Upload
stephen-l-rose
View
2.402
Download
0
Embed Size (px)
DESCRIPTION
Citation preview
Welcome to Windows 7
Stephen L RoseWorldwide Community Manager – Windows [email protected] http://microsoft.com/springboard
Blog- http://windowsteamblog.com Twitter- @stephenlrose / @MSspringboard
AgendaWho Am I?Resources, Resources, ResourcesWindows 7 OverviewWindows 7 AnywhereSecurity and Control in Windows 7Windows 7 DeploymentWrap-up
What is the Springboard Series?
Over 50 video walkthroughs on
Windows 7 features, tools and tasks
Straight-talk Monthly Feature Articles & Overview Guides
Virtual Roundtable Events
Springboard Insider Monthly Newsletter and
Windows Team Blog
The Springboard Series IT pro experience offers IT Pros dynamic content and structured guidance across the adoption lifecycle
Springboard is localized in 10 languages
Dedicated zones for Application
Compatibility, Migration, Deployment and more
The Springboard Series is the resource for desktop IT pros www.microsoft.com/springboard
Follow us on Twitter @ MSSpringboard
www.TalkingAboutWindows.com – The people , the backstories, and the events behind Windows 7.
Join The Conversation!
Let’s Begin
Category Feature Windows XP SP3 Windows Vista® SP1
Windows 7
File Organization and Search
Desktop Search Separate Download Yes Improved
Libraries No No New
Search Federation No No New
Enterprise Search Scopes - Requires Windows 7 Enterprise No No New
Remote Access
DirectAccess – Requires Windows 7 Enterprise, Windows Server 2008 R2
No No New
VPN Reconnect No No New
BranchCache™ - Requires Windows 7 Enterprise, Windows Server 2008 R2
No No New
Mobile Broadband No No New
RemoteApp & Desktop Connections No No New
Security & Compliance
BitLocker™ Drive Encryption- Requires Windows Vista or Windows 7 Enterprise
No Yes Improved
BitLocker To Go™- Requires Windows 7 Enterprise No No New
AppLocker™- Requires Windows 7 Enterprise No No New
Multiple Active Firewall Profiles No No New
Granular Audit No Yes Improved
User Account Control No Yes Improved
Domain Name System Security Extensions No No New
Smart Card Support Yes Yes Improved
Biometric Support 3rd Party 3rd Party New
Management
Windows PowerShell™ 2.0 Download Download Included
Scripting of Group Policy Settings – Requires Remote Server Administration Tools for Windows 7
No No Yes
Group Policy Preferences Download Download Included
Windows Recovery Environment No Yes Improved
Windows Troubleshooting Platform No No New
Unified Tracing Yes Yes Improved
Problem Steps Recorder No No New
Remote Access to Reliability Data No No New
Deployment
Deployment Image Servicing & Management No Yes Improved
Dynamic Driver Provisioning No No New
Volume Activation No Yes Improved
Multicast Multiple Stream Transfer No No New
User State Migration Tool Yes Yes Improved
VHD Image Management & Deployment No No New
Rich Remoting Experience (Multimedia, Bi-directional Audio, Multi-Monitor)
No No New
VHD Boot No No New
Windows 7 Versions
Windows 7 Starter No AeroNo 64 Bit
Windows 7 Home BasicEmerging Markets only
Windows 7 Home PremiumIncludes Aero, Media Center and Touch
Windows 7 ProfessionalDoes not support Direct Access, BitLocker, BitLocker To Go, BranchCache. Does have XP Mode
Windows 7 EnterpriseSupports all features. Only available via Volume License to Software Assurance customers.
Windows 7 UltimateSupports all features.
Understanding VL and SAWhat is Volume Licensing?
Volume Licensing is the most affordable way to upgrade your existing PCs to Windows 7 Enterprise.Windows licenses available through Volume Licensing are upgrade-only licenses. They do not replace purchasing the initial Windows licenses for software that comes pre-installed on new PCs. Each desktop that runs the Windows 7 upgrade must first be licensed to run one of the qualifying operating systems (Windows Vista (Enterprise/Business/Ultimate) or Windows XP (Professional)—otherwise the PC will not have a valid, legal Windows license.
What is Software Assurance?When you acquire Windows 7 Professional licenses, either through Volume Licensing upgrades or through an OEM, you can cover those licenses with Software Assurance to get rights to Windows 7 Enterprise.SA also applies to Office and other Microsoft products.
What Else Do I Get With SA?Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that provides innovative technologies to help better control the desktop PC, accelerate and simplify desktop PC deployments and management, and create a dynamic infrastructure by turning software into centrally-managed services. Windows Virtual Enterprise Centralized Desktop (VECD) for Software Assurance - Windows VECD is an annual device-based subscription that enables organizations to license virtual copies of Windows 7 (or prior OS versions) in a variety of user scenarios.Windows Fundamentals for Legacy PCs - Available exclusively to Microsoft Software Assurance customers, this small-footprint, Windows-based operating system solution is for customers with legacy computers running early operating systems who are not in a position to purchase new hardware.Virtual OS Rights - Use up to four instances of Windows in virtual OS environments for each license that has active Software Assurance coverage.New Version Rights - Receive new versions of licensed software released during the term of your coverage. If you have Software Assurance coverage for your PCs when Windows 7 is released, you will automatically receive rights to use Windows 7 Enterprise on those PCs.
MDOP TechnologiesApp-V turns applications into centrally managed services that are never
installed, never conflict, and are streamed on demand to end users
AIS is a hosted service that collects software inventory data and translates it into actionable business intelligence
DART reduces downtime by accelerating desktop repair, recovery, and troubleshooting unbootable Windows-based desktops
AGPM enhances governance and control over Group Policy through robust change management and role-based administration
MED-V enables deployment and management of Microsoft Virtual PC to address key enterprise scenarios, primarily resolving application
compatibility with a new version of Windows
DEM enables proactive helpdesk problem management by analyzing and reporting on application and system crashes
What’s The Killer Feature In Windows 7?
What’s The Killer Feature In Windows 7?“I Don’t Care How It Works.
I Just Want It To Work.”Mobility
Direct Access / VPN Reconnect/Mobile Broadband / BranchCache
Security and ControlBitLocker/BitLocker To Go / Improved UACDesktop Auditing / NAP / AppLocker / IE8
GUINew Aero Features / Search / Wireless support / Device Stage / Location Aware Printing / Home Groups / Libraries
GeneralSpeed / Efficiency / Capabilities / Flexibility / Reliability
Windows 7 and Access Anywhere
Information Worker’s World Has Been Changing
BRANCH OFFICES
MOBILE & DISTRIBUTED WORKFORCE
CENTRAL OFFICE
REMOTE WORK
The Evolving Needs
Mobile & Remote Work-Force needs:• Work anywhere• Fast access
IT Professional needs:• Secure and flexible infrastructure for
“work anywhere”• Reduce costs
Situation Today
Remote Access for Mobile Workers
• Corporate network boundary includes managed assets no matter where they are
on the Internet• Easy to service mobile PCs and distribute
updates and polices• New network paradigm increases mobile
user productivity by providing same experience inside & outside
the office
• Challenging for IT to manage, update, patch mobile PCs while disconnected from
company network• Difficult for users to access corporate
resources from outside the office
HomeOffice Home Office
DirectAccess
Windows 7 Solution
DirectAccess Components
• Runs on Windows 7• Domain-joined
• Initial configuration done on Corpnet or over
VPN
• Runs on Windows Server 2008 R2
• Sits on network edge• Single box by default• Services can be split
up for scalability
Server Client
DirectAccess Server
Compliant Client
Compliant Client
IPsec/IPv6
Data Center and Business Critical Resources
Internet
Intranet User
Enterprise Network
Intranet User
IPsec/I
Pv6
IPsec
/IPv6
Assume the underlying network is always insecure
Redefine enterprise network edge to insulate the datacenter and business critical resources
Tunnel over IPv4 UDP, HTTPS, etc.
DirectAccess
Technical Details
NAP / NPS Servers
Security policies based on identity, not location
DirectAccess ServerDirectAccess
Client
Internet
Native IPv6
6to4
Teredo
IP-HTTPS
Tunnel over IPv4 UDP, HTTPS, etc.
Encrypted IPsec+ESP
DirectAccess & IPv6
Enterprise NetworkDirectAccess
ServerLine of Business
Applications
No IPsec
IPsec Integrity Only (Auth)
IPsec Integrity + Encryption
DirectAccess & IPsec
DirectAccess Deployment
Determine your strategyBe ready to monitor IPv6 trafficChoose an Access Model: Full Intranet Access vs. Selected Server Access?Assess deployment scale
Get your infrastructure readyWindows 7 clientsWindows Server 2008 R2 DirectAccess ServerDC, DNS Server, Active Directory, PKI, Application Servers, etc.
During deploymentUse DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNSCustomize policies as needed
Get ready step by step
IT Pro Benefits
Improved manageability of remote users IT simplification and cost reductionConsistent security for all access scenarios
Seamless & secure access to corporate resourcesConsistent connectivity experience in / out officeCombined with other Windows 7 features
enhances the end to end IW experience
DirectAccess Benefits
End User Benefits
DirectAccess? Show Me!
Situation Today Windows 7 Solution
VPN Reconnect
• Better end user experience: seamless and consistent VPN connectivity• Reduced support costs
• VPN used frequently for remote access to corporate resources
• Mobile workers reconnect to VPN on every network outage
VPN Server
VPN Server
• The client maintains persistent VPN connection across network outages
• VPN Client can connect to any VPN Server of choice
Benefits
Benefits
Mobile Broadband
• IHVs can integrate devices using Windows 7 platform
• No need for users to install3rd party software
• End users have same connectivity experience across WiFi and WWAN
Internet connectivity via mobile broadband cards is expanding:
• Inconsistent user experience• Additional software required
Integrated solution that is consistent and easy to discover
• Plug & play experience for 3G cards (built-in or external)
Situation Today Windows 7 Solution
Branch Office Enhancements
Caches content downloaded from file and Web servers
Users in the branch can quickly open files stored in the cache
Frees up network bandwidth for other uses
BranchCache™
Application and data access over WAN is slow in branch officesSlow connections hurt user
productivity Improving network performance is
expensive and difficult to implement
Windows 7 SolutionSituation Today
BranchCache
• Authenticates current state of data and access rights of the user against the server
• Supports commonly used protocols: HTTP(S), SMB• Support network security protocols (SSL, IPsec)
• Requires Windows Server 2008 R2 in the data center and Hosted Cache
Technical Details
Get
GetID
Get
Data
BranchCache Distributed Cache
Get
IDData
Data
Get
GetID
Put
Data
BranchCache Hosted Cache
Get
DataID
Search
Get
Sear
ch
Request
Advertize
ID
ID
ID
Data
ID
Data
BranchCache
Enterprise
Distributed CacheData cached in cache pool
Hosted CacheData cached at the host server
• Cache stored centrally: existing Windows Server 2008 R2 in the branch• Cache availability is high
• Enables branch-wide caching• Increased reliability
• Recommended for branches without a branch server
• Easy to deploy: Enabled on clients through Group Policy
• Cache availability decreases with laptops that go offline
BranchCache BenefitsIT Pro Benefits
• Optimize network utilization:• HTTP and HTTPS-based intranet traffic
• SMB (and signed SMB) shares on the read path• Support network security protocols (SSL, IPsec)
• Reduce the cost of managing WAN
• Improve application responsiveness and reduce file transferwait time
• Combined with other SMB offerings enhance the userexperience on remote shares
End User Benefits
Enhance Security & Control in Windows 7
Fundamentally Secure Platform
Helping Protect Users &
Infrastructure
Windows Vista Foundation
Streamlined User Account Control
Enhanced Auditing
Helping Secure Anywhere
Access
Windows 7 Enterprise SecurityBuilding upon the security foundations of Windows Vista, Windows 7 provides IT
Professionals security features that are simple to use, manageable, and valuable.
HelpingProtect
Data
Network Security
Network Access Protection
DirectAccessTM
AppLockerTM
Internet Explorer 8
Data Recovery
RMS
EFS
BitLocker & BitLocker To GoTM
Windows Vista Foundation
Enhanced Auditing
Make the system work well for standard users
Administrators use full privilege only for
administrative tasks
File and registry virtualization helps
applications that are not UAC compliant
Group Policy Configurable
Streamlined User Account
Control
XML based
Granular audit categories
Detailed collection of audit results
Simplified compliance management
Fundamentally Secure Platform
Security Development Lifecycle process
Kernel Patch Protection
Windows Service Hardening
DEP & ASLR
IE 8 inclusive
Mandatory Integrity Controls
User Account Control
Windows Vista Windows 7
Streamlined UAC
User provides explicit consent before using elevated privilege
Disabling UAC removes protections, not just consent prompt
Challenges
Users can do even more as a standard user
Administrators will see fewer UAC Elevation Prompts
Customer Value
Reduce the number of OS applications and tasks that require
elevation
Refactor applications into elevated/non-elevated pieces
Flexible prompt behavior for administrators
Continued ecosystem influence for standard user applications
System Works for Standard User
All users, including administrators, run as Standard User by default
Administrators use full privilege only for administrative tasks or
applications
Influence the ecosystem to write software that does not need
administrative rights
Desktop Auditing
Windows Vista Windows 7
Simplified configuration results in lower TCO
Demonstrate why a person has access to specific information
Understand why a person has been denied access to specific
information
Track all changes made by specific people or groups
Enhanced Auditing
Granular auditing complex to configure
Auditing access and privilege use for a group of users
Challenges
New XML based events
Fine grained support for audit of administrative privilege
Simplified filtering of “noise” to find the event you’re looking for
Tasks tied to events
UAC & Auditing
Network Security DirectAccess
Ensure that only “healthy” machines
can access corporate data
Enable “unhealthy” machines to get
clean before they gain access
Network Access Protection
Security protected, seamless, always on
connection to corporate network
Improved management of remote users
Consistent security for all access
scenarios
Securing Anywhere Access
Policy based network segmentation for more secure and isolated logical
networks
Multi-Home Firewall Profiles
DNSSec Support
Network Access ProtectionWindows 7
Health policy validation and remediation
Helps keep mobile, desktop and server devices in compliance
Reduces risk from unauthorized systems on the network
Remediation
ServersExample: PatchRestricted
Network
WindowsClient
Policy complia
ntNPS
DHCP, VPNSwitch/Router
Policy Serverssuch as: Patch, AV
Corporate Network
Not policy
compliant
AppLockerTM Data Recovery
Protect users against social
engineering and privacy exploits
Protect users against browser based exploits
Protect users against web server
exploits
Internet Explorer 8
File back up and restore
CompletePC™ image-based backup
System RestoreVolume Shadow
CopiesVolume Revert
Protect Users & Infrastructure
Enables application standardization
without increasing TCO
Increase security to safeguard against data and privacy
loss
Support compliance enforcement
Help Desk Made Easier
Problem Steps Recorder
Windows Troubleshooting Platform
Application Control
Situation Today Windows 7 Solution
Eliminate unwanted/unknown applications in your network
Enforce application standardization within your organization
Easily create and manage flexible rules using Group Policy
AppLocker
Users can install and run non-standard applications
Even standard users can install some types of software
Unauthorized applications may:Introduce malware
Increase helpdesk callsReduce user productivity
Undermine compliance efforts
AppLocker Demo
AppLocker
Technical Details
Simple Rule Structure: Allow, Exception & Deny
Publisher RulesProduct Publisher, Name, Filename & Version
Multiple PoliciesExecutables, installers, scripts & DLLs
Rule creation tools & wizard
Audit only mode
SKU AvailabilityAppLocker – Enterprise / Ultimate
BitLocker / BitLocker To Go
Situation Today Windows 7 Solution
Extend BitLocker drive encryption to removable devices
Create group policies to mandate the use of encryption and block
unencrypted drives
Simplify BitLocker setup and configuration of primary hard drive
BitLocker To Go
+
• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth
• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III
2007 2008 2009 2010 20110
200400600800
10001200 Removable
Solid-State Storage Shipments
PCShipments
Worldwide Shipments (000s)
BitLocker /BitLocker To Go
Technical Details
BitLocker EnhancementsAutomatic 200 Mb hidden boot partitionNew Key Protectors
Domain Recovery Agent (DRA)Smart card – data volumes only
BitLocker To GoSupport for FAT*Protectors: DRA, passphrase, smart card and/or auto-unlockManagement: protector configuration, encryption enforcementRead-only access on Vista & XPSKU Availability
Encrypting – Enterprise, UltimateUnlocking – All
Microsoft Learningwww.microsoft.com/learningSpringboard Serieswww.microsoft.com/springboard
See how Windows7 works with your hardware and
software now.
Download the Limited Availability Window7 Evaluation 90-day Trial from:
http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx?ITPID=sprblog
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED
OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.