Contents
-
Introducing Shopping
-
Implementing Shopping
-
Working with Shopping
-
Troubleshooting
-
Training
-
Reference
-
Supported Platforms
-
Server Sizing
-
Communication Ports
-
Shopping Central installer properties
-
Shopping Receiver installer properties
-
Shopping Admin Console settings
-
1E Client Shopping module settings
-
Configuring AD synchronisation
-
Default and recommended Configuration Manager legacy package settings
-
Fields and limitations
-
Customizations
-
The Shopping workflow
-
Shopping and other ticketing systems
-
Deploying Shopping Administrator Console using Configuration Manager
-
Localizing Shopping
-
Accessibility
-
Windows Servicing Assistant UI Pages
-
Release notes
-
Supported Platforms
Category | Product | Notes |
---|---|---|
Server OS |
| Systems running these server OS will support:
The list in the Product column is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by Shopping 6.0. However the following OS continue to be supported as exceptions to help customers during their migration to the latest OS:
Shopping's Intune integration feature is not supported on legacy OS. Please refer to Constraints of Legacy OS regarding end of mainstream support. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions. |
Client OS |
| Systems running these client OS will support:
The list in the Product column is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by Shopping 6.0. However the following legacy OS continue to be supported as exceptions to help customers during their migration to the latest OS:
Shopping's Intune integration feature is not supported on any legacy OS. Please be aware that Microsoft Intune has very limited support for application deployment on Windows 8.1, especially for enterprise application types. Please refer to Constraints of Legacy OS regarding end of mainstream support. For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search. Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions. |
SQL Server |
|
|
Microsoft System Center Configuration Manager |
|
|
Microsoft Intune |
|
|
Web Server |
|
|
Runtime libraries |
|
|
Browsers |
|
Recent versions of browsers issue warnings when connecting to HTTP websites. |
Companion products |
|
If you are implementing self-service OS deployment through Shopping using either the Windows Servicing Assistant or the OS Deployment Wizard, you will need to install Tachyon and Application Migration to support migration of applications during the OS deployment. Application Migration supersedes the App Mapping feature in earlier versions of Shopping that required AppClarity 5.2 to provide application usage information to Shopping. Shopping integration with AppClarity 5.2 is no longer available and supported so you will need to move to using Application Migration. |
Others |
|
|
Constraints of Legacy OS
1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.
|
|
For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.
Digital Signing Certificates
Certificate limitations - expired root certificates
Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.
If this GPO is enabled, then you will see DisableRootAutoUpdate = 1 (dword)
in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.
Certificate limitations - signing certificates missing
On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below.
Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).
Typical reasons for issues with signing certificate are:
- If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
- If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below.
The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature.
The table below applies to software and hotfixes released in 2020.
2020 | Signing certificate | Timestamping certificates |
---|---|---|
Certificate | 1E Limited | TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder |
Issuing CA | DigiCert EV Code Signing CA (SHA2) Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3 | DigiCert SHA2 Assured ID Timestamping CA Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297 and DigiCert Assured ID CA-1 Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117 |
Root CA | DigiCert High Assurance EV Root CA Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25 | DigiCert Assured ID Root CA Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43 |