The document provides an overview of Windows 7 and resources for IT professionals. It discusses key features like DirectAccess for secure remote access, VPN Reconnect for seamless connectivity, BranchCache to optimize WAN usage, and AppLocker for application control. It also summarizes security features such as BitLocker, Network Access Protection, Desktop Auditing, and Internet Explorer 8 improvements. Resources like the Springboard series are highlighted to help IT professionals deploy and manage Windows 7.
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Canada Windows 7 Tour
1. Welcome to Windows 7 Stephen L Rose Worldwide Community Manager – Windows Client http://microsoft.com/springboard Blog- http://windowsteamblog.com Twitter- @stephenlrose / @MSspringboard
2. Agenda Springboard – Your Win 7 Resource Center XP/Vista/Windows 7 Versions and availability Understanding VL Key features and improvements XP to 7 Migration
6. The program to mobilize MS marketing & field to focus on desktop OS IT prosThe Springboard Series IT pro experience offers dynamic content and structured guidance across the adoption lifecycle Weekly, Monthly and Quarterly Rhythm of Topical Content one-Windows TechCenter in 10 languages Straight-talk Monthly Feature Articles & Overview Guides IT Pro adoption days Event Kits (Win 7 updates) and messaging Weekly Targeted IT Pro Drive-time Podcasts Virtual Roundtable Events
7. Springboard Series on TechNet: The Key Resource for IT Pros microsoft.com/springboard (in 10 languages)
9. Want Windows 7 now? Fill out a survey We will draw for a copy of TechNet+ for every 50 surveys we receive Vancouver - http://tinyurl.com/STEP100 Winnipeg - http://tinyurl.com/STEP101 Calgary - http://tinyurl.com/STEP102 What is TechNet+?
12. Windows 7 Versions- Available 10/22 unless otherwise noted. Windows 7 Starter NoAero No 64 Bit Windows Home Basic Emerging Markets only Windows Home Premium Includes Aero, Media Center and Touch Windows 7 Professional Does not support Direct Access, BitLocker, BitLocker To Go, BranchCache. Windows 7 Enterprise (available now) Supports all features. Only available via Volume License to Software Assurance customers. Windows 7 Ultimate Supports all features.
13.
14.
15. Understanding VL and SA What is Volume Licensing? Volume Licensing is the most affordable way to upgrade your existing PCs to Windows 7. If your PCs are not already covered by Software Assurance, you can purchase upgrade licenses through a Volume Licensing program to gain access to Windows 7 Enterprise. Windows licenses available through Volume Licensing are upgrade-only licenses. They do not replace purchasing the initial Windows licenses for software that comes pre-installed on new PCs. Each desktop that runs the Windows 7 upgrade must first be licensed to run one of the qualifying operating systems (Windows Vista (Enterprise/Business/Ultimate) or Windows XP (Professional)—otherwise the PC will not have a valid, legal Windows license. What is Software Assurance? When you acquire Windows 7 Professional licenses, either through Volume Licensing upgrades or through an OEM, you can cover those licenses with Software Assurance to get rights to Windows 7 Enterprise, that offers unique benefits such as, BitLocker Drive Encryption and Multilingual User Interface Language Packs, as well as access to the Microsoft Desktop Optimization Pack. Yo
16. What Else Do I Get With SA? Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that provides innovative technologies to help better control the desktop PC, accelerate and simplify desktop PC deployments and management, and create a dynamic infrastructure by turning software into centrally-managed services. Windows Virtual Enterprise Centralized Desktop (VECD) for Software Assurance - Windows VECD is an annual device-based subscription that enables organizations to license virtual copies of Windows 7 (or prior OS versions) in a variety of user scenarios. Windows Fundamentals for Legacy PCs - Available exclusively to Microsoft Software Assurance customers, this small-footprint, Windows-based operating system solution is for customers with legacy computers running early operating systems who are not in a position to purchase new hardware. Virtual OS Rights - Use up to four instances of Windows in virtual OS environments for each license that has active Software Assurance coverage. New Version Rights - Receive new versions of licensed software released during the term of your coverage. If you have Software Assurance coverage for your PCs when Windows 7 is released, you will automatically receive rights to use Windows 7 Enterprise on those PCs.
18. What’s The Killer Feature In Windows 7? “I Don’t Care How It Works. I Just Want It To Work.” Mobility Direct Access / VPN Reconnect/Mobile Broadband / BranchCache Security and Control BitLocker/BitLocker To Go / Improved UAC Desktop Auditing / NAP / AppLocker / IE8 GUI New Aero Features / Search / Wireless support / Device Stage / Location Aware Printing / Home Groups / Libraries General Speed / Efficiency / Capabilities / Flexibility / Reliability
19. Moving From XP to Windows 7 XP to 7 Migration Center Windows XP to Windows 7 Hard-Link Migration of User Files and Settings Migrating from Windows XP to Windows 7 Demo Windows Deployment Services: What's New
35. DirectAccess & IPv6 Internet DirectAccessServer DirectAccessClient Tunnel over IPv4 UDP, HTTPS, etc. Encrypted IPsec+ESP Native IPv6 6to4 Teredo IP-HTTPS
36. DirectAccess & IPsec EnterpriseNetwork Line of Business Applications DirectAccess Server No IPsec IPsec Integrity Only (Auth) IPsec Integrity + Encryption
37. DirectAccess Deployment Get ready step by step Determine your strategy Be ready to monitor IPv6 traffic Choose an Access Model: Full Intranet Access vs. Selected Server Access? Assess deployment scale Get your infrastructure ready Windows 7 clients Windows Server 2008 R2 DirectAccess Server DC, DNS Server, Active Directory, PKI, Application Servers, etc. During deployment Use DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNS Customize policies as needed
38. IT Pro Benefits Improved manageability of remote users IT simplification and cost reduction Consistent security for all access scenarios Seamless & secure access to corporate resources Consistent connectivity experience in / out office Combined with other Windows 7 features enhances the end to end IW experience DirectAccess Benefits End User Benefits
60. BranchCache Framework 3rd Party Applications IE WMP Explorer BITS SharePoint CopyFile Office Office HTTP (WebIO/http.sys) SMB(CSC/SRV) BranchCache
61. Use Group Policy to enable Windows BranchCache on Windows 7 clients Branch Office Branch Office Install the optional “Windows BranchCache” component on a Windows 2008 R2 web or file server Hosted Cache Branch Office IIS Optionally, install a Hosted Cache in your branch. Configure clients to use it with Group Policy File Server Group Policy Management Main Office BranchCache Deployment
68. Combined with other SMB offerings enhance the userexperience on remote sharesEnd User Benefits
69. Branch Office File Copy Windows 7 Solution Situation Today Windows Server 2008 Windows Server 2008 R2 Subsequent access from the same client is satisfied from the transparent cache (local machine access) Slow WAN Link Slow WAN Link Client 1 Client 1 Client 2 Client 2 Windows 7 Clients Vista SP1 Clients
71. Windows 7 Enterprise Security Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable. Fundamentally Secure Platform Helping Protect Users & Infrastructure Helping Secure Anywhere Access Helping Protect Data Windows Vista Foundation Streamlined User Account Control Enhanced Auditing Network Security Network Access Protection DirectAccessTM AppLockerTM Internet Explorer 8 Data Recovery RMS EFS BitLocker & BitLocker To GoTM
72. Fundamentally Secure Platform Windows Vista Foundation Enhanced Auditing Streamlined User Account Control Make the system work well for standard users Administrators use full privilege only for administrative tasks File and registry virtualization helps applications that are not UAC compliant Group Policy Configurable XML based Granular audit categories Detailed collection of audit results Simplified compliance management Security Development Lifecycle process Kernel Patch Protection Windows Service Hardening DEP & ASLR IE 8 inclusive Mandatory Integrity Controls
73. User Account Control Windows Vista System Works for Standard User All users, including administrators, run as Standard User by default Administrators use full privilege only for administrative tasks or applications Influence the ecosystem to write software that does not need administrative rights Streamlined UAC Reduce the number of OS applications and tasks that require elevation Refactor applications into elevated/non-elevated pieces Flexible prompt behavior for administrators Continued ecosystem influence for standard user applications Challenges Customer Value User provides explicit consent before using elevated privilege Disabling UAC removes protections, not just consent prompt Users can do even more as a standard user Administrators will see fewer UAC Elevation Prompts Windows 7
74. Desktop Auditing Windows Vista Enhanced Auditing New XML based events Fine grained support for audit of administrative privilege Simplified filtering of “noise” to find the event you’re looking for Tasks tied to events Simplified configuration results in lower TCO Demonstrate why a person has access to specific information Understand why a person has been denied access to specific information Track all changes made by specific people or groups Challenges Granular auditing complex to configure Auditing access and privilege use for a group of users Windows 7
76. Securing Anywhere Access Network Security DirectAccess Network Access Protection Ensure that only “healthy” machines can access corporate data Enable “unhealthy” machines to get clean before they gain access Security protected, seamless, always on connection to corporate network Improved management of remote users Consistent security for all access scenarios Policy based network segmentation for more secure and isolated logical networks Multi-Home Firewall Profiles DNSSec Support
77. Network Access Protection Remediation Servers Example: Patch Restricted Network Corporate Network Policy Servers such as: Patch, AV Health policy validation and remediation Helps keep mobile, desktop and server devices in compliance Reduces risk from unauthorized systems on the network Not policy compliant Policy compliant DHCP, VPN Switch/Router Windows Client NPS Windows 7
78. Protect Users & Infrastructure AppLockerTM Data Recovery Internet Explorer 8 Protect users against social engineering and privacy exploits Protect users against browser based exploits Protect users against web server exploits File back up and restore CompletePC™ image-based backup System Restore Volume Shadow Copies Volume Revert Enables application standardization without increasing TCO Increase security to safeguard against data and privacy loss Support compliance enforcement
79. Application Control Situation Today AppLocker Eliminate unwanted/unknown applications in your network Enforce application standardization within your organization Easily create and manage flexible rules using Group Policy Users can install and run non-standard applications Even standard users can install some types of software Unauthorized applications may: Introduce malware Increase helpdesk calls Reduce user productivity Undermine compliance efforts Windows 7 Solution
82. Building on IE7 and addressing the evolving threat landscape Social Engineering & Exploits Reduce unwanted communications Freedom from intrusion International Domain Names Pop-up Blocker Increased usability Browser & Web Server Exploits Protection from deceptive websites, malicious code, online fraud, identity theft Protection from harm Secure Development Lifecycle Extended Validation (EV) SSL certs SmartScreen® Filter Domain Highlighting XSS Filter/ DEP/NX ActiveX Controls Choice and control Clear notice of information use Provide only what is needed Control of information User-friendly, discoverable notices P3P-enabled cookie controls Delete Browsing History InPrivate™ Browsing & Filtering Internet Explorer 8 Security
83. Protect Data from Unauthorized Viewing RMS BitLocker EFS User-based file and folder encryption Ability to store EFS keys on a smart card Policy definitionand enforcement Protects information wherever it travels Integrated RMS Client Policy-based protection of document libraries in SharePoint Easier to configure and deploy Roam protected data between work and home Share protected data with co-workers, clients, partners, etc. Improve compliance and data security
84.
85. Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III Windows 7 Solution
86. BitLocker Technical Details BitLocker Enhancements Automatic 200 Mb hidden boot partition New Key Protectors Domain Recovery Agent (DRA) Smart card – data volumes only BitLocker To Go Support for FAT* Protectors: DRA, passphrase, smart card and/or auto-unlock Management: protector configuration, encryption enforcement Read-only access on Vista & XP SKU Availability Encrypting – Enterprise Unlocking – All
88. Windows 7 Enterprise Security Building upon the security foundations of Windows Vista, Windows 7 provides IT Professionals security features that are simple to use, manageable, and valuable. Fundamentally Secure Platform Protect Users & Infrastructure Securing Anywhere Access Protect Data from Unauthorized Viewing Windows Vista Foundation Streamlined User Account Control Enhanced Auditing Network Security Network Access Protection DirectAccess AppLocker Internet Explorer 8 Data Recovery RMS EFS BitLocker
91. Deployment Investments For Windows Vista Carry Forward Application and device compatibility core tenets are unchanged between Windows Vista and Windows 7 System image management tools and processes are consistent for both operating systems Deployment tools developed for Windows Vista will carry forward to Windows 7 with incremental updates Post-deployment desktop management leverages the same tools and processes for both operating systems
92. Application Compatibility Resources > INVENTORY > > REMEDIATE > EVALUATE > Application Compatibility Toolkit Application Virtualization Application Quality Cookbook Virtual Legacy Windows OS Application Compatibility Toolkit Windows Compatibility Center Application Quality Cookbook Application Verifier Application Compatibility Toolkit Application Inventory Service Microsoft Assessment and Planning System Center Family
93. Windows 7 Deployment IMAGING MIGRATION DELIVERY Deployment Image Servicing and Management Add/Remove Drivers and Packages WIM and VHD Image Management User State Migration Tool Hard-link Migration Offline File Gather Improved user file detection Windows Deployment Services Multiple Stream Transfer Dynamic Driver Provisioning VHD and WIM Support INTEGRATED SOLUTIONS CONTINUE Microsoft Assessment and Planning Application Compatibility Toolkit Microsoft Deployment Toolkit
94. Deployment Image Servicing And Management Enable and disable, enumerate, add, remove packages and updates Add, remove, enumerate drivers WIM and VHD support OEMs can select OS editions offline
95. Windows Deployment Services Multicast Enhancements Multiple Stream Transfer Multiple bands to broadcast images to clients Optimized rates per client connection Client Auto Removal Slower clients can be dropped to unicast or entirely (only in standard multicast) Boot Image Multicast Windows PE boot images can use multicast (clients with EFI) Fast Medium Slow
96. Multicast WDS Server Multicast Transmission First client joins “transmission” Clients
97. Multicast WDS Server Multicast Transmission Waiting for other clients to join… Clients
98. Multicast WDS Server Multicast Transmission Transmission begins… Clients with multiple transfer speeds Medium Fastest
99. Multicast WDS Server Multicast Transmission Additional clients join stream Clients with multiple transfer speeds Medium Slowest Medium Fastest
100. Multicast WDS Server Multicast Transmission More clients to join Clients with multiple transfer speeds Fastest Medium Fastest Medium Medium Slowest Medium
101. Multicast WDS Server Multicast First clients complete. Second broad-cast begins. One client removed. Clients with multiple transfer speeds Medium Medium Medium Medium Slowest
102. Multicast WDS Server Multicast Last clients complete… Clients with multiple transfer speeds Medium Medium Slowest
103. Multicast WDS Server Multicast All clients complete. Transmission ends. Clients
104. WDS Server ImagesDrivers Client Windows Deployment Services Dynamic Driver Provisioning Driver targeting to match drivers to hardware Reduces image size and centralizes deployment driver management
105. User State Migration Tool Hard-link Migration Enables local file migration without copying or moving files Processes migration jobs in third of the time or less Offline User State Capture Capture during Windows PE phase to improve speed Volume Shadow Copy Capture files even while they are in use Improved File Discovery Reduces XML customization need
106. Volume Activation in Windows 7 Based on Volume Activation 2.0 for Windows Vista and Windows Server 2008 Activation is required for all editions of Windows 7 client Employs the same key hierarchy (KMS, MAK) Online validation experience unchanged
108. Microsoft Assessment and Planning Application Compatibility Toolkit Microsoft Deployment Toolkit Inventory, Compatibility And Deployment Tools
109. Conclusion IMAGING MIGRATION DELIVERY Deployment Image Servicing and Management Add/Remove Drivers and Packages WIM and VHD Image Management User State Migration Tool Hardlink Migration Offline File Gather Improved user file detection Windows Deployment Services Multiple Stream Transfer Dynamic Driver Provisioning VHD and WIM Support INTEGRATED SOLUTIONS CONTINUE Microsoft Assessment and Planning Application Compatibility Toolkit Microsoft Deployment Toolkit
110. Want Windows 7 now? Fill out a survey We will draw for a copy of TechNet+ for every 50 surveys we receive Vancouver - http://tinyurl.com/STEP100 Winnipeg - http://tinyurl.com/STEP101 Calgary - http://tinyurl.com/STEP102 What is TechNet+?
The Springboard Series program was developed in response to primary research conducted with IT Pros worldwide (direct interviews, focus groups) and key MS field roles (TSPs, ATSs, ITEs, PAMs, TAMs, Architects). The findings fell into two areas—the need to make learning about how a new OS environment directly impacts the IT Pro more consumable (and the messages more relevant), and how the mis-handling of Vista to this audience has cost us in poor NSAT and perceptionsTo remedy this situation, the Win Client IT pro audience developed a program to provide the right information, at the right technical level, at the right point in the adoption lifecycle, and to do so in a frank, open and honest tone. This program has two major components—a breadth effort that touches IT pros directly (through Technet and related properties), and a depth component that supports field and partner engagements
UAC was introduced in Windows Vista to help provide customers more control of their system by enabling IT administrators to lock down the system for certain users by running them within standard, non privileged user accounts and to influence the ecosystem to write software that does not need administrative rights. Transitioning the ecosystem to create software that does not require administrative changes to the machine is a very good thing for overall reliability of the machine as well as for the overall security of the machine since it limits the potential damage. UAC has delivered successfully on this in the Windows Vista timeframe and customers continue to value the ability to create a standard user and be confident an administrator can make the decisions on what software is added to the system and what changes should be allowed. However, we have received substantial feedback about the number of notifications for change. In Windows 7, we have invested in addressing the key customer feedback around UAC, while still maintaining the ability for IT administrators to be confident about a standard user environmentand still maintaining the influence on the ecosystem to create software that does not require administrative rights.We have enabled the Windows operations that users do often to be done in a standard user environment with the goal of providing prompt free daily activities. For example, a standard user can now adjust the readability of the screen (dpi) without having to change it for the entire system. Additionally, we have reduced key duplicate notifications for common activities such as installing applications from IE. We have also made it easier for IT to look at key setting on the system without needing administrative privileges by refactoring many of our control panel applications into read only and write sections.In line with our overall Windows 7focus on user-in-control, we have enabled a person running as a protected administrator to determine the range of notifications s/he receives. Based on customer feedback and actual instrumented data from our customers’ response to UAC prompts, we default the initial setting for UAC such that administrators are notified when software other than Windows is requesting to change the overall system and such that standard users will receive a request for administrator authorization for any change to the overall system. We believe this default setting has the right balance of establishing an ecosystem where a broad range of ISV software can be run in a standard user environment while providing administrators with control over the experience of configuring Windows.