Starter Guide for Windows 11 IoT Enterprise

sdfsadf


		Starter Guide for Windows® 11 IoT Enterprise
		By Sean D. Liming and John R. Malin Windows® 11 IoT Enterprise is a special version of Windows 11 designed for OEMs to build Embedded Systems. To help to create custom images, the Windows® System Image Manager (SIM) tool allows PC Manufacturers, IT Managers, and IoT/Embedded Developers to automate the installation of Windows operating systems. SIM allows developers to install applications, device drivers, and Windows updates along with the Windows operating system. The ability to automate operating system installation helps to remove any human error that can occur with manual installation. The ability to maintain and support many platforms over a long life-cycle is also an important asset in today’s ever-changing technology. To perform all these tasks, a solid workflow to develop the image from the ground up is important. Updated Development Workflow – A development process that has been in use since Windows XP Embedded and evolved over the different Windows Embedded/IoT releases. The development workflow provides the best-known steps to create and maintain a custom image using System Image Manager. Lockdown – Security is becoming more paramount in a globally connected world. Three chapters break down the different features to lockdown a system: shell interface, filters, and built in security features. Synchronous command scripts – SIM doesn’t have a setting for everything. The downloads for the book contain some of the more popular scripts for custom settings such as sticky keys, network IP setup, hide the taskbar, and visual effects. Other tools – the book covers the Shell Launcher, UWF, display, audio, and Keyboard Filter utilities from Annabooks, as well as, other tools for partitioning disks and setting Group Policy. There are 15 chapters with hands-on exercises to focus on the workflow and specific features. The final chapter pulls all the topics together to walk through the workflow to create a weather station device that sends data to Azure IoT Central.
		Book Details Printed Edition Publisher: Annabooks (June 2026) Language: English ISBN-13: 979-8-9854172-6-5
		Software and Hardware Requirements Development system with Windows® 11 Windows ADK for Windows Windows 11 and WinPE Add-on	Downloads: Book Files - Zip file contains files for use with exercises.

		Table of Contents:
		1 START HERE 1.1 WINDOWS 11: HERE WE ARE AGAIN! 1.2 INTEL ARCHITECTURE ONLY, NO ARM 1.3 WINDOWS XP EMBEDDED AND WINDOWS EMBEDDED STANDARD 7 1.4 WHAT IS NOT WORKING, STILL NOT WORKING, NEW PROBLEMS, AND A REQUEST 1.5 ABOUT THE BOOK: WINDOWS IS NOT THE CRITICAL PATH 1.6 DEVELOPMENT MACHINE AND SOFTWARE REQUIREMENTS 1.7 TARGET HARDWARE REQUIREMENTS: CHOOSE THE CORRECT TARGET HARDWARE THAT ADDRESSES PERFORMANCE AND SECURITY 1.8 THE LICENSE AND ACTIVATION STORY 1.8.1 Getting Signed Up with the Customer License Agreement(CLA) 1.8.2 Runtime key and Activation 1.9 THREE THINGS TO KEEP IN MIND – DON’T SAY I DIDN’T WARN YOU 1.9.1 Application Development – Go with .NET 10 or higher, UWP IS DEAD! 1.9.2 Windows is not for Everyone – Linux versus Windows 1.9.3 Microsoft’s Manufacturing Guide versus the My Recommended Workflow 11 1.10 OTHER RESOURCES 1.11 SUMMARY: STAY ON THE RIGHT PATH 2 PRODUCT SPECIFICATION 2.1 PROJECT INQUIRY DRIVES THE SYSTEM ARCHITECTURE 2.2 DERIVING A SPECIFICATION 2.3 SUMMARY: PLAN AHEAD 3 TOOLS AND SYSTEM SETUP 3.1 EXERCISE 301: INSTALLATION OF THE ADK WITH SIM OPTION 3.2 EXERCISE 302: CREATE THE DEVELOPMENT FOLDER AND SUBFOLDERS 3.3 EXERCISE 303: CREATE CATALOG 3.4 EXERCISE 304: DOWNLOAD BOOK FILE RESOURCES 3.5 SUMMARY: READY TO GO 4 WINDOWS IOT DEVELOPMENT WORKFLOW 4.1 DEVELOPMENT WORKFLOW AND ITERATION 4.2 THE BASICS PART 1: GATHER ITEMS FROM TARGET INSTALLATION 4.3 EXERCISE 401: CAPTURE THE DEVICE DRIVERS 4.4 WINDOWS SYSTEM IMAGE MANAGER (SIM) INTERFACE OVERVIEW 4.5 INSTALLATION PASSES AND THE ANSWER FILE 4.6 COMPONENTS AND THE PASSES: PRESET INSTALLATION ANSWERS 4.7 THE DISTRIBUTION SHARE 4.7.1 $OEM$ Folders 4.7.2 Out-of-box Drivers 4.7.3 Packages 4.8 THE BASICS PART 2: CREATE DISTRIBUTION SHARE AND ANSWER FILE 4.9 EXERCISE 402: CREATE AND SET UP THE DISTRIBUTION SHARE 4.10 EXERCISE 403: CREATE A NEW ANSWER FILE 4.11 LOOK INSIDE THE ANSWER FILE 4.12 EX403.XML FILE REUSE AND FUTURE EXERCISES 4.13 THE BASICS PART 3: PASS 7 SYNCHRONOUS COMMANDS 4.13.1 Other Pass 7 Synchronous Commands Scripts for Either Answer File 4.13.2 Utilities from Annabooks 4.14 THE LIMITS OF SIM 4.15 THE BASICS PART 4: TEST THE BASICS 4.16 EXERCISE 404: CREATE THE BOOTABLE USB FLASH DISK USING RUFUS 4.17 EXERCISE 405: BUILD THE CONFIGURATION SET, ADDRESS OUT-OF-BOX DRIVER ISSUE, AND INSTALL THE IMAGE 4.18 ERROR DURING INSTALLATION 4.19 HYPER-V 4.20 MULTIPLE PROJECTS 4.21 SYSPREP PHASE – YOU MUST SYSPREP FOR MANUFACTURING!!!!!! 4.21.1 Sysprep Command 4.21.2 Audit Mode for Baseline Images 4.21.3 Yes, You Must Sysprep 4.22 EXERCISE 406: CREATE A SYSPREP UNATTENDED ANSWER FILE AND RUN SYSPREP 4.23 EXERCISE 407: CAPTURE, APPLY, AND FFU 4.24 CUSTOMIZATION PHASE 4.25 LOCKDOWN PHASE: ARCHITECT THE OS 4.26 MASTER IMAGE PHASE: Q/A AND ACTIVATION CONSIDERATIONS 4.27 EXERCISE 408: VOLUME ACTIVATION MANAGEMENT TOOL (VAMT) 4.28 SUMMARY: FOLLOW THE FLOW 5 UPDATED INSTALL.WIM PHASE 5.1 EXERCISE 501: UPDATING THE INSTALL.WIM 5.2 WUSA.EXE ALTERNATIVES TO MSU INJECTED INTO INSTALL.WIM 5.3 SSU FOR WINDOWS 10 5.4 EXERCISE 502: ADDING FEATURES-ON-DEMAND (FOD) 5.5 WARNING: PRODUCT LIFE CYCLE 5.6 EX503: GENERATE A NEW CATALOG FILE 5.7 WINDOWS INSTALLATION DISK SPACE REQUIREMENTS 5.8 SUMMARY: SPEEDING UP THE ITERATION PROCESS. 6 LANGUAGE PACKAGE INTEGRATION 6.1 HISTORY: THE BIG PROJECT GOING FROM WINDOWS XP TO WINDOWS 7 AND NOW WINDOWS 10 AND 11 6.2 ISO 639 STANDARD, LIP VERSUS LXP, AND THE IMPORTANT DVD ISOS 6.3 DISM AND POWERSHELL CMDLETS 6.4 RESEARCH RESULT 1: BASIC ANSWER FILE AND INSTALLATION MEDIA 6.5 RESEARCH RESULT 2: INJECTING INTO THE INSTALL.WIM – THINK LONG TERM! 6.6 RESEARCH RESULT 3: LANGUAGE PACK CAB FILE INSTALL VERSUS LP DOWNLOAD 6.7 RESEARCH RESULT 4: MULTIPLE USER ACCOUNTS 6.8 EXERCISE 601: UPDATING THE INSTALL.WIM WITH LANGUAGE PACKAGES. 6.9 SUMMARY: GOING GLOBAL 7 SYSTEM PERFORMANCE 7.1 CHOICE OF BOOT MEDIA: EMMC VERSUS M.2 7.2 UNIFIED WRITE FILTER EFFECTS ON SYSTEM PERFORMANCE 7.3 CHOICE OF APPLICATION TYPE 7.4 OPTIMIZE .NET APPS WITH NGEN.EXE AND CROSSGEN.EXE 7.5 EXERCISE 701: CREATE A CUSTOM POWER PLAN 7.6 PERFORMANCE OPTIONS AND REGISTRY KEYS 7.7 WINDOWS SERVICES 7.8 SCHEDULED TASKS 7.9 SUMMARY: MAKE THE SYSTEM AN APPLIANCE AND TWEAK PERFORMANCE 8 REAL-TIME SUPPORT 8.1 WHAT IS REAL-TIME? 8.1.1 Hard Real-Time, Soft Real-Time, and Determinism 8.2 SPLIT SYSTEM 8.3 INTERNAL WINDOWS SOFT REAL-TIME SUPPORT- NEW 8.4 TENASYS® INTIME® FOR WINDOWS® 8.5 SUMMARY: REAL-TIME APPLICATIONS ARE POSSIBLE 9 FOOTPRINT REDUCTION 9.1 THE VALUE OF COMPONENTIZATION 9.2 IMAGE SIZE COMPARISON 9.3 THE COMPLEXITY OF COMPONENTIZATION 9.4 HOW DID WE GET HERE? 9.5 REDUCTION POWERSHELL SCRIPT FOR CORE OS 9.6 MANAGING FEATURES-ON DEMAND PACKAGES 9.7 OTHER DISK IMAGE SIZE TRICKS 9.7.1 Disable Features 9.7.2 Turn off Hibernation and Disable Virtual Memory 9.7.3 Remove a copy of the Windows Custom Installer 9.7.4 Compact OS 9.7.5 Clean up Windows Update 9.7.6 Remove WinRE Partition 9.7.7 Removing Edge 9.8 EXERCISE 901: MINIMIZING THE WINDOWS 11 IOT ENTERPRISE LTSC 2024 FOOTPRINT 9.9 WINDOWS STORE: ADDING APPS INTO THE IMAGE 9.10 SIZE MATTERS	10 LOCKDOWN PART 1: USER EXPERIENCE 10.1 DEVICE LOCKDOWN FEATURES 10.2 BOOTUP SCREENS 10.2.1 BIOS Splash Screen 10.2.2 Microsoft-Windows-Embedded-BootExp Component 10.3 LOGON SCREEN 10.3.1 Microsoft-Windows-Embedded-EmbeddedLogon Component 10.3.2 Custom Logon / Lock Screen Background Image 10.3.3 Autologon 10.4 SHELL LAUNCHING – FINAL APPLICATION TO RUN ON STARTUP 10.4.1 Some Background on Launching the Shell 10.4.2 Shell Launcher V1 and a new issue for Windows 11 10.4.3 Shell Launcher V2 10.5 EXERCISE 1001 – SHELL LAUNCHER V1 10.6 EXERCISE 1002 – SHELL LAUNCHER V2 10.7 SHELL LAUNCHER V1 AND V2 COMPARISON 10.8 ARCHITECTURAL CONSIDERATIONS FOR CUSTOM SHELL 10.8.1 Architectural Questions 10.8.2 When Explorer is not the Shell 10.8.3 Update Considerations – Shell to Launch as the Main Application 10.8.4 SJJ Shell 10.8.5 32-Bit versus 64-Bit Applications as the Shell 10.9 SCREEN RESOLUTION, DPI, MULTI-MONITOR, AND SCREEN ROTATION – MORE UTILITIES FROM ANNABOOKS 10.9.1 Dsiplaymgr.exe 10.9.2 MultiDisplaymgr.exe 10.9.3 AudioVolMgr.exe 10.10 MANUFACTURING – WHEN TO ENABLE SHELL LAUNCHER IN THE IMAGE 10.11 SUMMARY: FIRST IMPRESSIONS 11 LOCKDOWN PART 2: UNIFIED WRITE FILTER AND KEYBOARD FILTER 11.1 UNIFIED WRITE FILTER (UWF) 11.1.1 UWF Architecture 11.1.2 Application File I/O Interaction with UWF 11.1.3 Registry Filtering 11.1.4 Hibernate Once, Resume Many (HORM) – Not Worth It 11.1.5 Enable UWF in SIM and UWF Settings 11.1.6 Managing UWF – UWFMGR and WMI 11.1.7 Common Write-through Section 11.1.8 UWF Servicing 11.2 MITIGATING SUDDEN POWER-OFF ISSUES 11.3 KEYBOARD FILTER 11.3.1 Keyboard Filter Component and Settings 11.3.2 Keyboard Filter Service, Keyboard Filter WMI API, and Utilities 11.4 EDGE GESTURES DISABLE 11.5 TOAST MESSAGE DISABLE 11.6 EXERCISE 1101: UNIFIED WRITE FILTER AND KEYBOARD FILTER 11.6.1 Part 1: Create the Answer File and Build the Configuration Set 11.6.2 Part 2: Testing UWF Registry Filtering 11.6.3 Part 3 Testing UWF File/Folder Filtering 11.6.4 Part 4 Testing the Keyboard Filter 11.7 ARCHITECTURE: WHEN TO ENABLE THESE FEATURES 11.8 SUMMARY: DRIVE C AND KEYBOARD HOT KEYS 12 LOCKDOWN PART 3: SECURITY 12.1 WINDOWS SECURITY EVOLUTION 12.2 HARDWARE AND FIRMWARE 12.3 WINDOWS FIREWALL SETTINGS AND POLICY FILE 12.4 ANTIVIRUS SOFTWARE 12.5 CUSTOM SECURITY TEMPLATE 12.6 CUSTOM GROUP POLICIES 12.7 BASELINE SECURITY AND SECURITY COMPLIANCE TOOLKIT 12.8 EXERCISE 1201 – CREATING AND IMPLEMENTING CUSTOM SECURITY SOLUTIONS 12.8.1 Part 1: Creating a Custom Security Template 12.8.2 Part 2: Group Policy Settings 12.8.3 Part 3: Create Answer File and Deploy and Test the Security Policy and Group Policy Setup 12.9 DRIVER BLOCKING: GROUP POLICY: DEVICE INSTALLATION RESTRICTIONS (DIR) 12.9.1 Top Level Policies 12.9.2 Control by Device ID 12.9.3 Control by Device Class 12.9.4 Other Policy Settings 12.9.5 Scenarios and Setup 12.10 TPM CHIP 12.11 BITLOCKER 12.12 SECUREBOOT, UEFI, SECURELAUNCH 12.13 VIRTUAL-BASED SECURITY (VBS) 12.14 CONFIGURING SECURELAUNCH AND VBS 12.14.1 Enable with Group Policy 12.14.2 Enable with Registry Keys 12.15 EXERCISE 1202 – VBS 12.16 COMPLETE WINDOWS BOOT PROCESS 12.17 APPLICATION CONTROL 12.17.1 AC Policy File 12.17.2 Double Checking and Troubleshooting 12.17.3 Warning! PowerShell Language Modes, UWP, and Shell Launcher V2 Bridge Script Issues 12.18 EXERCISE 1203: APPLICATION CONTROL POLICY CREATION AND TEST 12.19 BIOSECURITY ACCESS 12.20 SECURITY FROM THE CLOUD FOR THE END CUSTOMER 12.21 SUMMARY: HOW MUCH DO YOU LOCK DOWN? 13 MANUFACTURING AND SYSTEM SERVICING 13.1 MANUFACTURING AND SERVICING: ARCHITECTURE, ARCHITECTURE, … ARCHITECTURE! 13.2 MANUFACTURING OPTIONS AND THOUGHTS 13.3 UPDATE OPTIONS AND RE-ACTIVATION 13.4 UWF SERVICING MODE 13.5 DISABLE WINDOWS UPDATE: CONTROL THY SYSTEM 13.6 WINDOWS UPDATE STANDALONE INSTALL - WUSA.EXE UTILITY 13.7 DEPLOYMENT IMAGE SERVICING AND MANAGEMENT – DISM.EXE UTILITY 13.7.1 Capture / Apply FFU 13.7.2 Capture / Apply WIM 13.8 CUSTOM WINPE FOR MANUFACTURING AND FIELD SUPPORT 13.8.1 WinPE Optional Components 13.8.2 Dual boot with Windows and WinPE for Factory Restore 13.8.3 Custom WinPE Shell 13.9 EXERCISE 1301: CUSTOM WINPE 13.9.1 Creating the custom WinPE Image 13.9.2 USB Install 13.9.3 ISO Install 13.9.4 Run on the Target System 13.10 SUMMARY: DON’T FORGET ABOUT MANUFACTURING AND SERVICING 14 PUTTING IT ALL TOGETHER WITH THE PROJECT TEMPLATE 14.1 CREATE AZURE IOT CENTRAL APPLICATION 14.1.1 Creating a new Azure IoT Central Application 14.1.2 Adding Capabilities and Creating the View 14.1.3 Gathering the Connection Information 14.1.4 Install Azure CLI and Create a Device Key 14.2 ADD CONNECTION INFORMATION WEATHERSTATIONSIM APPLICATION IN VISUAL STUDIO PROJECT 14.2.1 Test the Application 14.3 WINDOWS 11 IOT ENTERPRISE NEW PROJECT TEMPLATE AND THE WORKFLOW 14.3.1 Project Specification 14.3.2 Setting up the New Project 14.3.3 Gathering the Basics and Custom Install.wim 14.3.4 Updating the Sysprep unattended file 14.3.5 Customization 14.3.6 Lockdown Implementation 14.3.7 Build and Deploy 14.3.8 Clean Up the Image and Run Application Control PowerShell Script and 14.3.9 Run Sysprep and Power Up to Test 14.4 DELETE THE WEATHER APPLICATION IN AZURE IOT CENTRAL 14.5 SUMMARY 15 FINAL PERSPECTIVE 15.1 PULLED INTO THE EMBEDDED MARKET BY SOFT MARKETING 15.2 WINDOWS CE GOING DEEPER INTO THE EMBEDDED MARKET 15.3 WINDOWS NT EMBEDDED TO WINDOWS 11 IOT ENTERPRISE 15.4 TECHNICAL ADVANCEMENTS MADE WINDOWS CE OBSOLETE 15.4.1 Rise of Windows NT 15.4.2 Billions of Devices Connected to the Internet and What Was Lost 15.4.3 Windows CE Fallout: Products that have Come and Gone 15.5 CURRENT PRODUCT LINE UP 15.5.1 Windows 11 Issues and Leadership Focus 15.6 WHAT I WOULD LIKE TO SEE CHANGE 15.6.1 Fix Windows Install for the Out-of-Box Drivers path in the AutoUnattend.xml file 15.6.2 Disconnect from IoT and Bring Back Embedded 15.6.3 Componentize Windows! 15.6.4 Better idea than Activation 15.6.5 Replace Windows CE with Azure IoT C SDK – Silicon to Cloud 15.7 THE FUTURE IS IN MOTION






		Please review our refund policy before buying.