what's new in windows 7
DESCRIPTION
This Complimentary Breakfast Seminar will introduce you to new features in Microsoft Windows 7: user productivity, improved security and control, streamlined PC management, and desktop optimization.TRANSCRIPT
Unlock Hidden Potential:
First Look: Windows® 7 for IT Professionals
Clinic Outline
• Session 1: Security Features
• Session 2: Networking Functionality
• Session 3: Interface Improvements
Security Features
• User Account Control changes
• Windows BitLocker™ and Windows BitLocker To Go™
• Windows AppLocker™
User Account Control Changes
• Many actions no longer require administrative privileges, so UAC doesn’t kick in:
- Changing time zone
- renewing IP address
- viewing firewall settings
- changing display dpi
User Account Control Changes (cont’d)
• Easily managed by users
• More options than before
User Account Control Changes (cont’d)
• More granular configuration available through Group Policy
- Example: “Only elevate executables that are signed”
BitLocker
• Available in Enterprise and Ultimate editions
• Same functionality as in Vista, but easier to implement
• Requires two partitions – 100MB hidden partition created at install
BitLocker (cont’d)
• Security provided through:• Trusted Platform Module (TPM)
• TPM + PIN
• TPM + PIN + USB Key
• TPM + USB Key
• USB Key
BitLocker (cont’d)
• With TPM, enabling is through Rt-Click
• Without TPM, Local Security Policy must be edited
• Windows 7 provides support for Data Recovery Agent(s)
BitLocker (cont’d)
• Recovery password created when BitLocker enabled
• Saved
• Printed
• Stored in Active Directory
• Computer goes into recovery mode if:
• The TPM is missing or changed
• There are changes to startup files
• Computer is booted from a CD or DVD
BitLocker To Go
• Available in Enterprise and Ultimate editions
• Allows you to encrypt removable drives
• USB/Firewire/SATA HDDs
• Solid state drives like USB thumb drives
• When you enable BTG, four things happen:
• You are prompted to create a password that will be used to unlock the drive
• You will choose to save or print your recovery password
• A “BitLocker to Go Reader” is copied to the drive
• The drive is encrypted
BitLocker To Go (cont’d)
• Using a BTG-encrypted drive in Windows 7
• Prompted for password
• Read/write access
• Using a BTG-encrypted drive in Vista or XP
• Autoplay displays a prompt to install the “BitLocker to Go Reader”
• You are prompted for the password
• You copy files to the local hard drive
• You cannot open files directly from the BTG-encrypted drive, and you only have read access
AppLocker
• New version of Software Restriction Policies
• Much simpler implementation• Rules define what *can* run – all others are blocked
• You can auto-create rules for all programs on a “reference machine”
• You can then manually create rules for new applications
AppLocker (cont’d)
• Four types of rules:• Certificate rules
• Hash rules
• Path rules
• Internet zone rules
• “Default Rules” allow:• Everyone access to programs in Program Files
• Everyone access to programs in Windows
• Administrators access to programs everywhere
AppLocker (cont’d)
• An “audit only” mode allows administrators to see what apps would be affected by an AppLocker rule before enforcing the rules
• Critical Points:• You must create the default rules first, because
one “allow” rule will deny all others
• A user with administrative privileges can circumvent the rules
• Vista and XP clients ignore AppLocker
• Windows 7 clients ignore Software Restriction Policies if they are in the same GPO as an AppLocker rule
Networking Functionality
• Windows DirectAccess
• Windows BranchCache™
• Libraries
DirectAccess
• Technology that allows users to access the corporate network without a VPN connection
• Transparently connects whenever the user connects to the Internet
• Bi-Directional
o Users get access to the corporate network
o IT can manage the remote computer
NAP health policies
Patches
DirectAccess (cont’d)
• Can be configured to be:
o Network wide
o Restricted to specific resources
• Communication is via IPv6 over IPSec (possibly tunneled through IPv4)
• Integrates with NAP to ensure computers are healthy before connecting
DirectAccess (cont’d)
• Hardware/Software requirements:• At least one DirectAccess server running 2008 R2
with two NICs
• At least one DC and DNS server running 2008 or 2008 R2
• A PKI
• Defined IPSec policies
• IPv6 transition technologies
• Windows 7 Enterprise on the client
BranchCache
• Branches often connected via slow links – resource access can be slow
• BranchCache helps resolve issue by caching data in the branch office (encrypted)
• Can be implemented in two modes:• Distributed caching
• Hosted caching
BranchCache (cont’d)
• When accessing data for the first time the computer• Downloads the data from the corp site
• Copies the data (if necessary) to the hosted cache
BranchCache (cont’d)
• When a second user accesses the same data, the computer:
• Contacts server in corp site to confirm user is authorized and downloads an identifier and a hash of the data
• Checks the branch cache for the identifier and, if found, checks the hash against the cached copy
• If the identifier is not found or the hashes don’t match (file has changed), downloads the data from the main site
BranchCache (cont’d)
• Note: BranchCache only works for reads. Any writes are saved to the main site
• Requirements:• Content servers in main site must be 2008 R2 with
BranchCache enabled
• A 2008 R2 server in the branch site if using Hosted Cache, with BranchCache enabled
• Windows 7 Enterprise clients with BranchCache enabled
Libraries
• Views that help users manage data in:• Shared folders
• Document repositories
• Web sites
• Adding web sites or document repositories to a Library requires a connector
• Libraries can be shared on the network
Problem Steps Recorder
• Helps administrators recreate the steps that led to a problem for the user
• Creates screen captures and descriptions of every action a user takes
• Saves the captures in a .zip file viewable in browser
• Great for documenting configurations
Start Search Button
• Super timesaver
• Lists files, folders, programs, email addresses, address book entries, calendar appointments, pictures, movies, .pdf documents, music files, browser bookmarks and MS Office documents
• Smart – not just a word search
• Results more complete and faster if indexing is enabled
Taskbar/Interface Improvments
• Icons
• Pinning to Taskbar
• Thumbnails
• Jumplists
• Show Desktop
• Aero Shake
• Tile two apps