Microsoft has embraced this trend with its client and server products and cloud services, and while Windows 8 may seem a bit light on the business technology side, this needs to be viewed in perspective. First, as a superset of Windows 7, Windows 8 does
include all of the business-oriented features and functionality that graced that product, often in upgraded or enhanced form. That means that it shares the same basic deployment tools, manageability, and other back-end technologies, as well as its general feature set.
But Windows 8 also includes some new business-oriented technologies of its own. And while consumers are having fun with the Metro-style experiences that dominate this product, what you’re about to discover is this version of Windows also offers a compelling upgrade case for businesses, too.
Windows 8 isn’t just about Metro. There are numerous updates to the desktop environment, which we discuss in Chapter 4, plus a new desktop version of Internet Explorer, amazing new file and system recovery tools (Chapter 11) and network and connectivity capabilities (Chapter 13). Metro is fun, and beautiful to look at. But Windows 8 is a productivity champion, too. It’s in the product’s DNA.
Most of the features described in this chapter require Windows 8 Pro, the business- and enthusiast-focused version of Microsoft’s latest operating system. Some require Windows 8 Enterprise, which is only available via Microsoft’s volume licensing program, Software Assurance. Those features that also work with the base version of Windows 8 will be noted as such.
Domain Join and Group Policy
When you think about it, traditional home-based Windows PCs are unmanaged in the sense that there’s no central oversight available, either by the head of a household or a central server. This type of computing, which has been formally described as workgroup computing makes a certain amount of sense at home, where each PC is an island of functionality onto itself. In the workplace, however, especially at mid-sized businesses and enterprises where there can be hundreds or thousands of PCs, the go-your-own route doesn’t actually make any sense. Corporations need a central way to manage users, PCs, devices, and other entities, and ways to secure and update their computing products. They need what’s called a managed solution.
The most popular managed solution for businesses is called Active Directory, or AD. It requires a centralized Windows Server infrastructure and uses Group Policy to establish rules for its computing services. While AD and Group Policy haven’t made a lot of headway with smaller businesses—though that could change with the adoption of these services in cloud-based solutions like Windows Azure, Office 365, and Windows Intune—it’s the standard at larger businesses. And chances are, if you’re provided with a PC at work, you’ll be required to sign in to your AD domain, not just to the PC using a local account or Microsoft account. Domain joined computers are controlled via policy, so they can be very restrictive, especially for such things as application installation and certain system customizations. But they’re also typically better locked down from a security standpoint and, when configured properly, allow you to access your company’s secure network resources, even while working remotely.
Domain join works in Windows 8 as it did in previous Windows versions. If your Windows 8 PC hasn’t been pre-configured with your user account, you can sign in to the domain in two ways: from the lock screen or through the Advanced System Properties control panel.
To sign in to your domain from the lock screen, select Other user. Then, in the screen shown in Figure 14-1, you must provide your domain, username, and password credentials.
Figure 14-1: Signing in to a domain from the Windows 8 lock screen
This sign-in must take a specific form, like domain\username or username@domain, in the username field. (Your employer will provide the domain name.) Assuming the domain name is mydomain.com and the username is paul, the username would then be mydomain\paul or paul@mydomain.com.
Alternatively, you can connect to your domain first from a local (or Microsoft) account using the Advanced System Properties control panel. You might use this method if you wanted to access your work account from your own home PC, for example, though again your workplace would likely provide you with additional tools (such as a VPN) or information for making the connection.
First, of course, you must find Advanced System Properties. The easiest way is to use Start Search from the Start screen, type advanced system, and then choose Settings from the Search bar. In the search results list, select View advanced system settings. You’ll see a window like the one in Figure 14-2. (If not, navigate to the Computer Name tab.)
Figure 14-2: Advanced System Properties
To sign in to your domain, click Change. In the Computer Name/Domain Changes window, enable Domain and type your fully qualified domain name (yourdomain.com) in the Domain field. (Again, this will be supplied by work.) Then, in the dialog that appears, type your username only (for example, paul, and not mydomain\paul) and password. You’ll be prompted to log off and then sign in with the new domain account. Here, again, you’ll need to use either the domain\username or username@domain.com syntax for the username (for example, mydomain\paul).
When you sign in with a domain, Windows 8 works largely as it does otherwise, aside from whatever policy-based limitations your corporation has applied. Two obvious areas of difference include the new Metro-style Mail app, which is discussed in Chapter 8: When you run this app, you may be required to accept the workplace’s more stringent Exchange ActiveSync (EAS)-based policy, as you can see in Figure 14-3. This requirement exists outside of whatever domain-based policies you may have in place as well.
Figure 14-3: EAS clients like Mail app will be required to conform to your workplace’s policies before they can be used with a work-based account.
Likewise, the User Account control panels work differently with a domain. We discuss these differences in Chapter 12.
As is the case with each new version of Windows, Windows 8 comes with a number of new group policies that help administrators control new features that are specific to Windows 8. Some of these policies are Windows 8-specific, so they don’t require a certain version of Windows Server. This means they can be used with older versions of Windows Server, like Windows Server 2008 R2. Others are related to technologies that also require Windows Server 2012, the Server version of Windows 8. These products can work in tandem to deliver certain technologies in truly modern workplaces. Suffice to say, that’s pretty rare.
Domain users are probably familiar with the myriad of ways in which their corporate overlords can control their computing experience. And in each new version of Windows, Microsoft adds to these capabilities, which are exposed through a technology called Group Policy, part of Active Directory. To give you a taste of what to expect, Table 14-1 highlights some of the over 150 new Windows 8-specific policies that have been added to Group Policy.