what's new in windows 7

Unlock Hidden Potential:

First Look: Windows® 7 for IT Professionals

Clinic Outline

• Session 1: Security Features

• Session 2: Networking Functionality

• Session 3: Interface Improvements

Security Features

• User Account Control changes

• Windows BitLocker™ and Windows BitLocker To Go™

• Windows AppLocker™

User Account Control Changes

• Many actions no longer require administrative privileges, so UAC doesn’t kick in:

- Changing time zone

- renewing IP address

- viewing firewall settings

- changing display dpi

User Account Control Changes (cont’d)

• Easily managed by users

• More options than before

User Account Control Changes (cont’d)

• More granular configuration available through Group Policy

- Example: “Only elevate executables that are signed”

BitLocker

• Available in Enterprise and Ultimate editions

• Same functionality as in Vista, but easier to implement

• Requires two partitions – 100MB hidden partition created at install

BitLocker (cont’d)

• Security provided through:• Trusted Platform Module (TPM)

• TPM + PIN

• TPM + PIN + USB Key

• TPM + USB Key

• USB Key

BitLocker (cont’d)

• With TPM, enabling is through Rt-Click

• Without TPM, Local Security Policy must be edited

• Windows 7 provides support for Data Recovery Agent(s)

BitLocker (cont’d)

• Recovery password created when BitLocker enabled

• Saved

• Printed

• Stored in Active Directory

• Computer goes into recovery mode if:

• The TPM is missing or changed

• There are changes to startup files

• Computer is booted from a CD or DVD

BitLocker To Go

• Available in Enterprise and Ultimate editions

• Allows you to encrypt removable drives

• USB/Firewire/SATA HDDs

• Solid state drives like USB thumb drives

• When you enable BTG, four things happen:

• You are prompted to create a password that will be used to unlock the drive

• You will choose to save or print your recovery password

• A “BitLocker to Go Reader” is copied to the drive

• The drive is encrypted

BitLocker To Go (cont’d)

• Using a BTG-encrypted drive in Windows 7

• Prompted for password

• Read/write access

• Using a BTG-encrypted drive in Vista or XP

• Autoplay displays a prompt to install the “BitLocker to Go Reader”

• You are prompted for the password

• You copy files to the local hard drive

• You cannot open files directly from the BTG-encrypted drive, and you only have read access

AppLocker

• New version of Software Restriction Policies

• Much simpler implementation• Rules define what *can* run – all others are blocked

• You can auto-create rules for all programs on a “reference machine”

• You can then manually create rules for new applications

AppLocker (cont’d)

• Four types of rules:• Certificate rules

• Hash rules

• Path rules

• Internet zone rules

• “Default Rules” allow:• Everyone access to programs in Program Files

• Everyone access to programs in Windows

• Administrators access to programs everywhere

AppLocker (cont’d)

• An “audit only” mode allows administrators to see what apps would be affected by an AppLocker rule before enforcing the rules

• Critical Points:• You must create the default rules first, because

one “allow” rule will deny all others

• A user with administrative privileges can circumvent the rules

• Vista and XP clients ignore AppLocker

• Windows 7 clients ignore Software Restriction Policies if they are in the same GPO as an AppLocker rule

Networking Functionality

• Windows DirectAccess

• Windows BranchCache™

• Libraries

DirectAccess

• Technology that allows users to access the corporate network without a VPN connection

• Transparently connects whenever the user connects to the Internet

• Bi-Directional

o Users get access to the corporate network

o IT can manage the remote computer

NAP health policies

Patches

DirectAccess (cont’d)

• Can be configured to be:

o Network wide

o Restricted to specific resources

• Communication is via IPv6 over IPSec (possibly tunneled through IPv4)

• Integrates with NAP to ensure computers are healthy before connecting

DirectAccess (cont’d)

• Hardware/Software requirements:• At least one DirectAccess server running 2008 R2

with two NICs

• At least one DC and DNS server running 2008 or 2008 R2

• A PKI

• Defined IPSec policies

• IPv6 transition technologies

• Windows 7 Enterprise on the client

BranchCache

• Branches often connected via slow links – resource access can be slow

• BranchCache helps resolve issue by caching data in the branch office (encrypted)

• Can be implemented in two modes:• Distributed caching

• Hosted caching

BranchCache (cont’d)

• When accessing data for the first time the computer• Downloads the data from the corp site

• Copies the data (if necessary) to the hosted cache

BranchCache (cont’d)

• When a second user accesses the same data, the computer:

• Contacts server in corp site to confirm user is authorized and downloads an identifier and a hash of the data

• Checks the branch cache for the identifier and, if found, checks the hash against the cached copy

• If the identifier is not found or the hashes don’t match (file has changed), downloads the data from the main site

BranchCache (cont’d)

• Note: BranchCache only works for reads. Any writes are saved to the main site

• Requirements:• Content servers in main site must be 2008 R2 with

BranchCache enabled

• A 2008 R2 server in the branch site if using Hosted Cache, with BranchCache enabled

• Windows 7 Enterprise clients with BranchCache enabled

Libraries

• Views that help users manage data in:• Shared folders

• Document repositories

• Web sites

• Adding web sites or document repositories to a Library requires a connector

• Libraries can be shared on the network

Problem Steps Recorder

• Helps administrators recreate the steps that led to a problem for the user

• Creates screen captures and descriptions of every action a user takes

• Saves the captures in a .zip file viewable in browser

• Great for documenting configurations

Start Search Button

• Super timesaver

• Lists files, folders, programs, email addresses, address book entries, calendar appointments, pictures, movies, .pdf documents, music files, browser bookmarks and MS Office documents

• Smart – not just a word search

• Results more complete and faster if indexing is enabled

Taskbar/Interface Improvments

• Icons

• Pinning to Taskbar

• Thumbnails

• Jumplists

• Show Desktop

• Aero Shake

• Tile two apps