Upload
acend-corporate-learning
View
860
Download
2
Tags:
Embed Size (px)
DESCRIPTION
Microsoft Windows 7 Seminar hosted by Acend Corporate Learning in Toronto on March 3, 2011
Citation preview
Unlock Hidden Potential:
What’s New in Windows® 7
Clinic Outline
• Session 1: Security Features
• Session 2: Networking Functionality
• Session 3: Other New Features
Security Features
• User Account Control changes
• Windows BitLocker™ and Windows BitLocker To Go™
• Windows AppLocker™
User Account Control Changes
•What is User Account Control?
A bunch of functions that help make your computer remain secure.
•Note: Administrators should still have admin and user accounts.
User Account Control Changes
Remember this???
User Account Control Changes
• Many actions no longer require administrative privileges, so UAC doesn’t kick in:
- Changing time zone
- renewing IP address
- viewing firewall settings
- changing display dpi
User Account Control Changes (cont’d)
• More easily managed locally (with admin priv.)
• More options than before
User Account Control Changes (cont’d)
• More granular configuration available through Group Policy
BitLocker
• Available in Enterprise and Ultimate editions
• Same functionality as in Vista, but easier to implement
• Requires two partitions – 100MB hidden partition created at install
BitLocker (cont’d)
• Security provided through:• Trusted Platform Module (TPM)
• TPM + PIN
• TPM + PIN + USB Key
• TPM + USB Key
• USB Key
BitLocker (cont’d)
• With TPM, enabling is through Rt-Click
• Without TPM, Local Security Policy must be edited
• Windows 7 provides support for Data Recovery Agent(s)
BitLocker (cont’d)
• Recovery password created when BitLocker enabled
• Saved
• Printed
• Stored in Active Directory
• Computer goes into recovery mode if:
• The TPM is missing or changed
• There are changes to startup files
• Computer is booted from a CD or DVD
BitLocker To Go
• Available in Enterprise and Ultimate editions
• Allows you to encrypt removable drives
• USB/Firewire/SATA HDDs
• Solid state drives like USB thumb drives
• When you enable BTG, four things happen:
• You are prompted to create a password that will be used to unlock the drive
• You will choose to save or print your recovery password
• A “BitLocker to Go Reader” is copied to the drive (FAT drives only)
• The drive is encrypted
BitLocker To Go (cont’d)
• Using a BTG-encrypted drive in Windows 7
• Prompted for password
• Read/write access
• Using a BTG-encrypted drive in Vista or XP
• Autoplay displays a prompt to install the “BitLocker to Go Reader”
• You are prompted for the password
• You copy files to the local hard drive
• You cannot open files directly from the BTG-encrypted drive, and you only have read access
• To use BTG with Vista or XP, drive must be formatted with FAT file system
AppLocker
• New version of Software Restriction Policies
• Much simpler implementation• Rules define what *can* run – all others are blocked
• You can auto-create rules for all programs on a “reference machine”
• You can then manually create rules for new applications
AppLocker (cont’d)
• Three types of rules:• Executable rules (exe, com, etc)
• Windows Installer rules (msi, msp)
• Script rules (bat, cmd, vbs, etc)
• “Default Rules” allow:• Everyone access to programs in Program Files
• Everyone access to programs in Windows
• Administrators access to programs everywhere
AppLocker (cont’d)
• An “audit only” mode allows administrators to see what apps would be affected by an AppLocker rule before enforcing the rules
• Critical Points:• You must create the default rules first, because
one “allow” rule will deny all others
• The Application Identity service must be running on the client
• A user with administrative privileges can circumvent the rules
• Vista and XP clients ignore AppLocker
• Windows 7 clients ignore Software Restriction Policies if they are in the same GPO as an AppLocker rule
Networking Functionality
• Windows DirectAccess
• Windows BranchCache™
DirectAccess
• Technology that allows users to access the corporate network without a VPN connection
• Transparently connects whenever the user connects to the Internet
• Bi-Directional
o Users get access to the corporate network
o IT can manage the remote computer
NAP health policies
Patches
DirectAccess
DirectAccess (cont’d)
• Can be configured to be:
o Network wide
o Restricted to specific resources
• Communication is via IPv6 over IPSec (possibly tunneled through IPv4)
• Integrates with NAP to ensure computers are healthy before connecting
DirectAccess (cont’d)
• Hardware/Software requirements:• At least one DirectAccess server running 2008 R2
with two NICs
• At least one DC and DNS server running 2008 or 2008 R2
• A PKI
• Defined IPSec policies
• IPv6 transition technologies
• Windows 7 Enterprise or WS08R2 on the client
BranchCache
• Branches often connected via slow links – resource access can be slow
• BranchCache helps resolve issue by caching data in the branch office (encrypted)
• Can be implemented in two modes:• Distributed caching
• Hosted caching
BranchCache (cont’d)
BranchCache (cont’d)
• When accessing data for the first time the computer• Downloads the data from the corp site
• Copies the data (if necessary) to the hosted cache
BranchCache (cont’d)
• When a second user accesses the same data, the computer:
• Contacts server in corp site to confirm user is authorized and downloads an identifier and a hash of the data
• Checks the branch cache for the identifier and, if found, checks the hash against the cached copy
• If the identifier is not found or the hashes don’t match (file has changed), downloads the data from the main site
BranchCache (cont’d)
• Note: BranchCache only works for reads. Any writes are saved to the main site
• Requirements:• Content servers in main site must be 2008 R2 with
BranchCache enabled
• A 2008 R2 server in the branch site if using Hosted Cache, with BranchCache enabled
• Windows 7 Enterprise clients with BranchCache enabled
Other New Features
• Libraries
• Problem Steps Recorder
• Start/Search Button
• Interface Enhancements
Libraries
• Views that help users manage data in:• Shared folders
• Document repositories
• Web sites
• Adding web sites or document repositories to a Library requires a connector
• Libraries can be shared on the network
Problem Steps Recorder
• Helps administrators recreate the steps that led to a problem for the user
• Creates screen captures and descriptions of every action a user takes
• Saves the captures in a .zip file viewable in browser
• Great for documenting configurations
Start Search Button
• Super timesaver
• Lists files, folders, programs, email addresses, address book entries, calendar appointments, pictures, movies, .pdf documents, music files, browser bookmarks and MS Office documents
• Smart – not just a word search
• Results more complete and faster if indexing is enabled
Interface Enhancements
• Windows 7 provides dozens of obvious or subtle interface improvements that: Add functionality
Improve efficiency
Make working with Windows more pleasant
The End
• Questions?