for thousands of software applications, developer services, and data. These applications are automatically configured for use with Microsoft Azure.

Using Azure RemoteApp

As stated earlier in the chapter, Azure RemoteApp allows an administrator to provide secure, remote access to applications from multiple user devices. Azure RemoteApp allows users to host temporary Terminal Server sessions in the cloud. These Terminal Server sessions can be used and shared by other users in your network.

Azure RemoteApp allows users to share resources and applications on any device type. It can do this because your organization’s applications are hosted in the cloud. Since all of your applications are cloud-based, any device with Internet access can then gain access to the applications. The one main advantage of using Azure RemoteApp is that you do not need to build and use servers in your organization to run your apps. After you upload your applications to the cloud, you then manage all of your applications through the Azure portal.

Then after the applications are loaded to the cloud, your users can access those applications from any device in the world. It does not matter on the application. Any application that is loaded to the cloud can then be accessed from the cloud. Users will need to download the Azure RemoteApp client to have web access for Azure RemoteApp.

---

   If you want your users to have web access to Azure RemoteApp, you need to download a RemoteApp client on your device. To do this, go to https://www.remoteapp.windowsazure.com/en/clients.aspx.

---

Since the applications are loaded onto virtual machines, the applications can be accessed by any type of device, including Apple devices and Android devices. Azure RemoteApp even supports application streaming for both 32-bit and 64-bit applications as long as they are loaded onto a Windows Server 2012 R2 virtual machine.

Creating Collections in Azure RemoteApp

The first thing you need to do to Azure RemoteApp is set up your application collections. Collections are just storage containers for applications and users. Every software image gets its own collection in the cloud.

Let’s take a look at how to create an Office 2013 collection. Exercise 7.2 walks you through the creation of a collection for Office 2013.

---

EXERCISE 7.2

Creating a Collection

1. Open the Azure portal.
2. In the tree on the left, scroll down until you see RemoteApp. Click the RemoteApp feature (shown in Figure 7.5).
3. Click the Create a RemoteApp Collection link.
4. Click the Quick Create option and then enter a name for your collection (see Figure 7.6).
5. Select your region. If your region is not listed, choose the closest region to your own.
6. Select the billing plan you want to use. For this exercise, select the Basic package.
7. Finally, select the Office 2013 Professional image. This image contains Office 2013 apps. This image is good only for trial collections. You can’t use this image in a production environment.
8. Click the Create RemoteApp Collection link.

Figure 7.5 RemoteApp feature

Figure 7.6 Quick Create option

---

Sharing an Application

Now that you have created a collection, you have to share the application so that users can gain access. To share the application, follow the steps in Exercise 7.3.

---

EXERCISE 7.3

Sharing the Collection

1. Open the Azure portal.
2. In the tree on the left, scroll down until you see RemoteApp. Click the RemoteApp feature.
3. Click the arrow to the right of the collection name that you created in Exercise 7.2.
4. Click the Publishing tab on the top. Click Publish at the bottom of the screen, and then click Publish Start Menu Programs.
5. Next, you need to select the apps that you want to publish. For this exercise, I chose Word. Click Complete. You will then need to wait for the application to complete its publishing.
6. Once the application has completed publishing, click the User Access tab to add the users who will require access to the application. Enter each user’s email address and then click Save.

---

Setting Up RemoteApp Connection Feeds

One of the issues that previous versions of RemoteApp encountered was that the applications ran in a web page and needed to be started from a web location. With Windows Server 2008 R2 and 2012/2012 R2 and Windows 7/8/8.1/10, you can now add the program to the users’ Start menu. This gives your users the same program startup as if they had the program installed on their machine.

RemoteApp along with Desktop Connections allow for a feature called RemoteApp and Desktop Connection Feed. When using RemoteApp and Desktop Connection Feed, your users will subscribe to a RemoteApp programs feed (a URL). Once your clients subscribe to the feed, the application will be displayed on the users’ Start menu.

To set up the RemoteApp and Desktop Connection feed, you need to create a new feed in Control Panel. To complete these steps, you will need to get the URL of the feed. To do this, go into the Azure Portal ➢ RemoteApp and then click the collection you created. There will be a URL link that you can use for the feed. You have to create a published feed on a virtual machine to get a proper URL and then use that link for setting up the feed. The following steps walk you through how you would set up a feed on a Windows 10 machine:

1. Open RemoteApp And Desktop Connections in Control Panel (shown in Figure 7.7).
2. Click the Access RemoteApp And Desktops link on the left side of the screen.
3. Enter the URL of the collection feed and click Next.
4. On the Ready To Setup The Connection screen, click Next.
5. On the sign-in screen, enter your credentials. Click OK.
6. On the Summary screen, click the Finish button.
7. Start the application by accessing your system’s Start menu.

Figure 7.7 RemoteApp And Desktop Connections

Using Device Redirection

RemoteApp device redirection allows an administrator to configure a Windows system so that your users’ devices can interact with the remote applications. For example, if you want to set up Skype through RemoteApp, a user would still need his or her camera and microphone to work with the RemoteApp version of Skype.

Administrators have the ability to set up RemoteApp device redirection through the use of a GPO, or they can set up the collection to automatically use redirection. To set up the collection for redirection, you would need to run some PowerShell commands. Table 7.2 lists some of the PowerShell commands and describes what they do.

Table 7.2 RemoteApp PowerShell commands

PowerShell Command	Description
Set-AzureRemoteAppCollection -CollectionName <collection name> -CustomRdpProperty “drivestoredirect: s:*’nusbdevicestoredirect:s:*”	This command sets the custom RDP properties.
Get-AzureRemoteAppCollection -CollectionName <collection name>	This command shows you a list of what custom RDP properties are configured.
Set-AzureRemoteAppCollection -CollectionName <collection name> -CustomRdpProperty “drivestoredirect:s:*”	This command shows you how to set up hard-drive redirection.
Set-AzureRemoteAppCollection -CollectionName <collection name> -CustomRdpProperty “drivestoredirect: s:*’nusbdevicestoredirect:s:*”	This command shows you how to set up USB and hard-drive redirection.
Install-Module AzureRM Install-AzureRM	These commands allow you to install the Azure Resource Manager modules.
Install-Module Azure	This command installs the Azure Service Management module.
Import-AzureRM	This command imports AzureRM modules.
Import-Module Azure	This command imports the Azure Service Management module.
Set-Mailbox	This command allows you to manipulate an Office 365 mailbox.

To configure RemoteApp redirection by using a Group Policy Object, you would complete the following steps:

---

   For this example, I am showing you how to configure USB redirection on a system. I am showing you how to set up a local Group Policy in the event that you do not have a Windows Server setup. If you do want to do this for a domain, create a new GPO in the Group Policy Management MMC and then follow these steps.

---

1. Open the Local Group Policy Editor by typing gpedit.msc into the Windows 10 Search window.
2. Expand Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection.
3. Double-click the “Allow RDP redirection of other supported RemoteFX USB devices from this computer” option.
4. Select Enabled, and then choose Administrators And Users in the RemoteFX USB Redirection Access Rights.
5. Close the Group Policy Editor.
6. Restart the computer.

Understanding Shared Computer Activation

There may be a time when you need to set up Office 365 ProPlus to multiple users on the same computer within your organization. To do this, you must set up shared computer activation (SharedComputerLicensing value).

Shared computer activation allows an administrator to set up Office 365 ProPlus on a single computer for multiple users. This can be useful for schools, hospitals, and hotels. Let’s say that you have multiple hotel front-desk staff members who need to access data on the same remote server—this is where shared computer activation can help.

Shared computer activation is used only when you have multiple people using the same computer. If you have users in your network that each has his or her own system, you would not use shared computer activation; you would use product key activation for Office 365 ProPlus.

---

   To set up shared computer activation, you must use the Office Deployment Tool. For information about setting up shared computer activation, visit the Microsoft website https://technet.microsoft.com/en-us/library/dn782860.aspx?f=255&MSPPError=-2147217396.

---

Understanding App-V

Microsoft Application Virtualization (App-V) is included with the Microsoft Desktop Optimization Pack (MDOP). App-V gives an organization the ability to make applications available to corporate users without installing the application on the end user’s system. App-V allows applications to be managed centrally without the worry of applications conflicting with one another.

App-V allows administrators to deploy applications as services, and App-V allows those applications to be deployed anywhere. App-V allows applications to get transferred from locally installed applications to the cloud.

One real nice advantage of App-V is that when new operating systems and applications get released, there is no need to constantly upgrade your users’ systems to run those new applications. Since the applications are virtualized, they can run on older operating systems. When talking about App-V, we need to take a look at some of the components needed. Table 7.3 shows the different components required for App-V.

Table 7.3 App-V components

Component	Description
App-V Management Server	Administrators can manage the App-V infrastructure from the Management Server. App-V Management Server allows you to set up virtual applications to the App-V Desktop Client and the Remote Desktop Services Client.
App-V Publishing Server	This server hosts streaming virtual applications and also allows App-V–specific employees to gain access to virtual applications.
App-V Desktop Client	This accesses the virtual applications along with client application publication. Desktop client also manages virtual environments and stores employee-specific application settings.
App-V Remote Desktop Services (RDS) Client	This allows Remote Desktop Session Host servers to work in conjunction with the App-V Desktop Client for shared desktop sessions. This is very useful for tablets connecting to corporate applications. If the tablet can’t run the application, the tablet user can connect to the Remote Desktop services to access the application.
App-V Sequencer	This tool allows administrators to convert normal applications into virtual applications through the use of a wizard.
Disconnected Operation Mode	The disconnected operation mode allows App-V Desktop Clients to run applications even when the client cannot connect to the App-V Management Server. This allows laptops to continue to access App-V applications even when not connected to the network or the Internet.

Supporting the Windows Store

The Microsoft Windows Store is a one-stop shop for all Microsoft devices. The Windows Store allows users to find and download applications for business and personal use. The Windows Store allows you to download everything from business applications that you can use to create spreadsheets to Xbox games that will allow you to game it out.

You can browse the Windows Store from your PC, tablet, or phone, and you can quickly and easily get free and paid content including games, music, movies, TV shows, and applications. So if your company is looking for free applications to improve business, the Windows Store can help.

One of the advantages to using the Windows Store is that all applications on the store are watched by Microsoft and require a digital certificate to make sure that they are legitimate. If an application is not signed, it will be removed from the Microsoft Store. This also means that you can’t build your own apps and place them into the Windows Store without the same security measures. There are methods of loading corporate apps so that only corporate users can gain access to those apps, and that is referred to as sideloading.

Sideloading is the process of loading apps onto your corporate users with the need of a digital signature or the security rules that follow the Microsoft Store.

So what must you do if you want to build your own apps and place them onto the Windows Store? Well, you have to use one of Microsoft’s tools that allow you to certify your applications, and those tools include the MakeCert.exe and Pvk2Pfx.exe tools that are included with the Windows Driver Kit (WDK).

Installing and Managing Software by Using Microsoft Office 365 and Windows Store Apps

One of the best advantages to using the Windows Store is that you can pretty much find and download any application that you need to help your business be more efficient. This can also be one of the biggest issues that an IT department can face. Normally an IT department needs to verify and test all applications before deploying them to the corporate network.

Now your users can find the specific applications that they think will help them do their jobs better and download just those applications. However, IT departments have the ability to turn off the Windows Store through the use of a GPO or local policy, which allows them to maintain more control.

If your IT department does not care about users downloading applications, then the Windows Store is for you. It’s very easy to install applications from the Windows Store. You just go to the Windows Store, search for the application that you are looking for, and then click the download button next to that application. Normally the applications will have a small fee associated with them, but many of them are free.

Maintaining and updating applications is also a very easy process. To make sure that your applications get updated whenever there is an update available, just follow these steps:

1. On the Start screen, click the Store icon on the taskbar to open the Windows Store.
2. On the top Windows Store menu, click the picture next to the Search box and then choose Settings.
3. Under App Updates, set the Update Apps Automatically slide bar to On, as shown in Figure 7.8.
4. When you have finished, close the Windows Store Settings window.

Figure 7.8 Windows Store Settings

Let’s take a look at some of the other things that you can set while on the Settings page for the Windows Store. Users or administrators also have the ability to show products on tiles, require a sign-in for purchases, and manage the devices that are loaded onto the Windows Store.

Now that you know how to get applications from the Windows Store, let’s take a look at how to load corporate applications through the process of sideloading.

Sideloading Apps into Online and Offline Images

There will be a time when you or someone in your company may have to build or support a custom-made Line of Business (LOB) application. Companies build and use LOB apps because they have a very special need and can’t find a software package to help solve that need.

Sideloading is the process of loading a Windows Store application without needing to publish the software application and download it from the store. Users can install the software package directly. Windows 10 sideloading has changed since Windows 8 in the following ways:

• Administrators have the ability to unlock a device for sideloading using an enterprise GPO policy.
• Software license keys are not required to install the application.
• Devices do not have to be part of the domain to get an application sideloaded.

Sideloading is not a very difficult process to complete. It is just a few settings along with the use of some PowerShell commands. To enable the systems to accept sideloading, complete the following steps:

1. Open Settings.
2. Click Update & Security ➢ For Developers.
3. Under the Use Developer Features section, choose Sideload Apps, as shown in Figure 7.9.

Figure 7.9 Windows sideloading

Once the system is enabled to allow applications to be sideloaded, you then need to run some PowerShell commands to make that happen. Navigate to the Windows PowerShell prompt and run the following commands (where "TestApp" is the path and name of the package file you created):

import-module appx
add-appxpackage "TestApp"

Integrating Microsoft Accounts Including Personalization Settings

Normally in the corporate world, we all get issued a corporate username and password so that we can log into the network and access corporate resources. But what if we wanted to access both corporate and personal data from the Internet? That’s where integrating your Microsoft online account and your domain account can be beneficial.

Windows 10 gives you the ability to use both a corporate username and personal user account within the same Windows 10 account. Users can link their online accounts with their corporate accounts. So if you have your own personal cloud-based account as well as a corporate account, you can set it up so that you only log in once but have access to both accounts.

Users who decide to link their Microsoft accounts with their corporate accounts have the ability to gain access to applications and games from the Microsoft Windows Store using one account. One of the benefits of tying both accounts together is that once you’ve completed this setup, the Accounts Wizard will have you establish a PIN at the end. After it’s all set, you will log in using the PIN from that point on.

So how do we link the two accounts together? Exercise 7.4 walks you through how to tie both accounts together. After the exercise is complete, your local account will switch to your Microsoft account after you restart your system.

---

EXERCISE 7.4

Setting the Microsoft Account

1. Click the Start button and then choose Settings. In the Settings window, choose Accounts (shown in Figure 7.10).
2. In the Accounts window, click the “Sign in with a Microsoft account instead” link (shown in Figure 7.11).
3. A new window will appear that states “Make it your.” Type in your Microsoft online username and password. Then click the Sign In button.
4. If a box pops up asking for your Windows network password, enter it and click Next. If you don’t have a password, just click Next.
5. The screen will ask you to enter a PIN. Click the Set A PIN button (shown in Figure 7.12) and set your PIN.
6. After the PIN is completed, you are all set. Close the Accounts window.

---

Figure 7.10 Settings window

Figure 7.11 Accounts window

Figure 7.12 PIN button

Understanding Web Browsers

Windows 10 provides users with two ways to browse the Internet: Edge and IE11. Windows Internet Explorer 11, or IE11, is the latest web browser developed and released by Microsoft Corporation in the popular Internet Explorer series. IE11 is available for Windows 10 and Windows Server 2012 R2 versions.

With the explosion of Internet use—from the inexperienced end users browsing the Internet for personal reasons to those who use it for work-related tasks—enhancing the user interface (UI) while providing better levels of security (which include privacy) has been the focus in the development of both Edge and IE11.

Both browsers are loaded with user features that provide end users with a better and simpler way to get the information they desire from their browsing experience.

The features added to Edge and IE11 are designed to give end users an easy way to browse the Internet for the information they’re looking for while providing a secure environment for networks by recognizing potentially bad sites (those attempting to sneak viruses or Trojan horses into the network), phishing sites (those that attempt to steal private information about the user), or invasive sites that users may go to either on purpose or inadvertently.

When comparing the two browsers, Edge and IE11, Edge has taken browsing a step further with the implementation of Cortana. Cortana can assist you while working with Edge.

Browser Controls

When you open either Edge or IE11, one of the first things that will catch your attention is the simplified design. The most common controls, like tools and favorite buttons, are just a click away. You also have the ability to customize how the browser will look and which tools you can use with the browser.

Pinning Sites to the Taskbar

Pinning sites to your taskbar allows you to access the websites by clicking the pinned site at the bottom of the taskbar. Pinning a site is an easy process. Just drag the tab of the website to the taskbar. An icon for the website will stay pinned until you remove it. When you click the pinned icon, the website will open within the Internet browser.

Searchable Address Bar

You have the ability to search the Internet directly from the Address bar. You still have the ability to enter a website’s address and go directly to the website. But now you can enter a search term or incomplete address, thus launching a search using your currently selected search engine. You can choose which search engine you want to use by clicking the Address bar and choosing the search engine from the listed icons or adding a new search engine.

Security and Privacy Enhancements

IE11 and Edge have both included many security and privacy enhancements, including some of the following:

• ActiveX Filtering allows you to block ActiveX controls for any sites. You do have the ability to turn them back on for the sites that you trust.
• Domain highlighting allows you to see the real web address of a website you are visiting. This allows you to avoid websites that use misleading web addresses. Domain highlighting is discussed in detail later in this section.
• SmartScreen Filter helps protect users from online phishing attacks, fraud, and spoofed or malicious websites. SmartScreen Filter is discussed in detail later in this section.
• 128-bit Secure Sockets Layer (SSL) connection to use with secure websites.
• InPrivate Browsing allows you to use the Web without saving any data from the websites that are visited while the browser is in this mode.

Working with Web Slices

Web Slices allow your Internet browser (IE, not Edge) to check for updates to web page content you may frequently access. How many times in the course of the day do you check your local weather or stock quotes or even watch an auction item on eBay? Most of the time, you either keep a tab open and refresh it periodically or revisit the website with the content you would like to review.

With Web Slices, you can add the piece of the web page with the content you’re looking for to the Favorites bar, and the browser will check it for you when the content changes. With Web Slices, the browser can control how often the browser checks for changes.

Figure 7.13 shows the result of a Bing query for the weather forecast for Portsmouth, New Hampshire, and the Web Slice availability to the Favorites toolbar. Clicking the down arrow associated with the icon will display all of the Web Slices available on the current web page.

Figure 7.13 Web Slice

In previous versions of the Internet browsers, Web Slices use to appear within the web page. Now the Web Slices are displayed with the feeds button, as shown in Figure 7.13.

When the user chooses a Web Slice icon, he or she will see a confirmation box for adding the Web Slice to the Favorites bar. Once accepted, the Web Slice is available to be viewed at any time, even after the user browses away from the originating page.

Using the Browser Compatibility View

Windows Internet Explorer 11 is the new release of Microsoft’s IE web browser, and some websites may not be updated to use the new features or display their content correctly. Problems may exist displaying misaligned images or text. By using Compatibility View in IE11 (not available in Edge), the browser will display a web page the way it would have been displayed in previous versions, which should correct any display issues. To display a page in Compatibility View, click the Compatibility View option in the tools (shown in Figure 7.14).

Figure 7.14 Compatibility View option

Once you have chosen Compatibility View for a website, you will not need to make the choice again. The browsers will display the site in Compatibility View the next time you browse to it. If the website gets updated in the future or you decide you would prefer to see it in the native standard mode, you can simply click the Compatibility View option again to return to the standard view. The Compatibility View option can also be selected from the Tools menu’s Compatibility View menu option.

There is also a Compatibility View Settings option you can use to manage the sites currently set to be viewed in Compatibility View mode by adding or deleting sites by name. Many companies have extensive websites, and it may take time to update them to features. The Compatibility View Settings page has the default setting for all intranet sites to be displayed in Compatibility View. You also have to the choice to display all websites in Compatibility View.

Using Protected Mode for IE11

Protected Mode is a feature of Windows 10 for Windows Internet Explorer 11 that forces IE to run in a protected, isolated memory space, preventing malicious code from directly writing data outside the Temporary Internet Files folder unless the program trying to write the information is specifically granted access by the user. Protected Mode is enabled by default and displayed in the lower-right section of Windows Internet Explorer 11.

You can install software through IE11, but you will need to explicitly allow the modification of the file structure of Windows 10 if the software is going to be installed outside the protected directory.

You can change out of Protected Mode from the Security tab of IE11’s Internet options (via Tools ➢ Internet Options). You can also open Internet Options by typing Internet options into the integrated search box in Windows 10. You also have the option of double-clicking the Protected Mode: On text within Windows Internet Explorer 11 to open just the Security tab of Internet Options.

To toggle Protected Mode, click to select or deselect the Enable Protected Mode check box (this requires restarting Internet Explorer). It is recommended that Protected Mode remain active because it provides a greater level of security and safety for the user and does not prohibit an action (such as installing a program from IE11); it just requires interaction from the user to allow the modification, prompting at least a little thought about what’s happening within Windows 10.

Using InPrivate Browsing and InPrivate Filtering

InPrivate Browsing provides some level of privacy to users using Windows Internet Explorer 11 and Edge. The privacy maintained with InPrivate Browsing relates to a current browser where an InPrivate session has been enabled. The InPrivate session prevents the browsing history from being recorded and prevents temporary Internet files from being retained. Cookies, usernames, passwords, and form data will not remain in IE11 following the closing of the InPrivate session, nor will there be any footprints or data pertaining to the InPrivate Browsing session.

InPrivate Browsing keeps information from being saved to the local machine while the session is active, but don’t get lulled into a false sense of security; malware, phishing, and other methods that send data out of the local machine are still valid and can provide personal information to a cybercriminal. In addition, employees visiting forbidden sites from work, for instance, could still be detected via forensics.

InPrivate Browsing is a good method of protecting user data if you are not surfing from your own machine or are surfing from a public location (always a bad place to leave personal information). InPrivate Browsing can also be used if you don’t want anyone to be able to see data from your Internet browsing session.

There are several ways to launch an IE11 InPrivate Browsing session. One way is to open a new tab and select the Open An InPrivate Browsing Window option from the Browse With InPrivate section. This will open a new tab, and the tab will be an InPrivate session. You can also choose to open Windows Internet Explorer 11 and start an InPrivate session directly by choosing the Safety menu and selecting the InPrivate Browsing menu choice. Alternatively, you can open a new IE11 browser and press Ctrl+Shift+P.

InPrivate Filtering (IE 11 only) takes a slightly different approach in providing security and safety to the user who is surfing using Windows Internet Explorer 11. Many of today’s websites gather content from different sources as they present a web page to you. Some of these sources are websites outside the main location, and they provide third-party companies with tracking information about where you surf and what you look at.

This information can then be used to provide statistics as well as send advertisements back to you. InPrivate Filtering provides an added layer of control for the user to decide what information third-party websites will have access to while the user is browsing, limiting the ability of third-party websites to track their browsing usage.

InPrivate Filtering is not enabled by default and must be enabled per browsing session. It is enabled from the Safety menu in IE11. You can alternatively use Ctrl+Shift+F to enable InPrivate Filtering.

The InPrivate Filtering dialog box is an alternate location for enabling InPrivate Filtering or disabling it. You open InPrivate Filtering from the Safety menu of Windows Internet Explorer 11.

Once you choose InPrivate Filtering, you will be given the option to have IE11 automatically block some third-party content or let the user select which third-party providers will receive the user’s browsing information. You can always go back and change the options later or turn off InPrivate Filtering if you desire.

After InPrivate Filtering is enabled, you can see which pages have been blocked as third-party queries from the InPrivate Filtering Settings dialog box.

Another advantage of IE11 is that you can configure the web content filter. IE11 also allows you to set up and configure the Allow and Block lists. The Allow and Block lists are lists that you can subscribe to that will automatically filter out certain websites.

Configuring Windows Internet Explorer 11 Options

In addition to security and usability options that you can configure in IE11, you can configure other options for managing the browser. Many of the configurations we have discussed in this chapter (i.e., the Safety or Tools menu options) and have used to quickly change individual parameters are also available for modification within the Internet Options tabbed dialog box. The general parameters, security parameters, privacy configurations, content controls, connection settings, program options, and advanced settings available within Internet Options are discussed in the following sections.

General Parameters

You can open the Internet Properties tabbed dialog box by selecting the Tools menu and choosing the Internet Properties menu item or by simply typing Internet options into the integrated search box of Windows 10. The General tab (shown in Figure 7.15) allows you to change the default home page that displays when Windows Internet Explorer 11 is launched. One interesting feature here is that you can have more than one default home page. By entering more than one page in the Home Page text box, each time IE11 is launched, all pages will open in their own tab.

Figure 7.15 General tab of IE11’s Internet Properties

The General tab also allows you to control your Browsing History, Search, Tabs, and Appearance (including accessibility options) settings for the IE11 interface.

Security Parameters

The Security tab of IE11’s Internet Properties dialog box (shown in Figure 7.16) not only gives you access to control Protected Mode as discussed earlier in this section but also gives you the ability to set security settings on the specific zones you may browse to as understood by Windows Internet Explorer 11. The zones are the Internet, Local Intranet, Trusted Sites, and Restricted Sites. You can set the behavior of IE11 individually for each zone and even individual sites within each zone. For example, if you add a website to the Local Intranet settings, you will not be asked to authenticate your credentials when connecting to the website.

Figure 7.16 Security tab of IE11’s Internet Properties

Privacy Configurations

The Privacy tab of IE11’s Internet Properties (shown in Figure 7.17) allows the management of privacy settings for the Internet Zone; this is the cookie management for specific sites. You can also control the settings for Pop-up Blocker and your InPrivate Filtering and InPrivate Browsing here.

Figure 7.17 Privacy tab of IE11’s Internet Properties

The Pop-up Blocker allows you to prevent unwanted Internet pop-ups from appearing while you are online. We have all been on websites where pop-up windows start appearing. With the IE11 Pop-up Blocker, you can prevent this from happening. To access the Pop-up Blocker Settings dialog box, click Start ➢ Internet Explorer ➢ Tools ➢ Pop-up Blocker ➢ Pop-up Blocker Settings.

To block cookies from any websites that do not have a compact privacy policy, you should set the privacy setting to High. The High setting prevents IE11 from saving cookies for websites that do not contain a compact privacy policy and cookies that have the potential of saving information that can be used to contact you without your explicit consent. Compact policies are used to indicate the privacy practices of a web service that uses cookies.

If you want to block any website from accessing cookies stored on the local computer, you should set the privacy setting to Block All Cookies. The Block All Cookies setting prevents cookies from being saved on the computer and prevents any existing cookies from being read by websites.

Content Control

Figure 7.18 shows the Content tab of Windows Internet Explorer 11’s Internet Properties. There are Parental Controls to manage which sites are available through web filtering and to monitor website access through an Activity Monitor. There has to be a privileged account with a password set to enforce Parental Controls. InPrivate Browsing is not allowed when Parental Controls are in place.

Figure 7.18 Content tab of the Internet Properties dialog box

Content Advisor settings allow a display of rated sites as users browse to different locations. (Sites can be rated based on factors such as fear, tobacco, alcohol, nudity, drugs, gambling, and so on.)

Certificate management for secure browsing is managed through the Content tab as well. You have the ability to manage AutoComplete functionality as well as RSS feeds and Web Slice data from within the Content tab.

The AutoComplete functionality allows IE11 to automatically fill in fields as you complete forms in IE11. It uses previously entered data to complete the fields on the form.

The Feeds And Web Slices section allows you to fill in what subscription feeds you belong to on the Internet and how often those feeds and slices will be updated along with other configuration options (i.e., playing a sound when the feed or slice is updated).

Connection Settings

The Connections tab of Windows Internet Explorer 11’s Internet Properties dialog box allows you to manage the way IE11 gains access to the network. You can initiate the Connect to The Internet Wizard from this tab as well as set up a virtual private network (VPN). If you are using dial-up networking, this connection is also configured from the Connections tab. Local area network (LAN) general settings, which includes specifying a proxy server if you need to use one (this is typical across many corporate sites, to provide a better level of anonymity for Internet surfing), are configured here as well.

Program Options

The Programs tab of the IE11 Internet Properties dialog box allows you to establish a default web browser. You can manage add-ons specific to IE11 in the Programs tab as well. Additionally, you can set up an application to allow for HTML editing and set up default programs to be used for Internet services such as email.

Advanced Options

The Advanced tab allows you to configure accessibility settings, browsing settings, international browsing settings, encoding settings, multimedia parameters, printing parameters, and general security settings. You can control whether links are underlined, whether pictures should be displayed, which versions of the secure communication protocols or SSL are used, background colors, and many other parameters.

In addition to being able to change the advanced settings, you have the option to restore advanced settings to their original configurations or to even reset Internet Explorer settings, which resets all IE11 settings (not just the advanced settings) to the default configuration.

Summary

Managing Windows software is a very important component that must be properly configured in Windows 10 to guarantee the best possible performance. In the event that the Windows Software packages can’t be run on the Windows 10 operating system, there are other options for you to run software with Windows 10.

You can use Hyper-V to create other operating systems on the Windows 10 system. Administrators can also use application virtualization (App-V) to run applications in the cloud. Administrators can also use the cloud to deploy applications by using RemoteApp.

We also talked about how to make sure that applications are going to continue to work properly by testing them through the Application Compatibility Toolkit (ACT).

Another application that is very important to most of us is Internet Explorer. Edge and Internet Explorer 11 are both included with Windows 10, and they have many new features and security enhancements so that the user can get the most out of their browsing experience.

Video Resources

There is a video available for the following exercise:

7.4

You can access the video at www.wiley.com/go/sybextestprep on the Other Study Tools tab.

Exam Essentials

Understand and know how to install Hyper-V. Understand what Hyper-V does and know all of the different components of a Hyper-V virtual machine. Understand how to configure virtual machines and the components that make virtual machines operate.

Know how older applications can work in Windows 10. Understand how to allow older applications to work with Windows 10. You can run applications in Hyper-V or Compatibility Mode or use shims that are created by Microsoft.

Understand how to install applications from the cloud. You can use Azure RemoteApp to help control and manage how applications get deployed. RemoteApp allows you to download applications to many different Windows device types.

Understand Application Virtualization Know how to use application virtualization (App-V) and know how to run applications from the cloud without the need to deploy the applications to users’ hardware.

Be able to configure privacy settings in IE11 and Edge. Know how to enable and disable cookies. Know when it is useful to use cookies and when cookies should be blocked. Cookies are files that are placed on your system. Not having files placed on your system increases security. Know how to set an InPrivate session to verify that nothing is saved during an Internet session.

Review Questions

1. You are the network administrator for your organization. Your organization has started using App-V. You notice that laptop users are still able to access App-V applications even when they are not connected to the network. You want to stop this from happening. What do you do?

   1. Disable the Disconnected Operation Mode.
   2. Enable Terminal Services.
   3. Enable Remote Desktop Services.
   4. Discontinue laptops from using App-V.

2. You are the network administrator for your organization. You are asked by your manager to modify the associations of a few file extensions that are associated with Internet Explorer. How can you accomplish this task?

   1. In Control Panel, open Default Programs and then click Set Associations. Set the proper file extensions.
   2. In Internet Explorer, set extensions on the Extension tab.
   3. In Control Panel, open System and then click Set Associations. Set the proper file extensions.
   4. In Internet Explorer, set extensions on the Advanced tab.

3. You are the network administrator for a large organization. You are in charge of implementing company policies. One company policy states that you have to prevent Internet Explorer from saving any data during a user’s browsing session. How do you accomplish this?

   1. Set the Internet Security settings to Disabled.
   2. Run the browsers in InPrivate sessions.
   3. Disable InPrivate sessions.
   4. Private sessions should be enabled.

4. You are the network administrator for a large organization. A user calls you and says that when they try to connect to the internal website, they are prompted for authentication. The user has the rights to access the internal site due to the fact that all users and computers are part of a domain and the internal website uses Integrated Windows Authentication. How do you make sure that the user is automatically authenticated when they connect?

   1. Change the user’s local permissions to Administrator.
   2. The Local sites URL should be added to the Local Intranet zone.
   3. The Local sites security credentials should be added to the trusted sites zone.
   4. The Internet security level should be lowered to lowest.

5. You are the network administrator for your organization. Your organization has deployed Azure RemoteApp collections by configuring a custom template image. This image is going to contain Microsoft Office 365 ProPlus. Your organization needs to guarantee that multiple employees can run Office 365 ProPlus from the image all at the same time. What do you need to include in your configuration file?

   1. <Property Name="SHUTDOWNAPP" Value = "True"/>
   2. <Property Name="SharedComputerLicensing" Value = "1"/>
   3. <Property Name="ACTIVATEAPP" Value = "1"/>
   4. <Property Name="OFFICE365ProPlus" Value = "1"/>

6. Your company has decided to start using AppLocker GPOs to control application access. Jeff, Stormwind’s IT Manager, would like to test the AppLocker policy before implementing it. How can Jeff test the AppLocker policy?

   1. In the Group Policy Manager, run the Group Policy Results Wizard.
   2. In the Group Policy Manager, run the Group Policy Modeling Wizard.
   3. In the Group Policy Manager, enforce the new AppLocker policy in Audit-Only mode.
   4. In the Group Policy Manager, run the Group Policy Test Wizard.

7. You are the administrator of an organization who has decided to use Microsoft Azure Active Directory cloud-based services. You have set up a corporate subscription for Microsoft Office 365. Each employee gets a mailbox stored in Office 365 and also an email for the corporate network. After buying out another company, you need to add a third email address to each user. How can you do this?

   1. In Active Directory Sites And Services, edit the email attribute for each employee.
   2. In Active Directory Domains And Trusts, edit the email attribute for each employee.
   3. Use the Set-Mailbox cmdlet from the Azure Active Directory Module for PowerShell.
   4. Use the Set-Mailbox cmdlet from the Active Directory Module for PowerShell.

8. You are the network administrator for a large organization. You have installed Hyper-V on a server called ServerA, and you have set up four new VM servers. You want to run PowerShell commands for the VM servers from ServerA. How do you do this?

   1. Use the Invoke-Command cmdlet and specify the VMName parameter.
   2. Use the WinRM command -PowerShell.
   3. Use the PSCommands–enabled command.
   4. Just run the PowerShell commands with the -Name parameter.

9. You are the network administrator for a large organization. You have deployed a software package to all of the Windows computers in your domain. You want to set up a GPO so that some employees have no access to the application. How do you accomplish this?

   1. Set up a restriction server and place all of your restricted employees onto that server.
   2. Configure BitLocker.
   3. Configure AppLocker.
   4. Configure each Windows 10 system to use user policies.

10. You are the administrator of a large organization. Your company has developed an application for your employees. You need to deploy the internally developed application to all employees while minimizing the costs. What’s the best way to do that?

    1. Install the application one system at a time.
    2. Enable application sideloading.
    3. Purchase System Center and deploy the application.
    4. Run the Add-Application PowerShell cmdlet.