learn it! technology kickoff 2009 a first look at windows 7 learn it! technology kickoff 2009...

Learn iT! Technology Kickoff 2009

A First Look at Windows 7


Jennelle [email protected]


System Requirements• The Basics

– 1 gigahertz (GHz) or faster 32-bit (x86) or 64-bit (x64) processor – 1 gigabyte (GB) RAM (32-bit) or 2 GB RAM (64-bit) – 16 GB available hard disk space (32-bit) or 20 GB (64-bit) – DirectX 9 graphics device with WDDM 1.0 or higher driver – The average netbook meets these requirements.

• Extras– BitLocker requires Trusted Platform Module (TPM) 1.2 – BitLocker To Go requires a USB flash drive – Windows XP Mode requires an additional 1 GB of RAM, an additional

15 GB of available hard disk space, and a processor capable of hardware virtualization with Intel VT or AMD-V turned on


Windows 7 Versions• Starter

– No Aero, No 64-bit

• Home Basic– Emerging markets

only

• Home Premium– Areo, Media Center

and Touch

• Professional– No DirectAccess,

BranchCache or Bitlocker

• Enterprise– Supports all features,

volume licensing only

• Ultimate– Supports all features


Productivity and Reliability• New Aero Features• Libraries• Instant Search• XP Mode• Performance and System Improvements

– Action Center– Backup and Restore– Problem Step Recorder– Reliability Monitor


Aero Features - The Mouse Got Better• Peek

– move your mouse over the little transparent rectangle in the lower right corner of your screen—and watch open windows instantly turn transparent, revealing all your hidden icons and gadgets.

• Shake– Click a window, hold down, and give your

mouse a shake. Every open window except that one instantly disappears. Jiggle again—and your windows are back.

• Snap– Size and arrange windows by simply

dragging their borders to the edges of your screen. Expand to full screen and back, or arrange two windows side by side.


Libraries – A Place for Everything• Consolidates files

stored in multiple areas

• Starts with pre-created ones for documents, music, pictures and videos.

• Quick and easy way to collect all your files in one area for viewing and backup


Instant Search – Faster, More Accessible• Searches for file names,

properties or text within files, and searches external hard drives, networked computers and libraries

• Can search directly from the start menu

• Results are grouped by category


XP Mode – More Compatibility• Install applications on virtual

Windows XP and run them on Windows 7 (transparent to the user)

• Windows XP Mode requires Virtual PC and comes as a separate download and works only with Windows 7 Professional and Ultimate.

• CPU must support virtualization• XP Mode machine can be joined to

a domain for better control, but MED-V allows for more control for larger enterprises.


Performance Improvements• Sleep

– Windows 7 is designed to sleep, resume, and reconnect to your wireless network more quickly.

• Search– Search results pop up faster. Sorting and grouping of search results is also

significantly quicker.• USB devices

– When you plug in a portable flash drive or other USB device for the first time, Windows 7 can have it ready for you in seconds. If you've used it before, the wait's even shorter.

• Leaner and less busy – Windows 7 is designed to run speed-sapping background services (like

Bluetooth) only when you need them. – Less memory hungry than Windows Vista, which can boost boost overall

performance.


Backup and System Restore• Backup and Restore your Data

– Let Windows choose what to back up, or pick individual folders, libraries, or drives.

– You can back up files to another drive, your network, or a DVD. Backup and Restore for your personal PC and attached DVD or external hard drives comes with all editions of Windows.

– If you want to backup to a network location, network attached storage, or another computer on your network, you'll need Windows 7 Professional or Ultimate.

• System Restore for OS Files and Settings– You can create more system restore

points and see exactly what files will be removed or added when your PC is restored.


Problem Step Recorder• Solving problems unique to a machine can be an arduous task

for both the end-user and the help desk • The Problem Steps Recorder is a screen-capture tool that

allows the end-user to record the problems they’re having step-by-step

• The program is accessible from the Control Panel under “Record steps to reproduce a problem” or run psr.exe from Explorer


Action Center• Action Center gives you

one place to go to address system notifications and tasks.

• If Windows wants your attention, the Action Center icon appears in the taskbar. Click it and you'll see alerts and suggested fixes for any problems.


Reliability Monitor• Measures the hardware and software

problems and other failures in the system

• Tracks 5 kinds of issues: Software uninstalls, application failures, hardware failures, Windows failures, and other miscellaneous failures

• Calculates the stability index of your system and specifies results in the range from 1-10

• Trending - an application failure will make , for the score will go down. The score will slowly rise after successive days with no issues.


Fundamentally Secure Platform

Protect Users & Infrastructure

Windows Vista FoundationUser Account ControlEnhanced Auditing

Securing Anywhere

Access

Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable.

Protect Data from Unauthorized

Viewing

Network SecurityNetwork Access ProtectionDirectAccessTM

AppLockerTM

Internet Explorer 8Data Recovery

RMSEFSBitLockerTM


User Account Control• Introduced in Windows Vista and improved in

Windows 7- helps to avoid the need or desire to run everything as an Administrator.

• Separated standard user privileges and tasks from those that require Administrator access

• Increases security by enabling Administrators to make Standard User the default user account for everyday use


Windows 7 Reduces “Prompt Fatigue”• Users express frustration with UAC prompts with Vista

– How many is too many?– Because there were none in XP, some would say that “any” is “too many”

• User habits: user needs to get used to some operations requiring privilege. – For any given UAC prompt, ask yourself “Would it be ok if malware silently did

this to me?”– Windows 7 reduces the number of OS applications and tasks that require

elevation– Windows 7 also reduces the number of prompts and provides 4 levels to

adjust prompting behavior• Applications: need to stop using privilege unless truly necessary

– File and registry virtualization helps applications that are not UAC compliant


User Account Control

Streamlined UACStreamlined UAC

User provides explicit consent before using elevated privilegeDisabling UAC removes protections, not just consent prompt

ChallengesChallenges

Users can do even more as astandard userAdministrators will see fewer UAC Elevation Prompts

Customer ValueCustomer Value

Reduce the number of OSapplications and tasks thatrequire elevationRefactor applications into elevated/non-elevated piecesFlexible prompt behavior for administrators

System works for Standard UserAll users, including administrators, run as Standard User by defaultAdministrators use full privilege only for administrative tasks or applications


Security Enhancement - AppLocker

Eliminate unwanted/unknown applications in your networkEnforce application standardization within your organizationEasily create and manage flexible rules using Group Policy

AppLockerTM

Users can install and run non-standard applicationsEven standard users can install some types of softwareUnauthorized applications may:

Introduce malwareIncrease helpdesk callsReduce user productivityUndermine compliance efforts


AppLocker Features• Easy way to allow the programs you want and block the rest.• Has more options than Software Restriction Policies which

blocked software based on hashes or executable names.• Rule creation tools & wizard which can automatically create

rules based on software already installed.– Simple Rule Structure: Allow, Exception & Deny– Publisher Rules: Product Publisher, Name, Filename & Version– Multiple Policies - Executables, installers, scripts & DLLs

• Audit only mode


Using Simple Rules• Allow

– Limit execution to “known good” and block everything else

• Deny– Deny “known bad” and allow

execution of everything else

• Exception– Exclude files from allow/deny

rule that would normally be included

““Allow all versions greater than 12 of the Office Suite to run if it is Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft EXCEPT Microsoft Access.”signed by the software publisher Microsoft EXCEPT Microsoft Access.”


Using Publisher Rules• Rules based upon

application digital signatures

• Can specify application attributes

• Allow for rules that survive application updates

““Allow all versions greater than 12 of the Office Suite to run if it is Allow all versions greater than 12 of the Office Suite to run if it is signed by the software publisher Microsoft.”signed by the software publisher Microsoft.”


Multiple Rule Types• Rule Types

– Executable– Installer– Script– DLL

• Allows construction of rules beyond executable only solutions

• Provides greater flexibility and enhanced protection

““Allow users to install updates for Office as long as it is Allow users to install updates for Office as long as it is signed by Microsoft and is for version 12.*”signed by Microsoft and is for version 12.*”


Rules Targeted by Users• Rules can be associated

with any user or group• Provides granular control

of specific applications• Supports compliance by

enforcing who can run specific applications

““Allow users in the Finance Department to run…”Allow users in the Finance Department to run…”


BitLocker and BitLocker-to-Go• Available in Ultimate and

Enterprise versions• Encrypts the entire disk drive,

even non-boot partitions• Doesn’t require the creation of a

special partition like Vista, Windows 7 does that automatically at setup

• BitLocker-to-Go encrypts removable storage devices like USB flash drives and external hard drives.

• Create group policies to mandate the use of encryption and block unencrypted drives


Evolving Needs for Remote WorkersMobile & Remote Work-Force Mobile & Remote Work-Force needs:needs:

• Work anywhere• Fast access• Same experience inside and outside the

officeIT Professional needs:IT Professional needs:• Secure and flexible infrastructure for

“work anywhere”• Reduce costs• Easy to service mobile PCs and distribute

updates and polices


Remote Access for Mobile WorkersSituation TodaySituation Today

• Corporate network boundary includes managed assets no matter where they are on the Internet

• Easy to service mobile PCs and distribute updates and polices

• New network paradigm increases mobile user productivity by providing same experience inside & outsidethe office

• Challenging for IT to manage, update, patch mobile PCs while disconnected from company network

• Difficult for users to access corporate resources from outside the office

HomeOffice Home Office

DirectAccessWindows 7 SolutionWindows 7 Solution


Even Better with Server 2008 R2 -DirectAccess • The DirectAccess Setup wizard uses these Group Policy

settings to configure DirectAccess clients with the DirectAccess server.

• DirectAccess leverages end-to-end global IPv6 addressing and connectivity to transparently connect remote computers to an intranet as if they were connected with an Ethernet cable.

• DirectAccess clients running Windows 7 automatically create a protected and tunneled IPv6 connection to a DirectAccess server running Windows Server 2008 R2 whenever a client determines it is on the Internet.


Direct Access Components

• Runs on Windows 7• Domain-joined• Initial configuration

done on Corpnet or over VPN

• Runs on Windows Server 2008 R2

• Sits on network edge• Single box by default• Services can be split

up for scalability• IPv6 infrastructure is

required

ServerServer ClientClient


Questions?


About Jennelle Crothers• Jennelle Crothers is a Sr. Network Administrator for The Conservation &

Liquidation Office. Jennelle migrates, maintains and supports multiple Microsoft AD configurations due to the function of the Conservation & Liquidation Office which is to serve in receivership insolvent insurance companies in the State of California.

• She is actively involved in Pacific IT Professionals (formerly SFNTUG).• Jennelle is a Microsoft Certified Systems Engineer (MCSE): Messaging, a

MCITP: Enterprise Administrator and an MCTS for Virtualization, Windows 7 and Exchange 2007. She graduated from Trenton State College in 1996 with a BS in Education.

• When she is not playing on server equipment she enjoys raising dogs for Guide Dogs for the Blind. She is married to her wonderful husband Dennis and they live together in San Francisco, CA.


Thank you for attending our Technology KickoffWhat’s Next?

Look for us to be in touch next week with links to the following:

• Resources discussed in the presentation• Access to the PowerPoint presentationsComing soon:• Information about webinar presentations for all

the subjects we presented this evening.


learn it! technology kickoff 2009 a first look at windows 7 learn it! technology kickoff 2009...

Documents