Dell Latitude 5280 Microsoft Windows 10 IoT Enterprise for Wyse Thin Clients A - Page 18

Configuring component services, Viewing the events, Managing the services, Using TPM and BitLocker

Get Dell Latitude 5280 PDF manuals and user guides View all Dell Latitude 5280 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 18 highlights

Configuring component services To access and configure the component services, event viewer, and local services use the Component Services console. For more information, see Administrative Tools in Windows 10 at support.microsoft.com. Viewing the events To view monitoring and troubleshooting messages from Windows and other programs, use the Event Viewer window. In the Component Services console, click the Event Viewer icon from the Console Root tree. The summary of all the logs of the events that have occurred on your computer is displayed. For more information, see Event Viewerat support.microsoft.com. Managing the services To view and manage the services installed on the thin client device, use the Services window. To open the Services window, go to Start > Control Panel > Administrative Tool Services. 1 In the Component Services console, click the Services icon from the console tree. The list of services is displayed. 2 Right-click the service of your choice. You can perform Start, Stop, Pause, Resume, and Restart operations. You can select the Startup type from the drop-down list: • Automatic (Delayed Start) • Automatic • Manual • Disabled For more information, see Component Services Administration at support.microsoft.com. NOTE: Ensure that the Write Filter is disabled while managing the services. Using TPM and BitLocker Trusted Platform Module (TPM)-A TPM is a microchip that provides basic security-related functions, that primarily involve encryption keys. BitLocker Drive Encryption (BDE)-A BDE is a full disk encryption feature that protects data by providing encryption for entire volumes. By default, it uses the AES encryption algorithm in Cipher Block Chaining (CBC) mode with a 128-bit key. This algorithm is combined with the Elephant diffuser for extra disk encryption-specific security. Windows 10 IoT Enterprise does not support sysprep on a BitLocker encrypted device. Due to this limitation, you cannot encrypt the device, perform a sysprep, and pull the image. To overcome this issue, you must add or modify the TPM script. The device must not be encrypted before sysprep (pull). The device encryption is handled by the post push script that uses the TPM_enable.ps1 script that is at C:\Windows\setup\tools\. The post push script must be included before enabling the UWF and after sysprep scripts. The PIN used to encrypt the client must be passed to the script as an argument. Encrypt the flash memory using TPM and BitLocker Prerequisites If the flash memory is encrypted previously, then do the following to clear the TPM: 18 Administrative features

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
Configuring
component services
To access and
configure
the component services, event viewer, and local services use the
Component Services
console.
For more information, see
Administrative Tools in Windows 10
at
support.microsoft.com
.
Viewing the events
To view monitoring and troubleshooting messages from Windows and other programs, use the Event Viewer window.
In the Component Services console, click the
Event Viewer
icon from the
Console Root
tree. The summary of all the logs of the events
that have occurred on your computer is displayed. For more information, see
Event Viewer
at
support.microsoft.com
.
Managing the services
To view and manage the services installed on the thin client device, use the
Services
window. To open the
Services
window, go to
Start
>
Control Panel
>
Administrative Tool Services
.
1
In the
Component Services
console, click the
Services
icon from the console tree.
The list of services is displayed.
2
Right-click the service of your choice. You can perform Start, Stop, Pause, Resume, and Restart operations.
You can select the Startup type from the drop-down list:
Automatic (Delayed Start)
Automatic
Manual
Disabled
For more information, see
Component Services Administration
at
support.microsoft.com
.
NOTE:
Ensure that the Write Filter is disabled while managing the services.
Using TPM and BitLocker
Trusted Platform Module (TPM)—A TPM is a microchip that provides basic security-related functions, that primarily involve encryption
keys.
BitLocker Drive Encryption (BDE)—A BDE is a full disk encryption feature that protects data by providing encryption for entire volumes. By
default, it uses the AES encryption algorithm in Cipher Block Chaining (CBC) mode with a 128-bit key. This algorithm is combined with the
Elephant
diffuser
for extra disk
encryption-specific
security.
Windows 10 IoT Enterprise does not support sysprep on a BitLocker encrypted device. Due to this limitation, you cannot encrypt the
device, perform a sysprep, and pull the image. To overcome this issue, you must add or modify the TPM script. The device must not be
encrypted before sysprep (pull). The device encryption is handled by the post push script that uses the
TPM_enable.ps1
script that is
at
C:\Windows\setup\tools\
. The post push script must be included before enabling the UWF and after sysprep scripts. The PIN used to
encrypt the client must be passed to the script as an argument.
Encrypt the
flash
memory using TPM and BitLocker
Prerequisites
If the
flash
memory is encrypted previously, then do the following to clear the TPM:
18
Administrative features