管理 Windows IoT Core 设备Managing Windows IoT Core Devices

可以使用支持基于证书的注册或使用 Azure IoT 中心的设备管理的传统 OMA DM MDM 服务器来管理 Windows 10 IoT Core 设备。Windows 10 IoT Core devices can be managed using a traditional OMA DM MDM server that supports certificate-based enrollment or using Azure IoT Hub's Device Management.

在此处详细了解 MDM 和 Windows 10。Learn more about MDM and Windows 10 here.

对于使用 OMA DM 服务器管理的设备,适用于 Windows 10 IoT Core 的 MDM 策略与其他 Windows 10 版本中支持的策略一致。For devices that are managed using an OMA DM server the MDM policies for Windows 10 IoT Core align with the policies supported in other editions of Windows 10. 若要详细了解 IoT Core 设备上的策略以及可管理的内容,请参阅 此处的 Windows 10 配置服务提供程序参考。To learn more about policies as well as what can be managed on IoT Core devices, see Configuration service provider reference for Windows 10 here. Windows 10 中的 MDM 支持基于开放移动联盟 (OMA) 设备管理 (DM) 协议1.2.1 规范。The MDM support in Windows 10 is based on Open Mobile Alliance (OMA) Device Management (DM) protocol 1.2.1 specification.

如何实现将 IoT Core 设备注册到 MDM?How do I enroll an IoT Core device into a MDM?


使用预配包完成 IoT 核心设备的 MDM 注册。MDM enrollment of an IoT Core device is accomplished using a Provisioning package. 可以使用 Windows 映像配置和设计器 (WICD) 创建预配包。Provisioning packages can be created using Windows Image Configuration and Designer (WICD). 让我们尝试将设备注册到 MDM。Let's try enrolling a device into a MDM.

创建预配包Creating a Provisioning package

Microsoft System Center Configuration Manager (独立版或 SCCM 版 + Intune 混合) Microsoft System Center Configuration Manager (Standalone or SCCM+Intune Hybrid)

  1. (ConfigMgr 控制台中打开 Configuration Manager 管理控制台) Open the Configuration Manager Management Console (ConfigMgr Console)

  2. 导航到 "资产和符合性" > 符合性设置 > 公司资源访问 > 证书配置文件  证书配置文件Navigate to Assets and Compliance > Compliance Settings > Company Resource Access > Certificate Profiles Certificate Profiles

  3. 单击 "创建证书配置文件"Click Create Certificate Profile

  4. 提供配置文件的名称和描述Provide a name and description for the profile

    • 名称: ConfigMgr 示例受信任的根证书Name: ConfigMgr Example Trusted Root Certificate
      • 证书配置文件的类型:受信任的 CA 证书Type of certificate profile: Trusted CA certificate
        可信证书
  5. 单击“下一步”。Click Next.

  6. 导入证书文件。Import the certificate file.

  7. 选择 " 计算机证书存储区- 目标存储的根目录"。Select Computer certificate store - Root for the Destination Store.

  8. 单击“下一步”。Click Next.

  9. 对于支持的平台支持平台,选择 "全" Choose Select all for Supported Platforms Supported platforms

  10. 单击 " 摘要"、"下一步",然后单击 "关闭 " 退出向导。Click Summary, Next, and Close to exit the wizard.

  11. 右键单击刚创建的配置文件,然后单击 " 导出"。Right-click on the profile just created and click Export.

  12. 单击 " 浏览",找到应导出 ppkg 文件的位置,然后单击 " 保存"。Click Browse, find a location where the .ppkg file should be exported, and then click Save.

  13. 单击 " 导出 ",然后单击 "确定" 退出向导。Click Export and click OK to exit the wizard.

其他 MDM 服务器Other MDM Servers

  1. (WINDOWS ADK) 下载并安装 Windows 评估和部署工具包Download and install the Windows Assessment and Deployment Kit (Windows ADK).

  2. 打开 Windows 映像和配置设计器 (WICD) 。Open Windows Imaging and Configuration Designer (WICD). Windows 映像和配置设计器Windows Imaging and Configuration Designer

  3. 选择 高级设置Choose Advanced Provisioning

  4. 设置包的名称。Set a name for your package.

  5. 选择 Windows 10 IoT Core 的通用设置。Choose settings common to Windows 10 IoT Core.

  6. 跳过 "导入包" 步骤。Skip the Import Package step. WICD--WICD--新项目-WICD--新建-项目-   ImportWICD-New-Project-Details WICD-New-Project-Editions WICD-New-Project-Import

  7. 导航到 "工作区-> 注册"。Navigate to Workplace -> Enrollments.

  8. 在 "UPN" 字段中,输入要在其下注册设备的帐户 (即 trmck@contoso.co) 并单击 " 添加"。In the UPN field, enter the account you wish to enroll your device under (i.e. trmck@contoso.co) and click Add.

    已填充工作区注册

  9. 对于 AuthPolicy,请选择 "基于用户名密码 (本地) 或基于证书的身份验证之间的身份验证。For AuthPolicy choose between Username Password based authentication (OnPremises) or Certificate-based authentication.

  10. 输入 MDM 服务器的发现服务 URL。Enter the Discovery Service URL for your MDM server.

备注

注册服务 URL 和策略服务 URL 是可选的。Enrollment Service URL and Policy Service URL are optional.

  1. 输入密码For the Secret enter

    • 本地:要注册的帐户的密码OnPremises: The password for the account you're enrolling with
    • 证书:证书的指纹Certificate: The thumbprint of the certificate

    实心 OnPremise

  2. 在 WICD 窗口的顶部,单击 " 导出 > 预配包"。At the top of WICD window click Export > Provisioning package.

  3. 提供包的名称和版本,然后单击 " 下一步"。Provide a name and version for your package and click Next.

备注

务必递增版本号,以确保执行更新的包。Be sure to increment the version number to ensure an updated package is executed.

  1. 在 "安全详细信息" 页上单击 "下一步"。Click Next on the security details page.

  2. 选择要在本地计算机上导出包的位置,并单击 " 下一步"。Choose the location where the package is to be exported on the local machine and click Next.

  3. 单击 " 生成 ",然后单击 " 完成 " 退出向导。Click Build and then Finish to exit the wizard.

安装预配包Installing the Provisioning package

可通过几种方法将预配包部署到 IoT 设备。There are a few ways in which a Provisioning package can be deployed to an IoT device. 可以通过将包复制到设备,或在映像过程中将包添加到映像来部署包。It is possible to deploy a package by copying the package to the device or adding the package to the image during the imaging process.

将包复制到设备Copying package to device

获取从 SCCM 或 WICD 导出的预配包,并将 ppkg 文件复制到 C:\Windows\Provisioning\Packages IoT 设备上的目录。Take the Provisioning package that was exported from SCCM or WICD and copy the .ppkg file to C:\Windows\Provisioning\Packages directory on the IoT device. 当设备重新启动时,将执行包,并且设备将启动注册过程。Upon reboot of the device, the package will be executed and the device will start the enrollment process.

将包添加到映像Adding package to image

请参阅 向映像添加预配包See Add a provisioning package to an image. 首次启动时,设备将执行包并启动注册过程。Upon first boot, the device will execute the package and start the enrollment process.