Use the information in the following table to help you plan and
prepare to deploy Windows 8 applications (apps) to
Microsoft System Center 2012
Configuration Manager SP1 clients in your
organization.
| Process |
Reference |
|
Review the available information about the basic concepts for
application management in Configuration Manager.
|
For introductory information about application management, see
Introduction to
Application Management in Configuration Manager.
|
|
Review and implement the prerequisites to deploy applications in
Configuration Manager.
|
For information about the prerequisites for application
management, see Prerequisites for
Application Management in Configuration Manager.
|
|
Configure and test the Application Catalog and Software Center
to enable users to browse for and install software.
|
For information about how to configure the Application Catalog
and Software Center, see Configuring the
Application Catalog and Software Center in Configuration
Manager.
|
|
Review the two different available methods that you can use to
deploy software to computers that run Windows 8:
- Deploy the application by providing a link to
the app in the Windows Store.
- Deploy the app installation file
(.appx file) to computers directly, bypassing the Windows
Store. This process is sometimes called sideloading.
|
No additional information.
|
|
Review the requirements and recommendations to deploy
Windows 8 apps to computers in the company. If you are
deploying a line of business application, work with the application
developers to ensure that the following requirements are met:
- The technical compliance of the App has been
validated to ensure that it provides a consistent Windows 8
application experience, that it meets the minimum technical
requirements for an app, and that it will function correctly on
future versions of Windows.
- The app is signed by a certification
authority (CA) that is trusted by the Windows 8 computers that
will install the app. The publisher name in the package manifest
file must match the publisher name in the certificate that signs
the app.
 Note |
| Microsoft recommends that all apps that are installed by
deploying application installation files are signed by a
certificate that is from a trusted certification authority. By
default, Windows trusts many certification authorities without any
additional configuration. If the signing certificate is from one of
these trusted authorities, you do not need to deploy and manage
additional certificates on Windows 8 computers that will
install the Windows 8 app. You can also use your internal PKI
to sign the app if computers trust the certification authority that
issues the signing certificate.Visual Studio provides a
self-signing test certificate that you can use to test apps
internally. Microsoft recommends that you use these self-signed
certificates for internal testing only and that you do not use them
on production networks for enterprise deployment. |
 Important |
| When you import a Windows 8 app into Configuration Manager, no
validation is done to ensure that the app is signed. Be sure to
take the steps outlined in this topic to sign the application
before you import it into Configuration Manager. |
|
For information about how to validate the technical compliance
of Windows 8 apps, see Testing your app with the
Windows App Certification Kit in the Windows Dev Center.
For information about how to sign apps by using Microsoft Visual
Studio, see Signing an app package
(Windows Store apps) in the Windows Dev Center.
|
|
Configure Windows 8 computers to allow direct installation
of Windows 8 apps. To do so, use group policy to configure the
following sideloading registry settings:
| Note |
| Client computers that run different versions of Windows 8 have
different requirements for enabling the sideloading of apps. For
example, you must configure the sideloading key on a computer that
runs Windows 8 Enterprise if the computer is not joined to a
domain. For more information about these requirements, see the
section Windows 8 Sideloading Requirements
in this topic. |
- On computers that run enterprise versions of
Windows 8 Enterprise, use this registry setting:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps
= 1
- On computers that run Windows 8
Professional, use this registry setting:
HKEYLOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps
= 1
|
For more information about how to configure group policy
preferences in order to configure registry settings, see your
Windows documentation.
|
|
When you create an application of the type Windows app
package (in the Windows Store), you must browse to a reference
computer and select the application in order to create a link.
Before you can do this, you must prepare the reference computer to
receive Web Service Management (WS-Management) requests from the
Configuration Manager console.
|
See Prepare the Reference Computer for
Application Browsing in this topic.
|
Use the following information when the steps in the
preceding table require supplemental procedures.
Prepare the Reference Computer for
Application Browsing
Perform the following procedure to configure an HTTPS
connection between the computer that runs the Configuration Manager
console and the reference computer, which is the Windows 8 computer
that contains the Windows Store applications to be browsed.
To prepare the reference
computer
-
Ensure that the account you use to log on to the
computer that runs the Configuration Manager console has
Administrator permissions on both the computer running the console
and on the reference computer.
-
At a command prompt on the reference computer, enter
the following command to create an HTTPS-based listener:
| |
 Copy Code |
winrm qc –Transport:HTTPS
|
-
On the reference computer, enter the following command
to allow Windows PowerShell to make remote connections to the
computer:
| |
Copy Code |
enable-psremoting
|
-
On the reference computer, enter the following command
to remove the HTTP-based listener that was enabled by the previous
command:
| |
Copy Code |
winrm delete winrm/config/Listener?Address=*+Transport=HTTP
|
-
On the reference computer, configure a Windows Firewall
inbound rule for port 5986, which is the default HTTPS port that
will be used for communication.
Windows 8 Sideloading Requirements
Use the following table to understand when you must
configure the sideloading keys in Windows 8 in order to enable the
direct installation of applications:
| Windows 8 version |
Configure AllowAllTrustedApps registry key |
Domain joined |
Sign .appx file with trusted enterprise code signing
certificate |
Sideloading key required |
|
Windows 8 Enterprise
|
Yes
|
Yes
|
Yes. Code signing certification authority is trusted on Windows
8 clients.
|
Required if Enterprise client is not joined to a domain
|
|
Windows 8 Professional
|
Yes
|
Not required
|
Yes. Code signing certification authority is trusted on Windows
8 clients.
|
Yes
|
|
Windows RT
|
Yes
|
Not required
|
Yes. Code signing certification authority is trusted on Windows
8 clients.
|
Yes
|
|
Windows 8 Server
|
Yes
|
Yes
|
Yes. Code signing certification authority is trusted on Windows
8 clients.
|
Does not support sideloading key
|
| Note |
| Windows 8 Home versions do not support enterprise
sideloading. |
