Windows 7 Resource Kit- P16

Chia sẻ: Thanh Cong | Ngày: | Loại File: PDF | Số trang:50

0
47
lượt xem
2
download

Windows 7 Resource Kit- P16

Mô tả tài liệu
  Download Vui lòng tải xuống để xem tài liệu đầy đủ

Tham khảo tài liệu 'windows 7 resource kit- p16', công nghệ thông tin, hệ điều hành phục vụ nhu cầu học tập, nghiên cứu và làm việc hiệu quả

Chủ đề:
Lưu

Nội dung Text: Windows 7 Resource Kit- P16

  1. Administrators can prevent users from modifying the Device Installation Settings on their computers by using Group Policy . For more information, see the section titled “Managing Device Installation Using Group Policy” later in this chapter . Using the Devices and printers Folder Devices And Printers is a new Start menu and Control Panel item in Windows 7 that provides users with a single location where they can discover, connect, configure, use, and manage devices connected to their computers . In previous versions of Windows, there was no central location where users could view and manage wired and wireless devices connected to their computers . Beginning with Windows 7, however, users can now use the Devices And Printers folder to view and manage all devices connected to or discovered by their computer, includ- ing printers, fax machines, scanners, cameras, removable storage devices, networked devices, paired WiFi and Bluetooth devices, multifunction devices (which appear as a single device), and other machines . Figure 17-1 shows the Devices And Printers folder on a computer that has a printer, web- cam, and music player attached to it . FIgURE 17-1 The new Devices And Printers folder in Windows 7 Features of the Devices And Printers folder include: n A context-sensitive command bar that varies depending upon the device selected . Regardless of which device is selected, the command bar always displays the Add A Device (which is used for discovering and connecting with wireless devices) and Add A Printer (which launches the Add Printer wizard) options . Understanding Device Installation and Management CHapTER 17 703 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  2. n A context-sensitive right-click menu that also varies depending upon the device selected . For example, you can access the properties for a device by right-clicking the device and selecting Properties . These properties pages are extensible by the device manufacturer, who can add additional tabs and register them for device management and configuration purposes . Note that the default double-click action for the right- click menu is also configurable . n A device metadata system and a set of XML schemas that device vendors can use to customize the way their devices are presented to users in the Devices And Printers folder . For example, Devices And Printers can automatically download additional meta- data for a newly connected device to display a photorealistic image of the device and additional manufacturer information that is not available from the hardware or device driver . For more information, see the section titled “Device Metadata System” later in this chapter . n Integration with the new Device Stage feature of Windows 7, which is discussed in the next section of this chapter . The Windows 7 computer itself appears as a device within the Devices And Printers folder . As Figure 17-2 illustrates, right-clicking your computer device icon displays a menu of actions that you can perform to configure and manage your computer . FIgURE 17-2 The context menu for the computer device icon in Devices And Printers note advanced users can perform even more device configuration tasks, such as rolling back drivers, by right-clicking the computer device icon in Devices and printers, selecting System properties, and selecting Device Manager. 704 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  3. Understanding Device Stage Device Stage is a new, intuitive visual interface for supported devices that makes it easier for users to configure, use, and manage devices connected to their computers . Microsoft is work- ing with IHVs to help them support Device Stage for their devices . Currently, Device Stage is supported by only a small selection of multifunction printers, music players, and mobile phones . Figure 17-3 shows the new UI for a device that supports Device Stage, which shows brand- ing information and various tasks from which the user can choose to use and manage the device . In addition, when the Device Stage UI is open for a device, a photo-realistic shell icon for the device is displayed on the taskbar . Clicking this icon displays a thumbnail preview of the device and of the Device Stage UI for the device . FIgURE 17-3 An example of the Device Stage user interface for a compatible device Understanding the Device Experience architecture Figure 17-4 shows the architecture of the new device experience in Windows 7 . New elements of Windows 7 include: n Two new UIs (the Devices And Printers folder and the Device Stage experience) . n Two underlying features (Device Display Object and Device Metadata System) that make the new UIs possible . The device manufacturer must supply the following for each device: n XML metadata for the device, which includes both Device Stage XML and Device Display XML metadata n Vendor applications for using the device, which may be Web applications and/or Windows applications n Device drivers for physical layer connectivity with and use of the device These features of the Windows 7 device experience are described in more detail below . Understanding Device Installation and Management CHapTER 17 705 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  4. Web Windows Windows Applications Applications Features Device Display XML Device Stage XML Devices and Device Stage Printers Windows Shell Partner Software Device Portable Device Display Other classes Object Scanner New for Printer FAX Windows 7 Function Discovery Windows Device Partner Physical Layer Metadata Hardware (USB, Wi-Fi, Bluetooth, …) System FIgURE 17-4 The architecture of the new device experience in Windows 7 DEVICE CONTaINERS Because of the growing popularity of multifunction devices, such as printer/copier/fax /scanners, the PnP architecture has been enhanced in Windows 7 to support the detecting and grouping together of the different functions that a device supports . This new feature is called device container, a new PnP device property that groups device functions together into a single container representing the physical device . Device containers preserve the existing devnode model of Windows while providing users with a more natural representation of a physical device . (A devnode is an internal structure that represents a device on a system . It contains the device stack and information about whether the device has been started and which drivers have registered for notification on the device . Each device on a computer has a devnode, and these devnodes are organized into a hierarchical device tree . The Plug and Play Manager creates a devnode for a device when the device is configured .) By using device containers, a multifunction device such as a printer/copier/fax/scanner can be presented to the user as a single device icon in the Devices And Printers folder (and also in the Device Stage interface if this is supported by the device) . Device containers are identified by a container ID, which is a globally unique identifier (GUID) that is individual to each physical device . The container ID for a device is generated automatically by PnP . All devnodes belong- ing to the device container on a given bus share the same container ID . DEVICE DISpLaY OBJECT The Device Display Object is responsible for acquiring the XML metadata for a device and using it to render that device in the Devices And Printers folder (and in the Device Stage UI if the device supports Device Stage) . The Device Display Object includes the Device Metadata 706 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  5. Retrieval Client (DMRC), which matches devices to Device Stage metadata packages . The De- vice Display Object is an internal feature of Windows 7 and is not configurable . DEVICE METaDaTa SYSTEM The Device Metadata System is new in Windows 7 and provides a process for defining and distributing metadata packages for devices that users connect to their computers . Device metadata is information that enriches the way that devices are displayed by and used with Windows; it consists of two types of metadata: n Device Display XMl metadata This type of metadata is conceptually similar to sleeve art for music CDs and allows a photorealistic device icon to be displayed along with additional device information, such as manufacturer, model, and description fields . Figure 17-5 shows an example of how Device Display XML metadata can enhance how the device is displayed in the Devices And Printers folder . (The bottom portion of the Devices And Printers window in the figure has been enlarged by dragging its upper border upward .) n Device Experience XMl metadata This type of metadata is conceptually similar to a simple Web page and is used by the Device Stage UI . For example, such metadata can enable branding by allowing background and overlay images to be displayed and can display a large, photorealistic image of the device, provide real-time device status information, display a vendor logo and marketing information, and describe what the user can do with the device . See Figure 17-3 earlier in this chapter for an example of how this metadata can be used to display a device that supports Device Stage . FIgURE 17-5 Device Display XML metadata can enhance how a device is displayed . Understanding Device Installation and Management CHapTER 17 707 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  6. The device metadata system for Windows 7 delivers device metadata in the form of a package . This package consists of XML files, graphics files, and icon files and typically contains the following: n PackageInfo.xml Contains the hardware IDs, model ID, timestamp, schemas, and index and locale information for the device n DeviceInfo.xml Contains additional device information with an icon file for the device n WindowsInfo.xml Contains additional information needed by Windows If the device supports Device Stage, the following additional metadata files are included in the device metadata package: n Behavior.xml Defines the layout of the Device Stage UI with any branding graphics included by the vendor n Task.xml Defines the tasks that the user can perform with the device using the Device Stage interface with associated icons and commands for these tasks n Resource.xml Contains any localized resources needed for the Device Stage interface note XML metadata can be associated with a device using either the hardware ID or model ID of the device, with model ID being the preferred method. IHVs that create metadata packages for their devices must submit this metadata to Windows Quality Online Services (Winqual) . This must be done to validate the quality of the metadata and digitally sign the package to guard against tampering . Once the package has been signed by Winqual, it can be distributed to users by the following methods: n Embedding the metadata in the hardware of the device n Including the metadata in the vendor’s software that is included with the device n Installing the metadata on user's computers as an Original Equipment Manufacturer (OEM) add-on n Making the metadata available for download from Windows Metadata and Internet Services (WMIS) When a device is first connected to a Windows 7 computer, Windows acquires the metadata for the device by using the following process: 1. The DMRC checks the computer's local metadata cache and metadata store for meta- data that applies to the device . 2. If no metadata is found for the device, the DMRC visits the WMIS Web site to determine whether any metadata is available for the device . 3. If no metadata is available for the device from WMIS, a standard icon is displayed for the device and descriptive information found in the device's driver is displayed . The 708 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  7. device is then displayed in the Unspecified Device section at the bottom of the Devices And Printers folder . 4. If metadata is found and downloaded for the device from WMIS, the Device Display Object feature parses the metadata and uses it to display the device in the Devices And Printers folder (and in the Device Stage interface if the device supports Device Stage) . Users can opt out of downloading metadata from WMIS by configuring the Device Instal- lation Settings on their computers . For more information, see the section titled “Configur- ing Device Installation Settings” earlier in this chapter . Administrators can also prevent the downloading of metadata from WMIS by using Group Policy . See the following section titled “Managing Device Installation Using Group Policy” for information . note Some older systems may display some internal devices, such CD/DVD-ROM drives, USB root hubs, and other devices, as separate devices in the Devices and printers folder because the system is reporting these devices as removable when they actually are not. Updating the basic input/output (BIOS) on these older systems may resolve this problem. Managing Device Installation Using Group policy Group Policy is the recommended method for managing device installation behavior across an enterprise network where Active Directory Domain Services is deployed . The following sections summarize the various policy settings available for managing the device installation experience on Windows 7 . Managing Device Installation Behavior Policy settings for controlling device installation behavior in Windows 7 are found under the following node in Group Policy Object Editor: Computer Configuration\Policies\Administrative Templates\System\Device Installation Policies controlling device installation behavior, described in Table 17-1, are per-computer policies only . They may apply to Windows Vista and Windows Server 2008 only, to Windows 7 and Windows Server 2008 R2 only, or to all of these platforms—see the first column of the table for more information on which platforms to apply each policy . Policy settings that are new in Windows 7 are prefixed with an asterisk (*) . Policy settings that were introduced in Windows Vista but have now been deprecated in Windows 7 are prefixed with two asterisks (**) . Although configured policy settings will be available for use on the computer without a reboot, they will take effect for only device installations initiated after the policy settings have been applied . In other words, the policy settings are not retroactive, and they will not affect the state of any devices that were installed previously . Understanding Device Installation and Management CHapTER 17 709 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  8. TABlE 17-1 Policies for Managing Device Installation Behavior POlICy NAME DESCRIPTION Allow Remote Specifies whether remote access to the PnP interface is allowed . Access To The Plug If you enable this setting, remote connections to the PnP inter- And Play Interface face will be allowed . If you disable or do not configure this setting, the PnP interface (Applies to will not be available remotely . Windows Vista or Note that this policy should be enabled only if the administrator later versions) of the system requires the ability to retrieve information about devices on this system from another remote computer, such as using Windows Device Manager to connect to this system from a remote computer . Configure Device Specifies the number of seconds the system will wait for a device Installation Timeout installation task to complete . If the task is not completed within the specified number of seconds, the system will terminate the installation . (Applies to Windows Vista or If you disable or do not configure this setting, the system will later versions) wait 300 seconds (5 minutes) for any device installation task to complete before terminating installation . **Do Not Create If you enable this setting, system restore points will not be System Restore created when a new device driver is installed or updated . Point When New If you disable or do not configure this setting, a system restore Device Driver In- point will be created whenever a new driver is installed or an stalled existing device driver is updated . (Applies only to Windows Vista and Windows Server 2008) Do Not Send A If you enable this setting, a Windows error report will not be sent Windows Error when a generic driver is installed . Report When A If you disable or do not configure this setting, a Windows error Generic Driver Is report will be sent when a generic driver is installed . Installed On A Device (Applies to Windows Vista or later versions) 710 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  9. POlICy NAME DESCRIPTION *Prevent Creation Lets you prevent Windows from creating a system restore point Of A System during device activity that normally prompts Windows to create Restore Point a system restore point . Windows usually creates restore points During Device for certain driver activity, such as the installation of an unsigned Activity That Would driver . A system restore point enables you to restore your system Normally Prompt to its state before the activity more easily . Creation Of A If you disable or do not configure this policy setting, Windows Restore Point creates a system restore point as it normally does . Note: This policy setting replaces the Do Not Create System (Applies to Restore Point When New Device Driver Installed policy setting Windows Vista or used in Windows Vista . later versions) *Prevent Device If you enable this policy setting, Windows does not retrieve Metadata Retrieval device metadata for installed devices from the Internet . This From The Internet policy setting overrides the setting in the Device Installation Settings dialog box on the user's computer . (Applies only to If you disable or do not configure this policy setting, the setting Windows 7 and in the Device Installation Settings dialog box controls whether Windows Server Windows retrieves device metadata from the Internet . 2008 R2) *Prevent Windows If you enable this policy setting, Windows does not send an error From Sending An report when a device driver that requests additional software is Error Report When installed . A Device Driver If you disable or do not configure this policy setting, Windows Requests Additional sends an error report when a device driver that requests Software During additional software is installed . Installation (Applies only to Windows 7 and Windows Server 2008 R2) Understanding Device Installation and Management CHapTER 17 711 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  10. POlICy NAME DESCRIPTION Prioritize All When selecting which driver to install, do not distinguish Digitally Signed between drivers signed by a Windows Publisher certificate and Drivers Equally drivers signed by others . During The Driver If you enable this setting, all valid Authenticode signatures are Ranking And treated equally for the purpose of selecting a device driver to Selection Process install . Selection is based on other criteria (such as matching hardware or compatible IDs) rather than whether the driver (Applies to was signed by a Windows Publisher certificate or by another Windows Vista or Authenticode certificate . A signed driver is still preferred over later versions) an unsigned driver . However, drivers signed by Windows Publisher certificates are not preferred over drivers signed by other Authenticode certificates . If you disable or do not configure this setting, drivers signed by a Windows Publisher certificate are selected for installation over drivers signed by other Authenticode certificates . Note: In Windows Vista, this policy setting was named Treat All Digitally Signed Drivers Equally In The Driver Ranking And Selection Process . *Specify Search If you enable this policy setting, you can select whether Windows Order For Device searches Windows Update first, searches Windows Update last, or Driver Source does not search Windows Update . Locations If you disable or do not configure this policy setting, members of the Administrators group can determine the order in which (Applies only to Windows searches source locations for device drivers . Windows 7 and Windows Server 2008 R2) Turn Off “Found If you enable this setting, “Found New Hardware” balloons will New Hardware” not appear while a device is being installed . Balloons During If you disable or do not configure this setting, “Found New Hard- Device Installation ware” balloons will appear while a device is being installed unless the driver for the device has suppressed the balloons . (Applies to Windows Vista or later versions) Best practices for configuring these policy settings include the following: n To ensure that users of Windows 7 computers have an optimal device experience, enable the Specify Search Order For Device Driver Source Locations policy setting and configure the setting to Search Windows Update First . This will prevent users from 712 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  11. being able to modify their device installation settings, as described in the section titled “Configuring Device Installation Settings” earlier in this chapter . n If you enable the Configure Device Installation Timeout policy setting, you cannot specify a time shorter than the default value of 300 seconds . Some devices, such as re- dundant array of independent disks (RAID) controllers and other boot-critical devices, can take a long time to initialize, and the default value for this setting was chosen to accommodate PnP installation of such devices to prevent boot failure . The reason an installation time-out value is specified at all is that improperly written driver installa- tion packages can stop responding during installation, causing the system itself to stop responding . This was a problem in earlier versions of Windows because an improperly written driver could cause an interactive prompt to be displayed in the background where it couldn’t be accessed . In Windows Vista, however, device installation has been moved out of Newdev .dll into the PnP service (DrvInst .exe), and the PnP service starts a separate, new process instance for each device installation . These architectural changes to how device installation works in Windows Vista make it much harder for an improp- erly written driver to make the PnP service stop responding . If the installation process instance does stop responding, however, the time-out value set here kills the process and displays the Add New Hardware wizard, allowing the user to specify a different driver to install . However, the reason for allowing administrators to be able to config- ure this policy setting is that if the administrator knows that the installation of some driver package(s) on some device(s) will take longer than the default time-out period (but not actually stop responding from the UI), she can allow the system to wait for a longer period of time for the installation to complete . Managing Driver Installation Behavior Policy settings for controlling driver installation behavior, including driver signing and driver search, are found under Computer Configuration\Policies\Administrative Templates\System \Driver Installation or User Configuration\Policies\Administrative Templates\System\Driver Installation, or both . However, the only driver installation policy setting that still applies in Windows 7 is the one that can be used to manage the driver installation behavior for standard users, specifically the following machine policy setting: Computer Configuration\Policies\Administrative Templates\System\Driver Installation \Allow Non-Administrators To Install Drivers For These Device Setup Classes This policy applies to Windows Vista or later versions and can be used to specify a list of device setup class GUIDs describing device drivers that standard users can install on the system . Enabling this setting allows users to install new drivers for the specified device setup classes . (The drivers must be signed according to Windows Driver Signing Policy or by pub- lishers already in the TrustedPublisher store .) Disabling this policy setting or leaving it Not Configured means that only members of the local Administrators built-in group can install new device drivers on the system . Understanding Device Installation and Management CHapTER 17 713 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  12. To configure this policy, follow these steps: 1. Using Group Policy Object Editor on a Windows Vista computer, open the Group Policy object (GPO) linked to the organizational unit (OU) where your target users have their computer accounts . 2. Navigate to the policy setting and double-click it to open it . 3. Enable the policy . Click Show and then click Add . 4. Type the GUID for the device setup class for the device type that you want to allow standard users to be able to install on computers targeted by the GPO . For example, to allow users to install imaging devices, such as digital cameras and scanners, type {6bdd1fc6-810f-11d0-bec7-08002be2092f} in the Add Item text box . Continue by adding other GUIDs as needed . MoRe inFo For a list of device setup classes and their GUIDs, see http://msdn2.microsoft.com/en-US/library/ms791134.aspx. Blocking Installation of Removable Devices Policy settings for blocking device installation are found under the following node in the Group Policy Object Editor: Computer Configuration\Policies\Administrative Templates\System\Device Installation \Device Installation Restrictions 714 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  13. Policies for blocking device installation, described in Table 17-2, are per-computer policies only . All but one of these policies apply to Windows Vista or later versions (the policy setting marked with an asterisk applies only to Windows 7 and Windows Server 2008 R2) . In addition, two of these policy settings (marked with a double asterisk) have been updated in Windows 7 with new functionality . Configured policy settings will be applied during the next background refresh of Group Policy . In other words, these policies do not require a reboot or logon/logoff to take effect after you configure them . TABlE 17-2 Computer Policies for Blocking Device Installation POlICy NAME DESCRIPTION Allow Administrators Allows members of the Administrators group to install and update To Override Device the drivers for any device, regardless of other policy settings . Installation If you enable this setting, administrators can use Add Hardware Restriction Policies wizard or Update Driver wizard to install and update the drivers for any device . (Applies to Windows If you disable or do not configure this setting, administrators are Vista or later versions) subject to all policies that restrict device installation . If this computer is a Remote Desktop server, enabling this policy also affects redirection of the specified devices from a Remote Desktop client to this computer . Allow Installation Of Specifies a list of PnP hardware IDs and compatible IDs that describe Devices That Match devices that can be installed . This setting is intended for use only Any Of These Device when the Prevent Installation Of Devices Not Described By Other IDs Policy Settings setting is enabled and does not take precedence over any policy setting that would prevent a device from being installed . (Applies to Windows Vista or later versions) If you enable this setting, any device with a hardware ID or compat- ible ID that matches an ID in this list can be installed or updated if that installation has not been prevented specifically by any of the following policy settings: Prevent Installation Of Devices That Match Any Of These Device IDs, Prevent Installation Of Devices For These Device Classes, or Prevent Installation Of Removable Devices . If another policy setting prevents a device from being installed, the device cannot be installed even if it is also described by a value in this policy setting . If you disable or do not configure this setting and no other policy describes the device, the Prevent Installation Of Devices Not Described By Other Policy Settings setting determines whether the device can be installed . If this computer is a Remote Desktop server, enabling this policy also affects redirection of the specified devices from a Remote Desktop client to this computer . Understanding Device Installation and Management CHapTER 17 715 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  14. POlICy NAME DESCRIPTION Allow Installation Specifies a list of device setup class GUIDs describing devices that Of Devices Using can be installed . This setting is intended for use only when the Drivers That Match Prevent Installation Of Devices Not Described By Other Policy These Device Setup Settings setting is enabled and does not have precedence over Classes any setting that would prevent a device from being installed . If you enable this setting, any device with a hardware ID or compat- (Applies to Windows ible ID that matches one of the IDs in this list can be installed or Vista or later versions) updated if that installation has not been specifically prevented by any of the following policy settings: Prevent Installation Of Devices That Match Any Of These Device IDs, Prevent Installation Of De- vices For These Device Classes, or Prevent Installation Of Remov- able Devices . If another policy setting prevents a device from being installed, the device cannot be installed even if it is also described by a value in this setting . If you disable or do not configure this setting and no other policy describes the device, the setting Prevent Installation Of Devices Not Described By Other Policy Settings determines whether the device can be installed . If this computer is a Remote Desktop server, enabling this policy also affects redirection of the specified devices from a Remote Desktop client to this computer . Display A Custom Specifies a customized message that is displayed to the user in the Message Title When title of the notification balloon when policy prevents the installation Installation Is of a device . Prevented By Policy If you enable this setting, this text is displayed as the title text of the message displayed by Windows Vista whenever device installa- (Applies to Windows tion is prevented by policy . Vista or later versions) If you disable or do not configure this setting, Windows Vista displays a default title whenever device installation is prevented by policy . Note: In Windows Vista, this policy was named Display A Custom Message When Installation Is Prevented By Policy (Balloon Title) . Display A Custom Specifies a customized message that is displayed to the user in the Message When text of the notification balloon when policy prevents the installa- Installation Is tion of a device . Prevented By Policy If you enable this setting, this text is displayed as the main body text of the message displayed by Windows Vista whenever device (Applies to Windows installation is prevented by policy . Vista or later versions) 716 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  15. POlICy NAME DESCRIPTION If you disable or do not configure this setting, Windows Vista displays a default message whenever device installation is prevented by policy . Note: In Windows Vista, this policy was named Display A Custom Message When Installation Is Prevented By Policy (Balloon Text) . Prevent Installation This setting controls the installation policy for devices that are not Of Devices Not specifically described by any other policy . Described By Other If you enable this setting, any device that is not described by either Policy Settings Allow Installation Of Devices That Match These Device IDs or Allow Installation Of Devices For These Device Classes cannot be installed (Applies to Windows or have its driver updated . Vista or later versions) If you disable or do not configure this setting, any device that is not described by the Prevent Installation Of Devices That Match Any Of These Device IDs, Prevent Installation Of Devices For These Device Classes, or Deny Installation Of Removable Devices policies can be installed and have its driver updated . If this computer is a Remote Desktop server, enabling this policy also affects redirection of the specified devices from a Remote Desktop client to this computer . **Prevent Installation Lets you specify a list of PnP hardware IDs and compatible IDs Of Devices That Match for devices that Windows is prevented from installing . This policy Any Of These Device setting takes precedence over any other policy setting that allows IDs Windows to install a device . If you enable this policy setting, Windows is prevented from install- (Applies to Windows ing a device whose hardware ID or compatible ID appears in the list Vista or later versions you create . If you enable this policy setting on a remote desktop and is updated in server, the policy setting affects redirection of the specified devices Windows 7) from a remote desktop client to the remote desktop server . If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings . Note: This policy has been updated in Windows 7 to add retro- active uninstall functionality, that is, to enable the removal of devices that were installed before the application of the policy (for example, during an OEM preload of Windows onto a system) . To enable retroactive uninstall functionality, enable the policy setting and select the Also Apply To Matching Devices That Are Already Installed check box . Then be sure to enable and configure the Time (In Seconds) To Force Reboot When Required For Policy Changes To Take Effect policy setting because uninstalling previously installed devices will trigger a reboot . Understanding Device Installation and Management CHapTER 17 717 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  16. POlICy NAME DESCRIPTION **Prevent Installation Lets you specify a list of device setup class GUIDs for device drivers Of Devices Using that Windows is prevented from installing . This policy setting takes Drivers That Match precedence over any other policy setting that allows Windows to These Device Setup install a device . Classes If you enable this policy setting, Windows is prevented from install- ing or updating device drivers whose device setup class GUIDs (Applies to Windows appear in the list you create . If you enable this policy setting on Vista or later versions a remote desktop server, the policy setting affects redirection of and is updated in the specified devices from a remote desktop client to the remote Windows 7) desktop server . If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings . Note: This policy has been updated in Windows 7 to add retroactive uninstall functionality, that is, to enable the removal of devices that were installed before the application of the policy (for example, during an OEM preload of Windows onto a system) . To enable retroactive uninstall functionality, enable the policy setting and select the Also Apply To Matching Devices That Are Already Installed check box . Then be sure to also enable and configure the Time (In Seconds) To Force Reboot When Required For Policy Changes To Take Effect policy setting because uninstalling previously installed devices will trigger a reboot . Prevent Installation Prevents removable devices from being installed . Of Removable Devices If you enable this setting, removable devices may not be installed, and existing removable devices cannot have their drivers updated . (Applies to Windows If you disable or do not configure this setting, removable devices Vista or later versions) can be installed and existing removable devices can be updated as permitted by other policy settings for device installation . Note: This policy setting takes precedence over any other policy settings that allow a device to be installed . If this policy setting prevents a device from being installed, the device cannot be installed or updated, even if it matches another policy setting that would allow installation of that device . For this policy, a device is considered removable when the drivers for the device to which it is connected indicate that the device is removable . For example, a USB device is reported to be removable by the drivers for the USB hub to which the device is connected . If this computer is a Remote Desktop server, enabling this policy also affects redirection of the specified devices from a Remote Desktop client to this computer . 718 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  17. POlICy NAME DESCRIPTION *Time (In Seconds) If you enable this setting, set the number of seconds that you want To Force Reboot the system to wait until a reboot to enforce a change in device When Required For installation restriction policies . (The default is 120 seconds .) Policy Changes To If you disable or do not configure this setting, the system will not Take Effect force a reboot . Note: If no reboot is forced, the device installation restriction right (Applies only to will not take effect until the system is restarted . Windows 7 and Windows Server 2008 R2) MoRe inFo For information on how to identify device IDs for pnp devices, see http://msdn2.microsoft.com/en-us/library/ms791083.aspx. Managing Device Redirection Behavior A new addition to Windows 7 is a number of policy settings that you can use to control the redirection of USB devices on your system . These policy settings are supported only on Windows 7 and Windows Server 2008 R2 and are machine policies that are found in the following location: Computer Configuration\Policies\Administrative Templates\System\Device Redirection \Device Redirection Restrictions The two policies available for configuration are as follows: n Prevent Redirection Of USB Devices Prevents redirection of USB devices . • If you enable this setting, an alternate driver for USB devices cannot be loaded . • If you disable or do not configure this setting, an alternate driver for USB devices can be loaded . n Prevent Redirection Of Devices That Match Any Of These Device IDs Prevents redirection of specific USB devices (see Figure 17-6) . • If you enable this setting, an alternate driver for the USB device cannot be loaded . • If you disable or do not configure this setting, an alternate driver for the USB device can be loaded . Understanding Device Installation and Management CHapTER 17 719 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  18. FIgURE 17-6 Details of the new Prevent Redirection Of Devices That Match Any Of These Device IDs policy setting Troubleshooting Device Installation The following sections outline specific troubleshooting steps with regard to device installa- tion . For general guidance on troubleshooting hardware problems in Windows 7, see Chapter 30, “Troubleshooting Hardware, Driver, and Disk Issues .” Using Event Logs Windows event logs can be useful for troubleshooting device installation problems and driver issues . In addition to checking the System Event Log, you should check the Operational Event Logs under Applications And Services Logs\Microsoft\Windows\DriverFrameworks-UserMode when experiencing problems installing devices and device drivers . For more information on using Event Viewer, see Chapter 21, “Maintaining Desktop Health .” Using WinSaT WinSAT is a tool included in Windows 7 that provides a benchmark of system performance based on ratings of the following hardware: n Processor n Physical memory (RAM) n Hard disk (%SystemDrive% only) 720 CHapTER 17 Managing Devices and Services Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  19. n Graphics and gaming graphics WinSAT results are saved in both the registry and in an XML file saved in the %SystemRoot% \Performance\WinSAT\Datastore directory . You can also run WinSAT on demand by opening Performance Information And Tools in Control Panel and clicking Re-run The Assessment . WinSAT stores a history of up to one hundred system assessments and discards the oldest assessment when the limit is reached . WinSAT never deletes the initial assessment produced during the Machine Out-Of-Box Experience (MOOBE) . WinSAT can also be useful to determine which drivers are slowing down the boot process or blocking a system from Sleep mode . Problem drivers will be flagged under Performance Issues with messages such as “Drivers are causing Windows to start slowly” or “Drivers are interfering with Windows entering sleep mode .” The solution to these situations is usually to update the problem drivers . However, these messages might also be reported as a result of configuration issues with devices . Using Windows Error Reporting When a device driver or device install fails for any reason, the user is prompted to send infor- mation to Microsoft using WER, where Microsoft, ISVs, and IHVs can analyze the information and provide updated drivers if needed . When a user makes a report, an entry is created on the WER site, logging the problem . Data is collected for the following types of device installation failures: n Device errors Errors with distinct Device Manager codes . n Import errors Problems staging device drivers . n Install errors Reported when a driver has successfully staged but fails to install when the device is connected to the system . n Driver not found Reported when a matching driver package cannot be located . n Driver protection errors WRP processing errors: driver is flagged as protected but fails to meet criteria . n generic driver found Reported when a specific driver for a device is not available and Windows Vista installs a generic driver . n Windows Update errors When a user encounters one of these errors and elects to report it, additional data is collected . The data gathered depends on the nature of the problem . In each case, WER tracks the following information: n Number of users (hits) who have seen the same problem in the last 30 days n Number of hits per locale (English, German, French, and so on) n Number of hits by operating system version n Total number of hits n Bugs filed on this problem Understanding Device Installation and Management CHapTER 17 721 Please purchase PDF Split-Merge on www.verypdf.com to remove this watermark.
  20. Developers use the information gathered to track high-profile driver requests and petition manufacturers to provide drivers through either Windows Update or the WER interface itself . Both internal Microsoft employees and manufacturers have access to WER data and the Winqual site found at https://winqual.microsoft.com . If a driver becomes available, it can be added to the response portion of the WER interface . After users elect to report the data, they are prompted to fill out a survey . (Note that if the IHV or ISV creates a response for the given error, the user can see the response without filling out a survey .) This response may be edited to provide a link to the driver on the third-party Web site, which should decrease the number of support calls requesting drivers for devices . note By default, Windows 7 sends a Windows error report when a generic driver is installed on a device. You can use Group policy to modify this behavior. See the section titled “Managing Device Installation Behavior” earlier in this chapter for more information. Using the SetupapI Log File In Windows XP, the SetupAPI .log found under %Windir% is a plain text log file that you can use to troubleshoot issues with installing devices . Beginning with Windows Vista, this log is moved to %Windir%\Inf and consists of two separate log files: SetupAPI .app .log and SetupAPI .dev .log . Each log file is made up of distinct sections, with each section representing one device install . >>> Section header Device Driver install section 1 > Section header Device Driver install section 2 > Section header Device Driver install section 3
Đồng bộ tài khoản