Windows 8.1
deployment planning
A guide for education
January 2014
Table of
contents
2 Windows 8.1 in education
2 ITbenets
2 Facultybenets
3 Studentbenets
4 Windows 8.1 purchase and licensing
6 Volume Activation
10 Network infrastructure
10 Internetingressandegress
11 Networkbandwidth
12 Wirelessnetworking
15 Accessibility
16 Printers
18 Security and privacy
21 Internetaccess
21 Applicationaccess
21 Deviceaccess
22 Remoteconnectivity
24 DirectAccess
25 Virtualprivatenetwork
26 Windows Store apps
27 User accounts
29 Deployment
31 Institution-owneddevices
32 Personallyowneddevices
33 VirtualDesktopInfrastructure

34 WindowsToGo
36 Device roaming and multiple devices
39 WindowsWorkFoldersandWorkplaceJoin
40 WindowsFolderRedirection
41 WindowsOfineFiles
41 WindowsRoamingUserProles
42 Defaultuserproles
42 UserExperienceVirtualization
43 MicrosoftApplicationVirtualization
44 Conguration and management
46 GroupPolicy
47 WindowsPowerShell
47 CongurationManager
47 WindowsIntune
1WINDOWS 8.1 DEPLOYMENT PLANNING
Windows 8.1
deployment planning
A guide for education
This guide is designed for IT pros, school administrators,
and other faculty members who are responsible for the
deployment of devices running Windows 8.1 in educational
institutions. This guide covers the key considerations and
questions that should be answered as a part of a typical
Windows 8.1 deployment.
SomeofthekeystosuccessinaWindows8.1(oranytechnology
deployment)thatwewillcoverineachsectionareasfollows:
• DevelopandcommunicateyourWindows8.1deploymentplan
beforeyoudeploydevices.
• Starttheplanningprocessandvalidateyourdesignasearly
inyourdeploymentprojectaspossible,becausebaddesign

decisionsbecomedifculttocorrectthelateryoudiscoverthem
intheprocess.
• Includerepresentativesfromcurriculumandtechnology
leadership(inadditiontothosewhoareresponsiblefor
performingtheactualdeployment)tohelpensurethatthenal
solutionmeetsorexceedscurriculumandlearningoutcome
requirements.
Eachsectioninthisguideliststhekeyplanningconsiderationsand
questionsforthetopicscoveredinthatsection.Eachsectionalso
includeslinkstoadditionalresourcestohelpintheWindows8.1
deploymentplanningprocessdiscussedinthatsection.
NOTE
Classroomcurriculum
designisoutsidethe
scopeofthisdocument.In
addition,althoughmostof
theplanningdecisionsin
thisguideareapplicable
toWindowsRT8.1,
WindowsRT,andWindows
8,thisguidefocuseson
Windows8.1deployment
only.
2WINDOWS 8.1 DEPLOYMENT PLANNING
Windows 8.1 in education
Windows8.1providesanincredibleopportunityforeducatorsandstudentstotakeadvantageof
thenewworldofdigitaleducationandexcitingnewdevices,leveragingtheworldwidestandard
Microsoftplatformandcloudservicestoensureseamlessmanageability,robustsecurity,backward
compatibility,andcosteffectiveness.RunningWindows8.1ondevicesdesignedforWindows8.1
canhelpyoumeetthechallengesandmaximizethebenetsofusingWindows8.1ineducation.

IT benets
ManyITorganizationswithineducationalinstitutionsalreadysupportaMicrosoftinfrastructure.
Inmanyinstances,theITstaffcanusethesametoolstheyarealreadyfamiliarwithtomanage
Windows8.1devices.Institutionscanalsooutsourcethisworktopartnerswhoareabletoleverage
thepartner’sWindows8.1managementexperienceandskillsets.
YoucanmanageWindows8.1devicesandappsautomaticallybyemployingon-premisesand
off-premisesmanagementsolutions.Thesesolutionsdramaticallyreducetheeffortrequiredfrom
ITprostokeepdevicescurrentwithsoftwareandsecurityupdatesandtoperformcommonIT
administrativetasks.Inmanyinstances,educationalinstitutionscancreateself-serviceportalsthat
allowuserstosolvemanycommonproblemsthemselves(suchasresettingapassword,deploying
anapp,orinstallingsoftwareupdates).ThismeansthatITproscanspendfewerhoursmanaging
hardware,software,andservicestoprovidehigher-qualityserviceswiththesameorlesslevelof
effort.
Faculty benets
Windows8.1hasalargeecosystemofprovidersandservices,providingeducatorstheexibilityto
choosethedevicesandservicestheyprefer–sotheycanteachthewaytheywant.Windows8also
helpsteachersmanagetheclassroombylimitingavailabilityofdistractingapplications(suchas
instantmessagingorsocialnetworking)duringclassandviewingandsharingstudentscreensto
improveclassroomparticipation.
MostinstructorsandfacultymembersarefamiliarwiththeWindowsoperatingsystemandusually
haveanexistingdevicerunningWindowsintheclassroomorathome.Facultymembershave
avastlibraryofexistingWindowssoftwareandperipheralstoincorporateintotheirlearning
curriculum.DevicesrunningWindows8.1supportWindowsStoreappsanddesktopapplications,
whichallowseducatorstohavetheultimateinexibilityanddiversitywhenselectingtechnology
resourcesfortheclassroom.IfapplicationsandperipheralsworkedinWindows8andWindows7,
theywilloftenworkjustaswellinWindows8.1,decreasingbothcostanddeploymenttime.
3WINDOWS 8.1 DEPLOYMENT PLANNING
Thismeansthatinstructorsandfacultymemberswillbeabletorealizethebenetofusing
Windows8intheclassroommorequicklythanotheroperatingsystems.
Student benets

Learningisaboutconsuming,collaboration,andcreation.MostWindowsdeviceshavea
multitouchuserinterfacethatprovidesanimmersiveuserexperienceforconsumingand
collaborating,buttheyalsocomewithafull-functioningkeyboardthatisessentialforcontent
creation.Nowthereistheadditionofauidandimmersiveuserexperiencethatenablestablets
andtouchscreensaswell.Withthehugeinterestintabletsforthestudentmarket,Windows8.1is
abletoprovideaconsistentuserexperienceacrossformfactors.Inaddition,studentshaveaccess
tothevastlibraryofexistingsoftwarecreatedforWindows—includingWindowsStoreappsand
Windowsdesktopapplications—andmostapplicationsthatrunontheWindows8,Windows7,or
WindowsXPoperatingsystemwillalsorunonWindows8.1.
MoststudentsalreadyknowhowtousedevicesrunningaWindowsoperatingsystem.They
typicallyhaveaccesstodevicesrunningWindowsathome,aswell,whichallowsstudentsto
continuetheireducationathomewithoutadditionalcostonthepartoftheeducationalinstitution
orthestudent’sfamily.
4WINDOWS 8.1 DEPLOYMENT PLANNING
Windows 8.1 purchase
and licensing
NotethefollowingkeyWindows8.1purchaseandlicensingplanning
considerations:
• Howmanyusersdoyouneedtoenable?
• HowmanynewdeviceswillyoubuywithWindows8.1
preinstalled?
• HowwillyouupgradeexistingWindows8devicesto
Windows8.1?
• HowmanyWindows8.1licensesdoyouneedtopurchaseto
upgradeexistingdevices(notethatsomeproductswillrequire
licenseupgrades,suchasWindows8.1Enterpriseedition)?
• HowdoesyourinstitutionhandleWindow8.1licensingfor
personallyowneddevices?
• HowcanfacultyandstudentspurchaseWindows8.1licensesat
educationalprices?

• Whateducationalpricingandlicensingprogramsareavailable
foreducationalinstitutions?
Eachphysicaldeviceorvirtualmachine(VM)runningWindows8.1
musthaveavalidlicense.Mostdevicehardwarevendorsprovide
aWindows8.1licenseforeachdevicetheinstitutionpurchases.
However,youmustobtainWindows8.1licensesforanyexisting
devicesrunningpreviousversionsofWindowsthatwillbeupgraded
toWindows8.1(suchasdevicesrunningWindows7).
ThelistbelowprovidestheWindows8.1licensingconsiderationsfor
devicesbasedontheirownership:
• Institution owned Educationalinstitutionscanacquire
licensesforWindows8(andotherMicrosoftproducts)
throughtheMicrosoftEnrollmentforEducationSolutions
(EES)program.TheMicrosoftEESprogramisaneasy,cost-
NOTE
ExistingWindows8
licensescanbeupgraded
toWindows8.1licenses
withoutadditional
licensingfeesforthesame
editionofWindows8.1.For
example,aWindows8Pro
licensecanbeupgradedto
Windows8.1Prowithout
additionallicensingfees.
However,upgradinga
Windows8licenseto
Windows8.1Prowould
requiretheWindows8Pro
licensepriortoupgrading.

NOTE
Microsoftworkswith
organizationsinthepublic
sectorthroughtheShape
theFutureprogram.For
moreinformationabout
theShapetheFuture
program,seehttp://
www.microsoft.com/
shapethefuture.
5WINDOWS 8.1 DEPLOYMENT PLANNING
effectiveofferthatprovidesqualiedacademiccustomers
asimpliedwaytoacquireMicrosoftsoftwareandservices
underasinglesubscriptionagreement.Formoreinformation,
see“ProgramsforEducationalInstitutions”athttp://www.
microsoft.com/education/en-us/buy/licensing/Pages/
enrollmentforeducationsolutions.aspx.
• Personally owned Facultyandstudentsareresponsiblefor
havingtheappropriateWindows8licensesfortheirdevices.
InadditiontopotentiallybeingabletopurchaseMicrosoft
softwarethroughtheeducationalinstitution,facultyand
studentscanindividuallypurchaseMicrosoftproductsat
educationaldiscountsthroughresellerssuchas:
• JourneyEdat />Microsoft/284074
• OnTheHubat
UsethisinformationtodeterminethenumberofWindows8.1
licensesyoumustobtainforyoureducationalinstitution.Also,
usetheinformationtodetermineinstitution-sponsoredMicrosoft
educationalbenetprogramsforfacultyandstudents.
INFO

Formoreinformation,see
“MicrosoftinEducation”
atrosoft.
com/education/
en-us/buy/Pages/
academicsavings.aspx.
6WINDOWS 8.1 DEPLOYMENT PLANNING
Volume Activation
NotethefollowingkeyMicrosoftVolumeActivationplanningconsiderations:
• WhichlicensingmodelsareavailableforWindows8.1andMicrosoftOfceProfessional
Plus2013?
• Whattechnologiesareavailabletoactivatevolumelicenses?
• Whattypeofconnectivityisavailablefordevicestoperformactivation?
ThefollowinglistshowstheVolumeActivationtechnologiesandprovidesabriefdescriptionof
each:
• Active Directory-Based Activation (ADBA) ADBAisaroleservicethatallowsyoutouse
ActiveDirectoryDomainServices(ADDS)tostoreactivationobjects,whichcanfurther
simplifythetaskofmaintainingVolumeActivationservicesforanetwork.WithADBA,no
additionalhostserverisneeded,andactivationrequestsareprocessedduringcomputer
startup.ADBAworksonlyfordevicesrunningWindows8thataredomainjoined.
• Key Management Service (KMS) KMSisaroleservicethatallowsorganizationstoactivate
systemswithintheirnetworkfromaserveronwhichaKMShosthasbeeninstalled.WithKMS,
ITproscancompleteactivationsontheirlocalnetwork,eliminatingtheneedforindividual
computerstoconnecttoMicrosoftforproductactivation.KMSdoesnotrequireadedicated
system,anditcanbecohostedonasystemthatprovidesotherservices.Bydefault,volume
editionsofWindows8connecttoasystemthathoststheKMSservicetorequestactivation.
Noactionisrequiredfromtheuser.
• Multiple Activation Key (MAK) AMAKisavolumelicensekeythatisusedforone-time
activationwithactivationservicesthatMicrosofthosts.YoucanactivateMAKsoverthe
Internetorbytelephone.

Table1onpage7liststheVolumeActivationtechnologiesandtheinformationnecessaryfor
selectingtheappropriatetechnologiesforyourinstitution.Youcanselectanycombinationof
thesetechnologiestodesignacompleteVolumeActivationsolution.
7WINDOWS 8.1 DEPLOYMENT PLANNING
ADBA KMS MAK
Device must be domain
joined
Yes No No
Devices must connect to
the network at least once
every 180 days
Yes Yes No
Supports Volume
Activation of Windows 8.1
and Windows 8
Yes Yes Yes
Supports Volume
Activation of Windows 7
No Yes Yes
Supports Volume
Activation of Microsoft
Ofce
Yes
(Ofce2013
only,not
Microsoft
Ofce365
orprevious
versionsof
Ofce)

Yes Yes
Can use Volume
Activation services in
Windows Server 2012 R2
and Windows Server 2012
Yes Yes N/A
Can use Volume
Activation services in
operating systems prior
to Windows Server
2012 R2 and Windows
Server 2012
Yes,but
requiresthat
theActive
Directory
schemabe
updatedto
Windows
Server 2012
orWindows
Server 2012
R2
Yes N/A
Microsoft Volume
Licensing information is
stored in AD DS
Yes No No
Can be activated with
Internet access only

No No Yes
Can be activated by
telephone
No No Yes
TABLE 1 Volume
ActivationTechnology
Selection
8WINDOWS 8.1 DEPLOYMENT PLANNING
ADBA KMS MAK
Required infrastructure AD DS
KMSserver,
however
having
AD DS
makesKMS
management
easier
Internet
accessor
telephone
9WINDOWS 8.1 DEPLOYMENT PLANNING
Additionalinformation:
• “PlanforVolumeActivation”at />• “VolumeLicensing”at />• “IntroductiontoVAMT”at />• Volume Licensing Guide for Windows 8.1 and Windows RT 8.1atrosoft.
com/download/9/4/3/9439A928-A0D1-44C2-A099-26A59AE0543B/Windows_8-1_
Licensing_Guide.pdf
• “MicrosoftLicensingfortheConsumerizationofIT”at />about-licensing/briefs/consumerization-it.aspx
• “MicrosoftLicensingfortheConsumerizationofIT-AcademicLicensingScenarios”athttp://
www.microsoft.com/licensing/about-licensing/briefs/consumerization-it-academic.aspx
• “LicensingWindowsdesktopoperatingsystemforusewithvirtualmachines”athttp://www.
microsoft.com/en-in/licensing/about-licensing/briefs/win8-virtual.aspx

• “VolumeactivationofOfce2013”at />aspx
10WINDOWS 8.1 DEPLOYMENT PLANNING
Network infrastructure
BecauseWindows8.1devicesarenotjustcloud-connecteddevices(theyworkofinetoo),your
existingnetworkinfrastructurewilloftenbeadequatetosupportWindows8.1.Aspartofthe
planningprocess,determineanynetworkinfrastructureremediationthatyoumustperformprior
todeployingWindows8devices.
Internet ingress and egress
NotethefollowingkeyInternetingressandegressplanningconsiderations:
• WhatTCPandUserDatagramProtocol(UDP)trafcmustbeallowedtoandfromthe
Internet?
• Whichwebsitesmustbeaddedtotheapprovedsiteslistforedge-of-networkappliances?
• WhataretherequirementsforbeingcompliantwiththeChildren’sInternetProtectionAct
(CIPA)?
• Whichrewallsshouldyouuse(rewallappliancesandWindowsrewall)?
OneofthekeyfeaturesinWindows8.1istheintegrationwithInternet-basedcontentandservices,
especiallytheWindowsStore.YoumustplananynecessarychangestoyourInternetingressand
egresstoprovideaccesstosuchcontentandservices,asdescribedinthefollowinglist:
• TCP and UDP trafc PlantheTCPandUDPtrafcthatmustbeallowedtoandfromthe
Internet.Specically,allowthetrafcrequiredforanynewWindowsStoreappordesktop
applicationsthatwillbeaddedaspartoftheWindows8.1deploymentprocess.
• Approved website list Manyedge-of-networkappliances(suchasrewallsorwebproxies)
supportalistofapprovedwebsites.Inyourplan,specifythatthelistincludestheWindows
Storeandothersupportingsites.
• CIPA compliance YoureducationalinstitutionmayneedtocomplywithCIPA,which
imposescertainrequirementsonschoolsorlibrariesthatreceivediscountsforInternetaccess
orinternalconnectionsthroughtheE-rateprogram,whichmakescertaincommunications
servicesandproductsmoreaffordableforeligibleschoolsandlibraries.Formoreinformation
aboutCIPA,see“Children’sInternetProtectionAct”at />internet-protection-act.
11WINDOWS 8.1 DEPLOYMENT PLANNING

• Firewall usage YoucanuserewallappliancesandWindowsFirewalltoprotectdevicesand
providesecuritydefenseindepth.Ifyouuseboth,ensurethatyouprovidetheappropriate
accesstotheWindowsStoreandotherInternet-basedcontentandservicesbyconguring
bothrewalls.YoucanspecifythattheWindowsFirewallbeconguredbyusingGroupPolicy
rewallsettings.FormoreinformationonusingGroupPolicytocongureWindowsFirewall,
seetheMicrosoftTechNetarticle,“CongureFirewallPortRequirementsforGroupPolicy,”at
/>Network bandwidth
Notethefollowingkeynetworkbandwidthplanningconsiderations:
• CantheLANandWi-Finetworksupportahighdensityofdevices?
• Doesthenecessaryavailablenetworkbandwidthexistforconnectingtoon-premises
resources?
• DoesthenecessaryavailablenetworkbandwidthexistforInternetaccess?
TheuseoftechnologyinmostcurriculumplansrequiresaccesstolocalandInternet-based
resourcesandcontent(suchasdocumentstoragelibraries,multimediales,oronlinestudy
resources).Thefollowingisalistofplanningconsiderationsthatrelatetonetworkbandwidth:
• Support for a high density of devices Educationalenvironmentstendtohaveahigh
concentrationofdevicesinasmallgeographicarea.Facultyandstudentsrequirenetwork
accessfromclassrooms,labs,andcommonareas.Thesenumberscanrangefrom20–30
devicesinaclassroomtohundredsofdevicesinacommonarea(suchasalibraryorstudent
center).Typically,thisnumberimpliesthateachclassroommayrequireadedicatednetwork
connectiontotheon-premisesnetwork,andcommonareasmayrequiremultiplededicated
networkconnectiontotheon-premisesnetworktosupportthenumberofdevicesinagiven
geographicarea.
• On-premises available network bandwidth Alldevicestypicallyneedhigh-speed,
persistentconnectionstoon-premisescontentandresources(suchasprinters,leservices,
orintranet-basedsites).Ensurethattheon-premisesnetworkhassufcientbandwidthto
providereasonableresponsetimeswhenaccessingtheon-premisesresources.Also,include
Internettrafcwhenevaluatingyouron-premisesnetwork,becausedevicesconnecttothe
Internetthroughtheon-premisesnetwork.Youcanestimatethistrafcbyobservingthe
typicalintranettrafcadevicegenerates,thenmultiplyingthatbythenumberofdevices

withinagivengeographicarea.
12WINDOWS 8.1 DEPLOYMENT PLANNING
• Internet available network bandwidth AlldevicestypicallyneedaccesstoInternet-based
contentandresources(suchastheWindowsStoreandotherInternet-basedwebsites).Ensure
thattheInternetconnectionhassufcientbandwidthtoprovidereasonableresponsetimes
whenaccessingtheInternet.Youcanestimatethisresponsetimebyobservingthetypical
Internettrafcadevicegenerates,thenmultiplyingthatbythenumberofdeviceswithina
givengeographicarea.
Thephysicalnetworkdesignisspecictothetypeofdevicesandthevendorspecicationsfor
eachdevice.Contactthenetworkinfrastructurevendorsforplanningtoolsandresourcestohelp
indeterminingnetworkbandwidth.
Wireless networking
Notethefollowingkeywirelessnetworkplanningconsiderations:
• HowmanyWi-Fiwirelessdeviceswillbeusedwithineachclassroomandincommonareas
(devicedensity)?
• WhatWi-Fitechnologiesdoyouneedtosupport(suchasInstituteofElectricaland
ElectronicsEngineers[IEEE]802.11n,802.11g,or802.11b)?
• Willbroadband(cellular)deviceconnectivitybesupported?
Mostmoderndevicesuseawirelessconnectiontoaccessnetworks.Althoughwirelessconnection
reducestheclutterandproblemsassociatedwithwirednetworkconnections,itaddstothe
complexityofplanningandsupportingnetworks.
• Wi-Fi–supported standards MostdevicessupportavarietyoftheIEEE802.11XWi-
Fistandards,suchas802.11n,802.11g,or802.11b.Ensurethatthewirelessaccesspoints
(WAPs)supportthehighestspeedstandardthedevicesupports.Supporttheslowerspeed
standardstoprovidecompatibilitywitholderdevices.Forexample,mostnewdevicessupport
IEEE802.11n,butolderdevicesmayonlysupportIEEE802.11b.
• Network frequency IEEE802.11Xwirelessstandardsusethe2.4gigahertz(GHz)and5.0GHz
frequenciesforcommunicationbasedonthestandardused.MostmodernWAPssupport
bothfrequencies.Mostnewdevicessupport5.0GHzfrequencies,whileolderdevicesonly
supportthe2.4GHzfrequencies.EnsurethatyourWAPssupportthecorrectfrequenciesto

supporttheplanneddevicepopulation.
• Wireless device density Thisconsiderationissimilartotheplanningdecisionsforwired
networks.Fromthewirelessperspective,determinethenumberandplacementofWAPs.
Mostenterprise-classWAPscansupportupto50devices;however,wirelessnetwork
13WINDOWS 8.1 DEPLOYMENT PLANNING
performancewilldegradedramaticallyasthenumberofdevicesapproachesthemaximum
value.AWAPtypicallyhasasinglewirednetworkconnect,whichmeansthatalldevices
connectingthroughtheWAPsharethatsinglewirednetworkconnection.Forexample,ifyou
haveaWAPthatsupports30studentsandhasagigabitwirednetworkconnection,those30
studentssharethatsinglegigabitnetworkconnection.Inareaswithalargeconcentrationof
devices,multipleWAPsmayberequired.
• Wireless coverage Ensurethateachdevicehaswirelessconnectivitywithintheareaswhere
thedevicesareused(classroomsandcommonareas)byproperlyplacingWAPs.Placing
WAPstoofarfromeachotherresultsinareaswheredeviceswillnotbeabletoconnect.
PlacingtheWAPstooclosetoeachothercanincreaseyourcostbycreatingunnecessary
WAPs.EnsurethatthecoverageareasforWAPsoverlapslightly.WAPsthatoverlapeachother
shoulduseauniquechannel(frequency).
• Hidden service set identier (SSID) YoucancongureWAPsnottobroadcasttheirSSIDs,
alsoknownasahidden SSID.HiddenSSIDsaretypicallyusedasasecuritymeasure;however,
avoidtheuseofhiddenSSIDs,becauseitismoredifcultforadevicetojoinahiddenSSID,
andthereisminimalsecuritybenetinhidingSSIDsineducationalsolutions.Becauseusers
tendtoroam,hiddenSSIDscanleadtopooruserexperienceanddelaysinwirelessnetwork
associationtime.
• Broadband cellular support Manydevicesmayhavebroadbandcellularnetworkadapters
thatprovideInternetconnectivity.Broadbandcellularconnectivitycanreducethenetwork
congestiononyourwirelessWi-Finetworks.However,broadbandcellularconnectivityalso
requiresacontractwithacellularprovider.
• Rogue Wi-Fi hotspots ManyusersmaybringWi-Fi–enableddevicesthatcanactasWi-
Fihotspots(suchashotspotsprovidedbycellularprovidersorsmartphones).Ensurethat
youspecifyalistofpublishedSSIDsinyourdesignforthefacultyandstudents.Also,specify

policiesandproceduresthatdiscouragefacultyandstudentsfromstartinganunauthorized
Wi-Fihotspot.
YoucanspecifytheuseofGroupPolicytocongurethewirelessnetworkadaptersettingsfor
devices.Doingsoallowsyoutoprovideconsistentwirelesscongurationsettingsfordomain-
joineddevices.
14WINDOWS 8.1 DEPLOYMENT PLANNING
Additionalinformation:
• “Congure802.1XWirelessAccessClientsbyusingGroupPolicyManagement”athttp://
technet.microsoft.com/library/dd759173.aspx
• “IdentifyingtheAreasofCoverageforWirelessUsers”at />library/cc780260(v=ws.10).aspx
• “DeterminingHowManyWirelessAPstoDeploy”at />cc782947(v=ws.10).aspx
• “DeterminingWheretoPlaceWirelessAPs”at />cc739928(v=ws.10).aspx
• “SelectingChannelFrequenciesforWirelessAPs”at />cc783011(v=WS.10).aspx
15WINDOWS 8.1 DEPLOYMENT PLANNING
Accessibility
Notethefollowingplanningconsiderationsforuserswithspecialaccessibilityneeds:
• WhatEaseofAccessandPersonalizationoptionsdofacultyandstudentsrequire?
• Whatassistivetechnologiesdofacultyandstudentsrequire?
Windows8.1providesessentialaccessibilitytocomputersforthosewithsignicantvision,hearing,
dexterity,language,orlearningneeds.ThesefeaturesareavailableinWindows8.1,Windows8.1
Pro,Windows8.1Enterprise,andWindowsRT8.1.
NotethefollowingplanningconsiderationsforWindows8accessibility:
• Ease of Access and Personalization options TheseoptionsinWindows8.1makedevices
easiertosee,hear,anduse;theyincludescreenmagnication,speechrecognition,narration,
on-screenkeyboard,keyboardshortcuts,stickykeys,andvisualnotications.
• Assistive technologies Thebuilt-inassistivetechnologiesinWindows8.1workwithboth
WindowsStoreappsandWindowsdesktopsoftwaretoprovideseamlessaccesstotheentire
Windowsexperience.DevicesrunningWindows8.1alsoallowyoutouseassistivetechnology
softwarefromspecialtyassistivetechnologyvendors.
Additionalinformation:

• “AccessibilityinWindows8” at />• “AssistiveTechnologyProducts”at />• “Windows8.1VoluntaryProductAccessibilityTemplate(VPAT)”atrosoft.
com/download/B/1/B/B1BDCD6D-4EBC-4D92-9405-5E81AAE159D0/Remote_Server_
Administration_Tools_for_Windows_8_1_VPAT.docx
16WINDOWS 8.1 DEPLOYMENT PLANNING
Printers
Notethefollowingkeyprinterplanningconsiderations:
• WhichprinterdriversdoesWindows8.1support?
• WhatisneededtosupportWindowsStoreappsandAdvanced
PrintSettingsforWindowsStoreapps?
• Howwillusersconnecttoprinters?
• Whichwillrequiresecuredaccess?
Facultyandstudentsneedtoconnecttoprinterresources.You
needtoplanforuserconnectivitytoinstitution-ownedprinters.
Typically,theseprintersarenetwork-based(throughwirelessor
wirednetworks).However,insomeinstances,theseprintersmaybe
connectedtotheWindows8devicesbyUSBcables.
NotethefollowingplanningconsiderationsforWindows8printer
connectivity:
• Printer drivers Windows8.1supportsthev3printerdriver
model(usedinWindows7)andthev4printerdrivermodel
(usedinWindows8.1andWindows8).Printersthatare
connectedtoWindows8.1deviceswithv3printerdrivers
installedwillcontinuetoworkastheycurrentlydowithdesktop
applications.Somelimitationsexisttousingprinterdrivers
basedonthev3printerdrivermodelforWindowsStoreapps.
• Windows Store device app and Advance Print Settings
support FormanyWindows8.1—andWindows8—certied
printers(v4printerdrivermodel),Windows8.1automatically
discovertheprintersandinstallsthenecessarydrivers.
Otherwise,youcanspecifytheGroupPolicysettingsforprinters

fordomain-joineddevices.Youcanalsospecifythatusers
manuallyaddandcongureprintersastheydidinWindows7.
Ensurethatyouspecifyalistofavailableprinters(includingany
necessaryIPinformation)tostudentsandfaculty.
NOTE
Ensureyouhave
Windows8.1-certied
printerdevicedrivers
forasmanyprintersas
possible.
17WINDOWS 8.1 DEPLOYMENT PLANNING
• User connection to printers FormanyWindows8–certiedprinters(v4printerdriver
model),Windows8automaticallydiscovertheprintersandinstallsthenecessarydrivers.
Otherwise,youcanspecifytheGroupPolicysettingsforprintersfordomain-joineddevices.
YoucanalsospecifythatusersmanuallyaddandcongureprintersastheydidinWindows7.
Ensurethatyouspecifyalistofavailableprinters(includinganynecessaryIPinformation)to
studentsandfaculty.
• Security for printing Insomeinstances,youmaywanttolimitprinterusageto
authenticatedusers.Doingsorequiresthatthosewhoneedtousetheseprintershave
accountsinanADDSdomainsothattheappropriatepermissionscanbeappliedtoeach
printer.
• Protected printing Windows8.1includessupportforprotectedprinting,whichallowsusers
tospecifyaPINthatisthenusedattheprinterpriortothejobbeingprinted.Windows8.1
alsoallowsyoutospecifyadefaultPINtoreducewastefulpaperconsumptionrelatedto
contentthatisprintedbutneverretrieved.
Additionalinformation:
• “PrintersExtension”at />• “DeployingPrintersbyUsingGroupPolicy”at />aspx
• “OverviewofPrintinginWindows8”at />hardware/hh852373.aspx
• “DriverSupportforProtectedPrinting”at />hardware/dn265277(v=vs.85).aspx
18WINDOWS 8.1 DEPLOYMENT PLANNING

Security and privacy
NotethefollowingInternetplanningconsiderations:
• WhicheditionofWindows8.1isnecessarytosupportthedesiredsecurityandprivacy
features?
• HowareusersanddevicesprotectedwhenconnectedtotheInternet?
• Whatmethodsareavailabletopreventusersfrominstallingorrunningunauthorizedapps?
• WhatmethodsareavailabletoprotectuserprivacywhenrunningWindowsStoreapps?
• Whatmethodsareavailabletoprotectdevicesandtheinformationonthem?
• Whatpoliciesshouldyouconsiderimplementingwithstudents,parentsandfaculty?
Windows8.1includesseveralnewsecurityandprivacyfeatures.Table 2liststhesecurity
andprivacytechnologiesbyWindows8.1edition.Usethislisttodeterminewhicheditionof
Windows8.1youneedtosupportthesecurityandprivacytechnologiesyouwanttouse.Selectthe
appropriateWindows8.1editionthatprovidesacompletesecurityandprivacysolutionthatyou
canthencustomizeforeachuser.
WinDoWS 8.1 WinDoWS 8.1
Pro
WinDoWS 8.1
EntErPriSE
Windows Store App
privacy
Yes Yes Yes
Family Safety Yes Yes Yes
Unied Extensible
Firmware Interface (UEFI)
Secure Boot
Yes Yes Yes
SmartScreen Filter Yes Yes Yes
Windows Defender
(malware protection)
Yes Yes Yes

Windows Firewall Yes Yes Yes
Picture Password Yes Yes Yes
TABLE 2 Securityand
PrivacyTechnologiesby
Windows8.1Edition
19WINDOWS 8.1 DEPLOYMENT PLANNING
WinDoWS 8.1 WinDoWS 8.1
Pro
WinDoWS 8.1
EntErPriSE
BitLocker Drive
Encryption and BitLocker
To Go
No Yes Yes
Encrypting File System
(EFS)
No Yes Yes
Domain membership No Yes Yes
Group Policy objects
(GPOs)
No Yes Yes
AppLocker No No Yes
Microsoft DirectAccess No No Yes
Auto-triggered VPN Yes Yes Yes
Windows To Go No No Yes
Forinstitution-owneddevices,Windows8.1ProorEnterpriseis
recommended(dependingonthefeaturesdesired)forinstitutions
thatrequiremanagementofdevicesbyusingMicrosoftmanagement
productsandtechnologies,suchasGroupPolicyandMicrosoft
SystemCenter2012R2CongurationManager.Inmanaged

environmentsWindows8.1shouldbeafactorforpersonallyowned
devicesinBringYourOwnDevice(BYOD)scenarios.
Thesubsequentsectionswilllookathowthesefeaturesareused
forInternetaccess,applicationaccess,anddeviceaccess.Formore
informationaboutthefeaturesinTable2onpage18,seethe
followingresources:
• Windows Store App privacy Seesection4,“WindowsStore
appsputthecustomerincontrol,”inthetopic,“Appcertication
requirementsfortheWindowsStore,”atrosoft.
com/en-us/library/windows/apps/hh694083.aspx
• Family Safety Seethetopic,“What’sNewinWindows8Family
Safety,”at />desktop/jj155495(v=vs.85).aspx
NOTE
Thereisnocentralized
managementofthe
FamilySafetyfeature
byusingGroupPolicies.
TheMicrosoftaccount
shouldbeviewedasa
personalaccountfor
usebystudentsortheir
guardians.
20WINDOWS 8.1 DEPLOYMENT PLANNING
• UEFI Secure Boot Seethetopic,“SecuringtheWindows8BootProcess,”athttp://technet.
microsoft.com/en-US/windows/dn168167.aspx
• SmartScreen Filter and Windows Defender Seethetopic,“HowdoIndandremovea
virus,”at />topic,“SmartScreenFilter:FAQ,”at />smartscreen-lter#ie=ie-10
• Windows Firewall Seethetopic,“WindowsFirewallfromstarttonish,”athttp://windows.
microsoft.com/en-US/windows-8/Windows-Firewall-from-start-to-nish
• Picture Password Seethetopic,“Signinginwithapicturepassword,”athttp://windows.

microsoft.com/is-is/windows-8/picture-passwords#1TC=t1
• BitLocker and BitLocker To Go Seethetopic,“HelpprotectyourleswithBitLocker
DriveEncryption,”at />encryptionandthetopic,“HelpprotectyourleswithBitLocker,”atrosoft.
com/en-US/windows-8/bitlocker#1TC=t1
• EFS Seethetopic,“Encryptordecryptafolderorle,”at />US/windows-vista/Encrypt-or-decrypt-a-folder-or-le
• Domain membership Seethetopic,“ActiveDirectoryDomainServicesOverview,”athttp://
technet.microsoft.com/en-us/library/hh831484.aspx
• GPOs Seethetopic,“GroupPolicyOverview,”at />library/hh831791.aspx
• AppLocker Seethetopic,“AppLockerOverview,”at />library/hh831409.aspx
• DirectAccess Seethetopic,“UsingDirectAccess,”at />windows/dn168168.aspx
• Auto-triggered VPN Seethetopic,“What’sNewinRemoteAccessinWindowsServer2012
R2,”at />• Windows To Go Seethetopic,“WindowsToGo:FeatureOverview,”athttp://technet.
microsoft.com/en-us/library/hh831833.aspx
21WINDOWS 8.1 DEPLOYMENT PLANNING
Internet access
WhenusersconnecttotheInternet,theyareattheirgreatestriskofhavingsecurityattacksfrom
malicioususersandsoftware.Windows8.1includesseveralbuilt-infeaturesthathelpprotect
usersduringaccess.YoucanenableandenforcemanyofthesefeaturesbyusingGroupPolicy.
Forexample,youcanuseGroupPolicytoenableWindowsDefenderandWindowsFirewall.These
securityfeaturesareenabledinWindows8.1bydefault.
SpecifysecuritypoliciesthatimplementsafetyfeatureswhenconnectingtotheInternet,where
applicable.Forexample,guardiansofstudentscanusetheFamilySafetyfeaturetorestrictaccess
towebsitesbasedonuserage(suchasrestrictingthetypesofappsthatuserscanviewinand
installfromtheWindowsStore).
Application access
Application-relatedsecurityandprivacyaredividedintocontrolling:
• The installation and running of approved apps only Forinstitution-owneddevices,ensure
thatusersrunonlyapprovedapps.Youcanenforcewhichappscanbeinstalledandrunon
institution-owneddevicesbyusingtechnologiessuchasFamilySafety,AppLocker,andGroup
Policy.Forpersonallyowneddevices,educatefacultymembers,students,andguardianson

howtouseFamilySafetyfeaturestoshowage-appropriatecontentonly.
• Any personal information the apps collect while it is running SomeWindowsStoreapps
cancollectprivateinformationwhiletheappisrunning(suchaslocationoroptionsselected
intheapp).WindowsStoreappsincludetheabilityforuserstooptinorprovideconsentto
collectsuchinformationbydesigntopassWindowsStoreappcertication.Becausetheuser
mustprovideconsent,educateusersontheinformationthatcouldpotentiallybecollected
andtherisksofprovidingtheinformation.Thiswouldbetrueforinstitution-owneddevices
andpersonallyowneddevices.
Device access
Devicesecurityandaccessrepresentoneofthelargestopportunitiesfordataloss,forgotten
passwords,andothersecurity-relatedissues.Helpusersmitigatetherisksofdeviceaccessby
usingWindows8features.Forexample,youcanuseBitLockertopreventcondentialdatabeing
obtainedfromalostorstolendevice.Thisisparticularlyimportantfordevicesthatstorefacultyor
studentinformationonthedevice.
22WINDOWS 8.1 DEPLOYMENT PLANNING
Table 3liststhedeviceaccesssecurityandprivacytechnologiesandthenecessaryinformation
forselectingtheappropriatetechnologiesforyourinstitution.Youcanselectanycombinationof
thesetechnologiestodesignacompletesolution.
TABLE 3 DeviceAccessSecurityandPrivacyTechnologySelection
EFS BitLocKEr AnD
BitLocKEr to Go
PicturE PASSWorD WinDoWS to Go
Encrypts
condential
information
Yes(individualles
andfolders)
Yes(entirexed
orremovabledisk
volumes)

N/A N/A
Reduces the
complexity of
signing on
N/A N/A Yes N/A
Reduces the risk of
information loss
when a device is
lost or stolen
Yes Yes Yes
Yes(ifencrypted
withBitLocker)
Reduces the cost of
replacement when
a device is lost or
stolen
N/A N/A N/A Yes
Infrastructure None None None None
Ownership
scenarios
Personallyor
institution-owned
Personallyor
institution-owned
Personallyor
institution-owned
Institution-owned
Domain join
required
No

No(butrecovery
keyscanbestored
inADDSfor
domain-joined
devices)
No
No,butrequires
Windows8.1
Enterpriseedition
Remote connectivity
Notethefollowingremoteconnectivityappplanningconsiderations:
• Whichusersrequireremoteconnectivitytoresourcesontheinstitution’sintranet?
• Howcanusersaccessintranetresources?
• Whattypesofdevicesrequireremoteconnectivity?