Welcome to Windows 7

Stephen L RoseWorldwide Community Manager – Windows Clientstros@microsoft.com http://microsoft.com/springboard

Blog- http://windowsteamblog.com Twitter- @stephenlrose / @MSspringboard

AgendaWho Am I?Resources, Resources, ResourcesWindows 7 OverviewWindows 7 AnywhereSecurity and Control in Windows 7Windows 7 DeploymentWrap-up

What is the Springboard Series?

Over 50 video walkthroughs on

Windows 7 features, tools and tasks

Straight-talk Monthly Feature Articles & Overview Guides

Virtual Roundtable Events

Springboard Insider Monthly Newsletter and

Windows Team Blog

The Springboard Series IT pro experience offers IT Pros dynamic content and structured guidance across the adoption lifecycle

Springboard is localized in 10 languages

Dedicated zones for Application

Compatibility, Migration, Deployment and more

The Springboard Series is the resource for desktop IT pros www.microsoft.com/springboard

Follow us on Twitter @ MSSpringboard

www.TalkingAboutWindows.com – The people , the backstories, and the events behind Windows 7.

Join The Conversation!

Let’s Begin

Category Feature Windows XP SP3 Windows Vista® SP1

Windows 7

File Organization and Search

Desktop Search Separate Download Yes Improved

Libraries No No New

Search Federation No No New

Enterprise Search Scopes - Requires Windows 7 Enterprise No No New

Remote Access

DirectAccess – Requires Windows 7 Enterprise, Windows Server 2008 R2

No No New

VPN Reconnect No No New

BranchCache™ - Requires Windows 7 Enterprise, Windows Server 2008 R2

No No New

Mobile Broadband No No New

RemoteApp & Desktop Connections No No New

Security & Compliance

BitLocker™ Drive Encryption- Requires Windows Vista or Windows 7 Enterprise

No Yes Improved

BitLocker To Go™- Requires Windows 7 Enterprise No No New

AppLocker™- Requires Windows 7 Enterprise No No New

Multiple Active Firewall Profiles No No New

Granular Audit No Yes Improved

User Account Control No Yes Improved

Domain Name System Security Extensions No No New

Smart Card Support Yes Yes Improved

Biometric Support 3rd Party 3rd Party New

Management

Windows PowerShell™ 2.0 Download Download Included

Scripting of Group Policy Settings – Requires Remote Server Administration Tools for Windows 7

No No Yes

Group Policy Preferences Download Download Included

Windows Recovery Environment No Yes Improved

Windows Troubleshooting Platform No No New

Unified Tracing Yes Yes Improved

Problem Steps Recorder No No New

Remote Access to Reliability Data No No New

Deployment

Deployment Image Servicing & Management No Yes Improved

Dynamic Driver Provisioning No No New

Volume Activation No Yes Improved

Multicast Multiple Stream Transfer No No New

User State Migration Tool Yes Yes Improved

VHD Image Management & Deployment No No New

Rich Remoting Experience (Multimedia, Bi-directional Audio, Multi-Monitor)

No No New

VHD Boot No No New

Windows 7 Versions

Windows 7 Starter No AeroNo 64 Bit

Windows 7 Home BasicEmerging Markets only

Windows 7 Home PremiumIncludes Aero, Media Center and Touch

Windows 7 ProfessionalDoes not support Direct Access, BitLocker, BitLocker To Go, BranchCache. Does have XP Mode

Windows 7 EnterpriseSupports all features. Only available via Volume License to Software Assurance customers.

Windows 7 UltimateSupports all features.

Understanding VL and SAWhat is Volume Licensing?

Volume Licensing is the most affordable way to upgrade your existing PCs to Windows 7 Enterprise.Windows licenses available through Volume Licensing are upgrade-only licenses. They do not replace purchasing the initial Windows licenses for software that comes pre-installed on new PCs. Each desktop that runs the Windows 7 upgrade must first be licensed to run one of the qualifying operating systems (Windows Vista (Enterprise/Business/Ultimate) or Windows XP (Professional)—otherwise the PC will not have a valid, legal Windows license.

What is Software Assurance?When you acquire Windows 7 Professional licenses, either through Volume Licensing upgrades or through an OEM, you can cover those licenses with Software Assurance to get rights to Windows 7 Enterprise.SA also applies to Office and other Microsoft products.

What Else Do I Get With SA?Microsoft Desktop Optimization Pack (MDOP) - MDOP is an add-on subscription license that provides innovative technologies to help better control the desktop PC, accelerate and simplify desktop PC deployments and management, and create a dynamic infrastructure by turning software into centrally-managed services. Windows Virtual Enterprise Centralized Desktop (VECD) for Software Assurance - Windows VECD is an annual device-based subscription that enables organizations to license virtual copies of Windows 7 (or prior OS versions) in a variety of user scenarios.Windows Fundamentals for Legacy PCs - Available exclusively to Microsoft Software Assurance customers, this small-footprint, Windows-based operating system solution is for customers with legacy computers running early operating systems who are not in a position to purchase new hardware.Virtual OS Rights - Use up to four instances of Windows in virtual OS environments for each license that has active Software Assurance coverage.New Version Rights - Receive new versions of licensed software released during the term of your coverage. If you have Software Assurance coverage for your PCs when Windows 7 is released, you will automatically receive rights to use Windows 7 Enterprise on those PCs.

MDOP TechnologiesApp-V turns applications into centrally managed services that are never

installed, never conflict, and are streamed on demand to end users

AIS is a hosted service that collects software inventory data and translates it into actionable business intelligence

DART reduces downtime by accelerating desktop repair, recovery, and troubleshooting unbootable Windows-based desktops

AGPM enhances governance and control over Group Policy through robust change management and role-based administration

MED-V enables deployment and management of Microsoft Virtual PC to address key enterprise scenarios, primarily resolving application

compatibility with a new version of Windows

DEM enables proactive helpdesk problem management by analyzing and reporting on application and system crashes

What’s The Killer Feature In Windows 7?

What’s The Killer Feature In Windows 7?“I Don’t Care How It Works.

I Just Want It To Work.”Mobility

Direct Access / VPN Reconnect/Mobile Broadband / BranchCache

Security and ControlBitLocker/BitLocker To Go / Improved UACDesktop Auditing / NAP / AppLocker / IE8

GUINew Aero Features / Search / Wireless support / Device Stage / Location Aware Printing / Home Groups / Libraries

GeneralSpeed / Efficiency / Capabilities / Flexibility / Reliability

Windows 7 and Access Anywhere

Information Worker’s World Has Been Changing

BRANCH OFFICES

MOBILE & DISTRIBUTED WORKFORCE

CENTRAL OFFICE

REMOTE WORK

The Evolving Needs

Mobile & Remote Work-Force needs:• Work anywhere• Fast access

IT Professional needs:• Secure and flexible infrastructure for

“work anywhere”• Reduce costs

Situation Today

Remote Access for Mobile Workers

• Corporate network boundary includes managed assets no matter where they are

on the Internet• Easy to service mobile PCs and distribute

updates and polices• New network paradigm increases mobile

user productivity by providing same experience inside & outside

the office

• Challenging for IT to manage, update, patch mobile PCs while disconnected from

company network• Difficult for users to access corporate

resources from outside the office

HomeOffice Home Office

DirectAccess

Windows 7 Solution

DirectAccess Components

• Runs on Windows 7• Domain-joined

• Initial configuration done on Corpnet or over

VPN

• Runs on Windows Server 2008 R2

• Sits on network edge• Single box by default• Services can be split

up for scalability

Server Client

DirectAccess Server

Compliant Client

Compliant Client

IPsec/IPv6

Data Center and Business Critical Resources

Internet

Intranet User

Enterprise Network

Intranet User

IPsec/I

Pv6

IPsec

/IPv6

Assume the underlying network is always insecure

Redefine enterprise network edge to insulate the datacenter and business critical resources

Tunnel over IPv4 UDP, HTTPS, etc.

DirectAccess

Technical Details

NAP / NPS Servers

Security policies based on identity, not location

DirectAccess ServerDirectAccess

Client

Internet

Native IPv6

6to4

Teredo

IP-HTTPS

Tunnel over IPv4 UDP, HTTPS, etc.

Encrypted IPsec+ESP

DirectAccess & IPv6

Enterprise NetworkDirectAccess

ServerLine of Business

Applications

No IPsec

IPsec Integrity Only (Auth)

IPsec Integrity + Encryption

DirectAccess & IPsec

DirectAccess Deployment

Determine your strategyBe ready to monitor IPv6 trafficChoose an Access Model: Full Intranet Access vs. Selected Server Access?Assess deployment scale

Get your infrastructure readyWindows 7 clientsWindows Server 2008 R2 DirectAccess ServerDC, DNS Server, Active Directory, PKI, Application Servers, etc.

During deploymentUse DirectAccess configuration wizard to setup DirectAccess Server and generate policies for clients, application servers, and DC/DNSCustomize policies as needed

Get ready step by step

IT Pro Benefits

Improved manageability of remote users IT simplification and cost reductionConsistent security for all access scenarios

Seamless & secure access to corporate resourcesConsistent connectivity experience in / out officeCombined with other Windows 7 features

enhances the end to end IW experience

DirectAccess Benefits

End User Benefits

DirectAccess? Show Me!

Situation Today Windows 7 Solution

VPN Reconnect

• Better end user experience: seamless and consistent VPN connectivity• Reduced support costs

• VPN used frequently for remote access to corporate resources

• Mobile workers reconnect to VPN on every network outage

VPN Server

VPN Server

• The client maintains persistent VPN connection across network outages

• VPN Client can connect to any VPN Server of choice

Benefits

Benefits

Mobile Broadband

• IHVs can integrate devices using Windows 7 platform

• No need for users to install3rd party software

• End users have same connectivity experience across WiFi and WWAN

Internet connectivity via mobile broadband cards is expanding:

• Inconsistent user experience• Additional software required

Integrated solution that is consistent and easy to discover

• Plug & play experience for 3G cards (built-in or external)

Situation Today Windows 7 Solution

Branch Office Enhancements

Caches content downloaded from file and Web servers

Users in the branch can quickly open files stored in the cache

Frees up network bandwidth for other uses

BranchCache™

Application and data access over WAN is slow in branch officesSlow connections hurt user

productivity Improving network performance is

expensive and difficult to implement

Windows 7 SolutionSituation Today

BranchCache

• Authenticates current state of data and access rights of the user against the server

• Supports commonly used protocols: HTTP(S), SMB• Support network security protocols (SSL, IPsec)

• Requires Windows Server 2008 R2 in the data center and Hosted Cache

Technical Details

Get

GetID

Get

Data

BranchCache Distributed Cache

Get

IDData

Data

Get

GetID

Put

Data

BranchCache Hosted Cache

Get

DataID

Search

Get

Sear

ch

Request

Advertize

ID

ID

ID

Data

ID

Data

BranchCache

Enterprise

Distributed CacheData cached in cache pool

Hosted CacheData cached at the host server

• Cache stored centrally: existing Windows Server 2008 R2 in the branch• Cache availability is high

• Enables branch-wide caching• Increased reliability

• Recommended for branches without a branch server

• Easy to deploy: Enabled on clients through Group Policy

• Cache availability decreases with laptops that go offline

BranchCache BenefitsIT Pro Benefits

• Optimize network utilization:• HTTP and HTTPS-based intranet traffic

• SMB (and signed SMB) shares on the read path• Support network security protocols (SSL, IPsec)

• Reduce the cost of managing WAN

• Improve application responsiveness and reduce file transferwait time

• Combined with other SMB offerings enhance the userexperience on remote shares

End User Benefits

Enhance Security & Control in Windows 7

Fundamentally Secure Platform

Helping Protect Users &

Infrastructure

Windows Vista Foundation

Streamlined User Account Control

Enhanced Auditing

Helping Secure Anywhere

Access

Windows 7 Enterprise SecurityBuilding upon the security foundations of Windows Vista, Windows 7 provides IT

Professionals security features that are simple to use, manageable, and valuable.

HelpingProtect

Data

Network Security

Network Access Protection

DirectAccessTM

AppLockerTM

Internet Explorer 8

Data Recovery

RMS

EFS

BitLocker & BitLocker To GoTM

Windows Vista Foundation

Enhanced Auditing

Make the system work well for standard users

Administrators use full privilege only for

administrative tasks

File and registry virtualization helps

applications that are not UAC compliant

Group Policy Configurable

Streamlined User Account

Control

XML based

Granular audit categories

Detailed collection of audit results

Simplified compliance management

Fundamentally Secure Platform

Security Development Lifecycle process

Kernel Patch Protection

Windows Service Hardening

DEP & ASLR

IE 8 inclusive

Mandatory Integrity Controls

User Account Control

Windows Vista Windows 7

Streamlined UAC

User provides explicit consent before using elevated privilege

Disabling UAC removes protections, not just consent prompt

Challenges

Users can do even more as a standard user

Administrators will see fewer UAC Elevation Prompts

Customer Value

Reduce the number of OS applications and tasks that require

elevation

Refactor applications into elevated/non-elevated pieces

Flexible prompt behavior for administrators

Continued ecosystem influence for standard user applications

System Works for Standard User

All users, including administrators, run as Standard User by default

Administrators use full privilege only for administrative tasks or

applications

Influence the ecosystem to write software that does not need

administrative rights

Desktop Auditing

Windows Vista Windows 7

Simplified configuration results in lower TCO

Demonstrate why a person has access to specific information

Understand why a person has been denied access to specific

information

Track all changes made by specific people or groups

Enhanced Auditing

Granular auditing complex to configure

Auditing access and privilege use for a group of users

Challenges

New XML based events

Fine grained support for audit of administrative privilege

Simplified filtering of “noise” to find the event you’re looking for

Tasks tied to events

UAC & Auditing

Network Security DirectAccess

Ensure that only “healthy” machines

can access corporate data

Enable “unhealthy” machines to get

clean before they gain access

Network Access Protection

Security protected, seamless, always on

connection to corporate network

Improved management of remote users

Consistent security for all access

scenarios

Securing Anywhere Access

Policy based network segmentation for more secure and isolated logical

networks

Multi-Home Firewall Profiles

DNSSec Support

Network Access ProtectionWindows 7

Health policy validation and remediation

Helps keep mobile, desktop and server devices in compliance

Reduces risk from unauthorized systems on the network

Remediation

ServersExample: PatchRestricted

Network

WindowsClient

Policy complia

ntNPS

DHCP, VPNSwitch/Router

Policy Serverssuch as: Patch, AV

Corporate Network

Not policy

compliant

AppLockerTM Data Recovery

Protect users against social

engineering and privacy exploits

Protect users against browser based exploits

Protect users against web server

exploits

Internet Explorer 8

File back up and restore

CompletePC™ image-based backup

System RestoreVolume Shadow

CopiesVolume Revert

Protect Users & Infrastructure

Enables application standardization

without increasing TCO

Increase security to safeguard against data and privacy

loss

Support compliance enforcement

Help Desk Made Easier

Problem Steps Recorder

Windows Troubleshooting Platform

Application Control

Situation Today Windows 7 Solution

Eliminate unwanted/unknown applications in your network

Enforce application standardization within your organization

Easily create and manage flexible rules using Group Policy

AppLocker

Users can install and run non-standard applications

Even standard users can install some types of software

Unauthorized applications may:Introduce malware

Increase helpdesk callsReduce user productivity

Undermine compliance efforts

AppLocker Demo

AppLocker

Technical Details

Simple Rule Structure: Allow, Exception & Deny

Publisher RulesProduct Publisher, Name, Filename & Version

Multiple PoliciesExecutables, installers, scripts & DLLs

Rule creation tools & wizard

Audit only mode

SKU AvailabilityAppLocker – Enterprise / Ultimate

BitLocker / BitLocker To Go

Situation Today Windows 7 Solution

Extend BitLocker drive encryption to removable devices

Create group policies to mandate the use of encryption and block

unencrypted drives

Simplify BitLocker setup and configuration of primary hard drive

BitLocker To Go

+

• Gartner “Forecast: USB Flash Drives, Worldwide, 2001-2011” 24 September 2007, Joseph Unsworth  

• Gartner “Dataquest Insight: PC Forecast Analysis, Worldwide, 1H08” 18 April 2008, Mikako Kitagawa, George Shiffler III 

2007 2008 2009 2010 20110

200400600800

10001200 Removable

Solid-State Storage Shipments

PCShipments

Worldwide Shipments (000s)

BitLocker /BitLocker To Go

Technical Details

BitLocker EnhancementsAutomatic 200 Mb hidden boot partitionNew Key Protectors

Domain Recovery Agent (DRA)Smart card – data volumes only

BitLocker To GoSupport for FAT*Protectors: DRA, passphrase, smart card and/or auto-unlockManagement: protector configuration, encryption enforcementRead-only access on Vista & XPSKU Availability

Encrypting – Enterprise, UltimateUnlocking – All

Microsoft Learningwww.microsoft.com/learningSpringboard Serieswww.microsoft.com/springboard

See how Windows7 works with your hardware and

software now.

Download the Limited Availability Window7 Evaluation 90-day Trial from:

http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx?ITPID=sprblog

© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED

OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.