Sideloading a Windows 8 App

advertisement
Sideloading a Windows 8 App
Sideloading a Windows 8 App
Exercise 1
Preparing to Sideload an App
Scenario
One of the requirements for app sideloading is that the computer on which the app will be sideloaded must be
joined to the domain.
Tasks
Detailed Steps
Complete the following
task on: DC itcamp\administrator
Verify the domain membership of a target client in Computer OU in Active Directory
1.
Verifying Domain
Membership
2. Creating a GPO for
Sideloading
Note: The Allow all trusted apps to install Group Policy setting needs to be enabled in
order for sideloading to work. This policy is supported by the Enterprise edition of
Windows 8.
a. Log into DC.
b. In Server Manager, click Tools | Group Policy Management.
c. In the tree pane, expand Forest: itcamp.demo | Domains and select the
itcamp.demo.
d. Right-click itcamp.demo, and select Create a GPO in this domain, and Link it
here. The New GPO dialog appears.
e. In the Name textbox, type App Sideloading Policy and click OK.
f.
In the tree pane, expand itcamp.demo, right-click App Sideloading Policy, and
click Edit. The Group Policy Management Editor appears.
g. In the tree pane, navigate to Computer Configuration\Policies\Administrative
Templates\Windows Components\App Package Deployment.
h. In the details pane, right-click Allow all trusted apps to install, and select Edit.
i.
Select the Enabled radio button, and click OK.
j.
Close Group Policy Management Editor.
Note: With that Group Policy in place, let's update Group Policy back on the client. k.
Log on to Win81 - itcamp\alice.
l. On the Start screen, type gpupdate /force and press Enter.
Page 1 of 11
Sideloading a Windows 8 App
3. Verifying the Digital
Signature
Note: Another requirement for sideloading apps is that they must be signed by a
trusted certificate. Most enterprises have a certificate signed by a trusted root
certificate authority or the right certificate chain will have been deployed already
during normal operations. In this case, we used a self-signed certificate for the sample
app.
Tasks
Detailed Steps
b. From the Start screen, open File Explorer and navigate to
\\DC\Source$\SampleApps\Sample_1.0.0.2_AnyCPU_Debug_Test.
c. Right-click the Sample_1.0.0.2_AnyCPU_Debug.appx file, and click Properties.
d. Click the Digital Signatures tab, click the digital signature, and then click Details.
e. Under the Digital Signature Information heading, verify that the digital signature
is OK and click OK.
Note: Notice that the certificate used to sign this .appx file is trusted. That’s because
we previously imported its root certificate into the Trusted Root Certification
Authorities stored on the local machine.
f. Click OK.
Note: All the conditions are now met to sideload a Windows 8 app: it is joined to a
domain, group policy is in place, and the Windows 8 app is signed with a trusted
certificate.
Page 2 of 11
Sideloading a Windows 8 App
Exercise 2
Sideloading an App Per User
Scenario
Per-user sideloading is helpful for quality assurance (QA) or developer testing, or even for small deployments of
apps within a certain area of the business or IT. Per-user sideloading means installing the app manually on each PC
for each that needs the app, so this wouldn't be appropriate for more than a handful of computers.
Additionally, an important step prior to deploying is to run the Windows App Certification Kit. If you don't want to
install Visual Studio on your computer you can use the Windows Software Development Kit (SDK) for Windows 8,
which includes the Windows App Certification Kit. In order to run it though, you need to have the app installed on
your lab or test computer. Once we load the app here, we will run the Windows App Certification Kit.
Tasks
Detailed Steps
Complete the following task on:
a. Perform the following steps on Win81 - itcamp\alice.
Win81 - itcamp\alice
b. Open File Explorer and navigate to \\DC\Source$\SampleApps.
c. Right-click Add_SampleApp and click Edit.
1. Installing the App on a Single
Device
Note: The script will use the Add-AppXPackage cmdlet to install the
sample app on the local machine. Note that local administrative
privileges are required to install the application.
d. Click Run Script (Play Button) or press F5.
e. When completed, close Windows PowerShell.
f.
Switch to the Start screen and scroll to the right to see the app,
currently titled, Sample. Click the Sample tile to run it.
g. Return to the Start screen.
Complete the following task on:
Win81 - itcamp\bob
2. Verifying App
Installation for Other
Users
Complete the following task on:
Win81 - itcamp\alice
2.
Running the Windows App
Certification Kit (This is not installed
in the VM you received. You can
download it from
http://www.microsoft.com/enus/download/details.aspx?id=27414
Note: When you install an app manually like this, it only gets installed
for the individual users for whom you run the command. We can verify
this by logging on as a different user. As you'll see, the app is not
available.
a. Complete the following steps on Win81 - itcamp\bob.
b. On the Start screen, verify that the sample app is not there.
Note: Developers build apps, but how do you know that they'll run
reliably? With the app sideloaded, you can run the Windows App
Certification Kit. As part of the build process, the developer will
package the app and run the Windows App Certification Kit. It's a
good practice, however, to execute these tests in your lab
environment and on other devices to ensure that the app will run in
the manner expected; better find out about problems now than after
you deploy! a. Log into Win81 - itcamp\alice.
b. On the Start screen, type Windows App and click Windows App
Cert Kit.
c. Click Yes in the User Account Control dialog.
Page 3 of 11
Sideloading a Windows 8 App
d. In the Windows App Certification Kit, click Validate Windows
Store App. When it has completed gathering system information,
click Next. This may take a few minutes.
On the Select an app to validate page, scroll down, and find the
Sample we just added.
Note: The Windows App Certification Kit runs basic checks on the app
to ensure that it conforms to the guidelines set forth by Microsoft.
Actually, when an app is submitted to the Windows Store, the
Windows App Certification Kit is one of the tools used for the
certification process. So you can be assured that if the app passes the
Windows App Certification Kit in your local environment it'll pass at
least part of the process when submitted to the Windows Store.
e. Click Cancel, we will not run the Windows App Certification Kit at
this time.
Note: However, since sideloading is done completely outside of the
Windows Store process, your internal Line of Business (LOB) apps don't
need to pass through all the same tests that they would if they were
submitted to the Windows Store. That said, it's a good idea to run the
Windows App Certification Kit yourself, after you receive the app
package from the developer. Doing so ensures that the app will act as
expected when you release it in your organization.
The important takeaway here is, as an IT pro, you'll want to run the
Windows App Certification Kit and you don't need to have Visual
Studio to do it!
Page 4 of 11
Sideloading a Windows 8 App
Exercise 3
Provisioning an App in an Image
Scenario
You can see how sideloading per user would be cumbersome after the first few times that you do it. Luckily, there
are other ways to sideload apps. Among those are sideloading using Windows Intune, Microsoft Deployment
Toolkit 2012 Update 1, which you'll see later, System Center 2012 Configuration Manager, and the Deployment
Image Servicing and Management (DISM) tool, which you'll see here.
A lot of organizations will already have a deployment process in place. So you have the flexibility to use the tools
that you're already familiar with and have deployed.
Tasks
Detailed Steps
Complete the following
task on:
Note: This demo shows how to use the DISM tool to provision an app within an
image. Adding an app to an image is a straightforward process, as you're about to
see.
Win81 - itcamp\alice
a. Perform the following steps on Win81 - itcamp\alice.
1. Deploying with DISM
b. Switch to the Start screen, right-click the Sample app and click Uninstall. At the
prompt, click Uninstall.
c. Switch to File Explorer and navigate to \\dc\source$\SampleApps.
d. Right-click Dism_SampleApp and click Edit.
Note: The script will use the Add-ProvisionedAppXPackage command in DISM to
install the sample app on the local machine. This command must be run in an
elevated prompt.
e. Close PowerShell ISE.
f.
On the Start screen, type PowerShell and press Ctrl + Shift + Enter.
g. At the User Account Control prompt, click Yes.
h. In Windows PowerShell, type cd \\dc\source$\SampleApps and press Enter.
i.
Type .\Dism_SampleApp.ps1 and press Enter to execute the script.
j.
If you receive and error, make sure that you have logged out with Jeff.
k. The DISM tool will install the app. This might take a few minutes.
Note: While the DISM command runs it gives me a good opportunity to talk about
DISM. The DISM tool, which replaces several tools from earlier Windows versions, can
be used to do more than just provision packages. It's a full image-servicing tool. You
can use it to work with Windows Preinstallation Environment (Windows PE) images,
change and update drivers in an image, and much more.
Of course, you don't need to use DISM for this, you can use something like the
Microsoft Deployment Toolkit (MDT) 2012 Update 1 to perform the same things. As
you'll see in the next demo, MDT actually creates a script that, among other things,
runs the DISM command that we just ran.
l.
When completed, close Windows PowerShell.
Page 5 of 11
Sideloading a Windows 8 App
Complete the following
task on:
Win81 - itcamp\bob
Note: Now that DISM has loaded the app we can verify that it's been installed for all
users on the computer.
a. Log into Win81 - itcamp\bob.
b. On the Start screen, wait for the Sample app to appear. It may take a moment to
populate on the Start screen.
2. Verifying App
Installation
c. Log into Win81 - itcamp\alice.
d. On the Start screen, wait for the Sample app to appear.
Note: The DISM tool is the fundamental tool for provisioning an app. However, you
will most often use standard distribution tools such as System Center 2012
Configuration Manager, Windows Intune, and Microsoft Deployment Toolkit (MDT)
2012 for app deployment—rather than using DISM directly.
Page 6 of 11
Download