Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.

Abstract: Generally discussed herein are devices, systems, and methods for binding with cryptographic key attestation. A method can include generating, by hardware of a device, a device public key and a device private key, based on the device private key, signing a first attestation resulting in a signed first attestation, the first attestation claiming the device private key originated from the hardware, based on the device public key and the signed first attestation, registering the device with a trusted authority, generating, by the hardware, a first application private key and a first application public key, and based on the device private key, signing a second attestation resulting in a signed second attestation, the second attestation claiming the first application private key originated from the hardware, and based on the first application public key and the signed second attestation, registering a first application of the device to a first server.

Abstract: Registering a computer system for use in an enterprise. A method includes receiving, from a device management infrastructure of the enterprise, an executable system management component (SMC), and installing the SMC at a storage device. The method also includes executing the SMC, causing the computer system to register with the device management infrastructure, including applying a device settings policy to a configuration of the computer system. Executing the SMC also causes the computer system to configure itself to periodically execute a maintenance task received from the device management infrastructure.

Abstract: Registering a computer system for use in an enterprise. A method includes receiving, from a device management infrastructure of the enterprise, an executable system management component (SMC), and installing the SMC at a storage device. The method also includes executing the SMC, causing the computer system to register with the device management infrastructure, including applying a device settings policy to a configuration of the computer system. Executing the SMC also causes the computer system to configure itself to periodically execute a maintenance task received from the device management infrastructure.

Abstract: Installing apps on a device. The device is generally configured to be used in a closed market environment that only allows generally available apps of the closed market to be installed. The method includes determining that the device has been authorized to install apps outside of a set of apps generally available from the closed market and from a set of apps available only to users of a particular enterprise. The method further includes determining that an app, that is not generally available from the closed market, has been verified by a central authority. The method further includes installing the app on the device in spite of the fact that the device is generally configured to be used in a closed market environment.

Abstract: Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.

Abstract: Techniques for guaranteeing that a software program is executed on a machine only during designated periods of time are provided. Service windows define time periods during which software programs targeted to execute on a machine are allowed to execute on the machine. On the machine, the service windows work in conjunction with a client process that is executing on the machine to guarantee execution of the software programs by the client process only during available service windows.

Abstract: Installing apps on a device. The device is generally configured to be used in a closed market environment that only allows generally available apps of the closed market to be installed. The method includes determining that the device has been authorized to install apps outside of a set of apps generally available from the closed market and from a set of apps available only to users of a particular enterprise. The method further includes determining that an app, that is not generally available from the closed market, has been verified by a central authority. The method further includes installing the app on the device in spite of the fact that the device is generally configured to be used in a closed market environment.

Abstract: Installing apps and setting configuration on a device. A method includes receiving user input. The user input indicates a level of control that a user is willing to give an enterprise over the device. The method further includes determining, based on the level of control indicated by the user input, a set of apps allowed to install on the device. The set of apps allowed to install on the device is limited by the level of control indicated by the user. The method further includes authorizing installation of the set of apps on the device while restricting installation of other apps that would be authorized had the user selected a different level of control that the user is willing to give the enterprise over the device.

Abstract: Techniques for guaranteeing that a software program is executed on a machine only during designated periods of time are provided. Service windows define time periods during which software programs targeted to execute on a machine are allowed to execute on the machine. On the machine, the service windows work in conjunction with a client process that is executing on the machine to guarantee execution of the software programs by the client process only during available service windows.

Abstract: Techniques for guaranteeing that a software program is executed on a machine only during designated periods of time are provided. Service windows define time periods during which software programs targeted to execute on a machine are allowed to execute on the machine. On the machine, the service windows work in conjunction with a client process that is executing on the machine to guarantee execution of the software programs by the client process only during available service windows.

Abstract: An item grouping mechanism may be applied to files or other computer objects to allow the files or objects to be accessed according to the group definition. The group definition may be defined in a table with other group definitions and distributed across an organization so that each device using the group definition may have files or other items presented in a consistent manner. The group definition may be distributed through a different mechanism than for the files or other items. If a device determines that a file defined in the group definition is missing from a local store, the device may retrieve the file from a distribution server.

Abstract: An item grouping mechanism may be applied to files or other computer objects to allow the files or objects to be accessed according to the group definition. The group definition may be defined in a table with other group definitions and distributed across an organization so that each device using the group definition may have files or other items presented in a consistent manner. The group definition may be distributed through a different mechanism than for the files or other items. If a device determines that a file defined in the group definition is missing from a local store, the device may retrieve the file from a distribution server.

Abstract: A client in a plurality of clients with a same network address or similar common identifier is designated a Peer Distribution Point (PDP) agent for distributing a software application divided into several packages to the plurality of clients. The plurality of clients are part of a client-server hierarchical system comprising a Central SMS site server and several Distributing servers. The Central SMS site server generates policies for the packages that are pushed to a Distribution server assigned to the plurality of clients from where the PDP agent pulls the policies. The Central SMS site server generates the packages that are pushed to the Distributing server after the PDP agent pulls the policies. The packages are pulled by the PDP agent from the Distributing server. The other clients pull the packages from the PDP agent as and when needed.

Abstract: Techniques for guaranteeing that a software program is executed on a machine only during designated periods of time are provided. Service windows define time periods during which software programs targeted to execute on a machine are allowed to execute on the machine. On the machine, the service windows work in conjunction with a client process that is executing on the machine to guarantee execution of the software programs by the client process only during available service windows.