Data integrity and security
Professionals and power users often need to
add storage to their systems, and safeguard the integrity of their data.
Regular backup is part of that equation (perhaps using Windows 8’s
File History feature as mentioned above);
but Windows 8’s new Storage Spaces feature kills two birds with one stone.
First, it lets you combine any number of drives – regardless of how they’re
connected – into a single convenient pool, which can be dynamically extended
simply by adding drives at any time. Within this pool, you can configure
mirroring or parity to provide transparent tolerance for one or more drive
failures. Storage Spaces therefore gives you the peace of mind and flexibility
of an extensible RAID enclosure with the effective simplicity of using a single
external or internal drive. Setup is simple: you’ll find the new Storage Spaces
manager under Settings, and creating, extending and repairing pools is a matter
of a few clicks.
“The upgraded Performance tab gives you a
closer graphical look at resource usage”
Windows
8 uses a hibernation-style “fast startup” system
BitLocker in the Professional and
Enterprise editions of Windows 8 now supports hard disks with hardware FDE
(full disk encryption) features, making your data unreadable if the disk is
stolen. It’s also now possible to use BitLocker’s soft-encryption capabilities
to encrypt a drive before installing Windows 8 on it. Microsoft has listened to
complaints about how long it took to encrypt disks in previous BitLocker
implementations, so in Windows 8 you’re given the option of encrypting only the
area that’s in use rather than the entire disk capacity, slashing setup times.
Windows 8 focuses on stability, too. Device
drivers must now be digitally signed by a recognised developer, making it
harder for dubious code to access your system. This doesn’t mean that legacy
hardware is shut out – using the Advanced Startup option in Settings, you can
reboot into a less secure mode in which unsigned drivers can be temporarily
installed.
For businesses looking to secure desktop
clients, Windows 8 also brings support for secure boot on UEFI hardware. This
means the hardware will refuse to boot unsigned or unknown OS loaders, closing
off an avenue often used by rootkit-type malware to compromise a PC. It’s a
feature that’s caused controversy: when Windows 8’s support for secure boot was
announced, users of Linuxbased operating systems and similar projects feared
that “homebrew” systems would be locked out, as their unrecognised boot loaders
would be rejected. In reality, secure boot can be disabled manually by the user
in the BIOS settings, so Linux users can simply carry on as before. IT
departments wishing to enforce secure boot can password-protect the BIOS to
prevent it from being disabled.
Finally, the AppLocker system has been
beefed up in Windows 8, so administrators can now allow or deny specific
packaged applications and installers, rather than having to rely on the more
broad-brush policies supported by the Windows 7 version of AppLocker.
Refresh and reinstall
With the best will in the world, PCs go
wrong. Microsoft understands this – hence the introduction of System Restore in
Windows XP, to enable you to roll back changes if necessary in order to restore
your PC to a previous working state.
“Refresh
your PC” removes the need for system restore discs
Windows 8 takes this idea much further,
introducing two new ways to restore your PC to an earlier state.Under Settings
you’ll now find options to “Refresh your PC” and “Remove everything and
reinstall Windows”. These options are also found in the Troubleshooting
interface that appears at startup if Windows can’t boot properly. These two
options are based on the same concept – an automatic, in-place reinstallation
of Windows that restores the underlying system to pristine condition. The
difference is in the data and settings that are retained. As you’d expect, the
“Remove everything” option wipes the system completely, including your data and
settings. “Refresh” keeps copies of your personal files and remembers important
settings, such as network connections and saved BitLocker keys. It also retains
any “modern” tablet-style apps – as these are heavily sandboxed, they’re unlikely
to be the cause of the problem.
These features may sound pedestrian, but
they mean PC manufacturers no longer need to produce recovery discs and
partitions, and ensure that everybody running Windows 8 can easily revert to a
fresh installation state without losing their data.
Most helpfully, Windows 8 even allows you
to customise your Refresh image. For example, you might choose to take a
snapshot of your system with your Outlook mail configured and Visual Studio
installed, to which you can easily roll back in case of system failure. You can
do this using the new recimg command-line tool. To use it, open a command
prompt as Administrator and enter recimg -CreateImage C:\ (or whichever
directory you like). This will make an image of your PC, place it in the root
of the C drive, and automatically set it as the default Refresh image. Enter
recimg /? to see the full list of options for recimg.
Client Hyper-V
Windows 8 marks the first time Microsoft
has included its Hyper-V virtualisation host in a client OS, although you need
a 64-bit edition of Windows 8 Professional or Enterprise and at least 4GB of
RAM to use it. You’ll also need a processor that supports Second-Level Address
Translation, which in practice means a CPU no more than around two years old.
Client
Hyper-V
The feature isn’t installed by default –
you add it by going into the “Turn Windows features on or off” Settings item
and ticking the box to download it. Sit through a couple of reboots and when
Windows starts up again, the Hyper-V Manager will be available, ready for you
to create or import virtual machines.
Hyper-V is a professional virtualisation
tool that lets you create any number of virtual machines, each with up to 32
cores and 512GB of memory. You can view running virtual machines in a window,
or connect to them through Windows’ remote desktop service to let them take
direct advantage of local hardware, including multiple monitors, audio devices
and USB-connected peripherals. Whether you’re looking to test a software
environment or provide a virtualised service, it will do everything you need.
If your hardware or software doesn’t support
Hyper-V, don’t worry – there are free third-party virtualisation hosts you can
use in much the same way. Two of the most popular are Oracle VirtualBox (www.virtualbox.org) and VMware Player.
Living in a connected world
Windows 8 is the first version of Windows
to link your identity across multiple PCs, using Microsoft Accounts by default
as connected user accounts. This doesn’t mean every system you use will work
identically, but cosmetic settings such as wallpaper can be synchronised
automatically across all the systems you use, as can stored passwords and
credentials. To determine what syncs, you can use the “Sync your settings”
option.
If you want to synchronise documents, you
can use the built-in SkyDrive feature (or a third-party service such as
Dropbox). There’s no way of synchronising desktop applications – this would
clog up small devices, not to mention violate licence agreements. However,
full-screen “Modern” apps are more flexible; if you have the same app installed
on multiple systems, its settings and most recently used state can be
automatically synchronized across them.
The move to online accounts simplifies
matters when it comes to managing home networks. In the past, when parents
wanted to use Windows Family Safety, they had to go through a slightly awkward
process of associating each child’s local user account with an online identity.
Now the single sign-on system manages everything. The Family Safety system
itself has been updated, too, so you can now restrict not only web pages but
also app downloads from the Windows Store to certain age categories. In
addition to the existing “permitted hours settings”, parents have the option of
limiting the total time their offspring spend online, or just using the
computer, on a given day.
Windows 8 is also the first version of the
operating system with a built-in awareness that not all networks are created
equal. 3G mobile internet adapters can now be configured as metered
connections, which won’t be used automatically to download apps and drivers. To
activate this feature, open the Charms menu, select Settings, right-click on
the appropriate connection and select “Set as metered connection”. Windows can
keep track of your estimated data usage over a metered connection, so you can
tell if you’re getting near a data cap; you can also assign different costs to
different adapters, enabling Windows to select the cheapest connection
automatically (Windows will use this by default in preference to any mobile
broadband connection if a Wi-Fi connection is available). If you need to shut
down all your wireless communications, a new “airplane mode” toggle makes it
easy.
Business-friendly features
“Device drivers must now be digitally signed
by a recognised developer”
One novel feature that Microsoft has been
eagerly showing off in demonstrations of Windows 8 is the new Windows To Go
system, which allows you to install the operating system onto a USB flash drive
or external hard disk. The process is fairly automatic – you’re guided through
it by a wizard called the Windows To Go Creator. The volume you create can then
be used to boot any PC it’s plugged into – a boon for remote workers and hot-deskers.
The
process is fairly automatic – you’re guided through it by a wizard called the
Windows To Go Creator.
The way it works has been well thought out:
the first time you start up on new hardware, any necessary drivers are
automatically downloaded and then integrated into the image so that subsequent
boots take place at full speed. Memory caching is used sensibly, so booting and
running over USB 2 is an impressively smooth experience (although USB 3 is
recommended for optimum performance). The system is designed to tolerate the
accidental removal of the system drive, allowing you to resume by reconnecting
the disk within 60 seconds. With full-disk encryption, any security concerns
over losing the drive are eliminated.
Windows To Go has limitations, however –
once you start using a To Go system, there’s no way of automatically
synchronising new documents and desktop applications back to your primary
system. It’s also available in only the Enterprise edition of Windows 8 – not
the Professional edition, which is a mean decision, in our view.
Businesses operating over a wide-area
network will also be pleased by upgrades to the BranchCache feature, which
manages local caching of remote documents and resources so that they can be
opened and accessed quickly, even if the master copies are located at the other
end of the country. When it was introduced in Windows 7 (and its server-side
partner, Windows Server 2008 R2), BranchCache’s capabilities were limited. In
Windows 8 and Server 2012, BranchCache can support any number of remote
branches, and can be silently enabled on client PCs through a group policy.
Deduplication is automatically applied, so only one copy of duplicate data is
stored and synchronised, which minimises bandwidth and storage requirements.
Extensive new configuration options also let administrators manage how much
information is cached where, and for how long.
A final convenience for IT departments is a
set of improvements to the way group policies are managed. The Group Policy
Management Console in Server 2012 now provides a one-click status check,
showing details of all active domain controllers and the state of policy
replication on each one, so you can easily spot any propagation errors. It’s
also now possible to force an immediate group policy update across any
Organisation Unit, so that urgent changes take effect within ten minutes,
rather than having to wait an hour or more for the clients to refresh
themselves. The ten-minute delay is to avoid a sudden bandwidth crunch on large
networks, but can be overridden using the new Invoke-GpUpdate PowerShell
cmdlet.
