Sideloading a Windows 8 App Sideloading a Windows 8 App Exercise 1 Preparing to Sideload an App Scenario One of the requirements for app sideloading is that the computer on which the app will be sideloaded must be joined to the domain. Tasks Detailed Steps Complete the following task on: DC itcamp\administrator Verify the domain membership of a target client in Computer OU in Active Directory 1. Verifying Domain Membership 2. Creating a GPO for Sideloading Note: The Allow all trusted apps to install Group Policy setting needs to be enabled in order for sideloading to work. This policy is supported by the Enterprise edition of Windows 8. a. Log into DC. b. In Server Manager, click Tools | Group Policy Management. c. In the tree pane, expand Forest: itcamp.demo | Domains and select the itcamp.demo. d. Right-click itcamp.demo, and select Create a GPO in this domain, and Link it here. The New GPO dialog appears. e. In the Name textbox, type App Sideloading Policy and click OK. f. In the tree pane, expand itcamp.demo, right-click App Sideloading Policy, and click Edit. The Group Policy Management Editor appears. g. In the tree pane, navigate to Computer Configuration\Policies\Administrative Templates\Windows Components\App Package Deployment. h. In the details pane, right-click Allow all trusted apps to install, and select Edit. i. Select the Enabled radio button, and click OK. j. Close Group Policy Management Editor. Note: With that Group Policy in place, let's update Group Policy back on the client. k. Log on to Win81 - itcamp\alice. l. On the Start screen, type gpupdate /force and press Enter. Page 1 of 11 Sideloading a Windows 8 App 3. Verifying the Digital Signature Note: Another requirement for sideloading apps is that they must be signed by a trusted certificate. Most enterprises have a certificate signed by a trusted root certificate authority or the right certificate chain will have been deployed already during normal operations. In this case, we used a self-signed certificate for the sample app. Tasks Detailed Steps b. From the Start screen, open File Explorer and navigate to \\DC\Source$\SampleApps\Sample_1.0.0.2_AnyCPU_Debug_Test. c. Right-click the Sample_1.0.0.2_AnyCPU_Debug.appx file, and click Properties. d. Click the Digital Signatures tab, click the digital signature, and then click Details. e. Under the Digital Signature Information heading, verify that the digital signature is OK and click OK. Note: Notice that the certificate used to sign this .appx file is trusted. That’s because we previously imported its root certificate into the Trusted Root Certification Authorities stored on the local machine. f. Click OK. Note: All the conditions are now met to sideload a Windows 8 app: it is joined to a domain, group policy is in place, and the Windows 8 app is signed with a trusted certificate. Page 2 of 11 Sideloading a Windows 8 App Exercise 2 Sideloading an App Per User Scenario Per-user sideloading is helpful for quality assurance (QA) or developer testing, or even for small deployments of apps within a certain area of the business or IT. Per-user sideloading means installing the app manually on each PC for each that needs the app, so this wouldn't be appropriate for more than a handful of computers. Additionally, an important step prior to deploying is to run the Windows App Certification Kit. If you don't want to install Visual Studio on your computer you can use the Windows Software Development Kit (SDK) for Windows 8, which includes the Windows App Certification Kit. In order to run it though, you need to have the app installed on your lab or test computer. Once we load the app here, we will run the Windows App Certification Kit. Tasks Detailed Steps Complete the following task on: a. Perform the following steps on Win81 - itcamp\alice. Win81 - itcamp\alice b. Open File Explorer and navigate to \\DC\Source$\SampleApps. c. Right-click Add_SampleApp and click Edit. 1. Installing the App on a Single Device Note: The script will use the Add-AppXPackage cmdlet to install the sample app on the local machine. Note that local administrative privileges are required to install the application. d. Click Run Script (Play Button) or press F5. e. When completed, close Windows PowerShell. f. Switch to the Start screen and scroll to the right to see the app, currently titled, Sample. Click the Sample tile to run it. g. Return to the Start screen. Complete the following task on: Win81 - itcamp\bob 2. Verifying App Installation for Other Users Complete the following task on: Win81 - itcamp\alice 2. Running the Windows App Certification Kit (This is not installed in the VM you received. You can download it from http://www.microsoft.com/enus/download/details.aspx?id=27414 Note: When you install an app manually like this, it only gets installed for the individual users for whom you run the command. We can verify this by logging on as a different user. As you'll see, the app is not available. a. Complete the following steps on Win81 - itcamp\bob. b. On the Start screen, verify that the sample app is not there. Note: Developers build apps, but how do you know that they'll run reliably? With the app sideloaded, you can run the Windows App Certification Kit. As part of the build process, the developer will package the app and run the Windows App Certification Kit. It's a good practice, however, to execute these tests in your lab environment and on other devices to ensure that the app will run in the manner expected; better find out about problems now than after you deploy! a. Log into Win81 - itcamp\alice. b. On the Start screen, type Windows App and click Windows App Cert Kit. c. Click Yes in the User Account Control dialog. Page 3 of 11 Sideloading a Windows 8 App d. In the Windows App Certification Kit, click Validate Windows Store App. When it has completed gathering system information, click Next. This may take a few minutes. On the Select an app to validate page, scroll down, and find the Sample we just added. Note: The Windows App Certification Kit runs basic checks on the app to ensure that it conforms to the guidelines set forth by Microsoft. Actually, when an app is submitted to the Windows Store, the Windows App Certification Kit is one of the tools used for the certification process. So you can be assured that if the app passes the Windows App Certification Kit in your local environment it'll pass at least part of the process when submitted to the Windows Store. e. Click Cancel, we will not run the Windows App Certification Kit at this time. Note: However, since sideloading is done completely outside of the Windows Store process, your internal Line of Business (LOB) apps don't need to pass through all the same tests that they would if they were submitted to the Windows Store. That said, it's a good idea to run the Windows App Certification Kit yourself, after you receive the app package from the developer. Doing so ensures that the app will act as expected when you release it in your organization. The important takeaway here is, as an IT pro, you'll want to run the Windows App Certification Kit and you don't need to have Visual Studio to do it! Page 4 of 11 Sideloading a Windows 8 App Exercise 3 Provisioning an App in an Image Scenario You can see how sideloading per user would be cumbersome after the first few times that you do it. Luckily, there are other ways to sideload apps. Among those are sideloading using Windows Intune, Microsoft Deployment Toolkit 2012 Update 1, which you'll see later, System Center 2012 Configuration Manager, and the Deployment Image Servicing and Management (DISM) tool, which you'll see here. A lot of organizations will already have a deployment process in place. So you have the flexibility to use the tools that you're already familiar with and have deployed. Tasks Detailed Steps Complete the following task on: Note: This demo shows how to use the DISM tool to provision an app within an image. Adding an app to an image is a straightforward process, as you're about to see. Win81 - itcamp\alice a. Perform the following steps on Win81 - itcamp\alice. 1. Deploying with DISM b. Switch to the Start screen, right-click the Sample app and click Uninstall. At the prompt, click Uninstall. c. Switch to File Explorer and navigate to \\dc\source$\SampleApps. d. Right-click Dism_SampleApp and click Edit. Note: The script will use the Add-ProvisionedAppXPackage command in DISM to install the sample app on the local machine. This command must be run in an elevated prompt. e. Close PowerShell ISE. f. On the Start screen, type PowerShell and press Ctrl + Shift + Enter. g. At the User Account Control prompt, click Yes. h. In Windows PowerShell, type cd \\dc\source$\SampleApps and press Enter. i. Type .\Dism_SampleApp.ps1 and press Enter to execute the script. j. If you receive and error, make sure that you have logged out with Jeff. k. The DISM tool will install the app. This might take a few minutes. Note: While the DISM command runs it gives me a good opportunity to talk about DISM. The DISM tool, which replaces several tools from earlier Windows versions, can be used to do more than just provision packages. It's a full image-servicing tool. You can use it to work with Windows Preinstallation Environment (Windows PE) images, change and update drivers in an image, and much more. Of course, you don't need to use DISM for this, you can use something like the Microsoft Deployment Toolkit (MDT) 2012 Update 1 to perform the same things. As you'll see in the next demo, MDT actually creates a script that, among other things, runs the DISM command that we just ran. l. When completed, close Windows PowerShell. Page 5 of 11 Sideloading a Windows 8 App Complete the following task on: Win81 - itcamp\bob Note: Now that DISM has loaded the app we can verify that it's been installed for all users on the computer. a. Log into Win81 - itcamp\bob. b. On the Start screen, wait for the Sample app to appear. It may take a moment to populate on the Start screen. 2. Verifying App Installation c. Log into Win81 - itcamp\alice. d. On the Start screen, wait for the Sample app to appear. Note: The DISM tool is the fundamental tool for provisioning an app. However, you will most often use standard distribution tools such as System Center 2012 Configuration Manager, Windows Intune, and Microsoft Deployment Toolkit (MDT) 2012 for app deployment—rather than using DISM directly. Page 6 of 11