microsoft windows 7 enhanced security and control

Click to edit Master title style

TechNet goes virtual©2009 Microsoft Corporation. All Rights Reserved.

19th June 2009

TechNet goes virtual

Virtual ConferenceExperiencePresentation

CLI-309



TechNet goes virtual

Microsoft Windows 7 Enhanced Security and Control

Level 300



What Will We cover?

• Fundamentally Secure Platform• Helping Secure Anywhere Access• Protecting Data• Protecting Users and Infrastructure



Agenda

• Reviewing Windows 7 Security Goals• Protecting Desktop Users• Examining Data Protection• Exploring Secure Anywhere Access



Windows 7 Enterprise Security

Fundamentally Secure Platform

Secure Anywhere Access

Protect Data from Unauthorized Viewing

Protect Users and Infrastructure



Fundamentally Secure Platform

Windows Vista Foundation

Simplified User Account Control (UAC)

Enhanced Auditing



Agenda




User Account Control

Challenges• User provides explicit consent• Disabling UAC removes protections

Simplified UAC• Reduce number of applications that

require elevation• Re-factor applications into elevated and

non-elevated pieces• Flexible prompt behavior

Customer Value• Standard users can do more• Administrators will see fewer UAC

elevation prompts



AppLocker

Challenges• Users can install and run non-standard

applications• Even standard users can install some types

of software

AppLocker™• Eliminate unwanted/unknown

applications in your network• Enforce application standardization

within your organization• Easily create and manage flexible

rules using Group Policy



AppLocker



Demonstration Environment



• Add AppLocker Default Rules

• Create AppLocker Executable Rule Using Group Policy

• Create an AppLocker Windows Installer Rule

Demonstration: Configuring AppLocker



Internet Explorer 8 Security

• Social engineering and exploits• Reduce unwanted communications

Freedom from Intrusion

• Browser and Web server exploits• Protection from deceptive Web sites,

malicious code, online fraud, identity theft

Protection from Harm

• Choice and control• Clear notice of information use• Provide only what is needed

Control of Information



Agenda




Protect Data from Unauthorized Viewing

Active Directory® Rights Management Services (RMS)• Policy definition and enforcement• Protects information wherever it travels• Integrated RMS client

Encrypting File System (EFS)• User-based file and folder encryption • Ability to store EFS keys on a smart card

BitLocker™• Easier to configure and deploy• Share protected data with co-workers, clients, partners, and others• Improve compliance and data security



Bitlocker

+

Extend BitLocker drive encryption to removable devices

Create group policies to mandate the use of encryption and block unencrypted drives

Simplify BitLocker setup and configuration of primary hard drive



Desktop Auditing

Challenges• Granular auditing complex to configure• Auditing access and privilege use for a

group of users

Enhanced Auditing• Simplified configuration results in

lower total cost of ownership (TCO)• Demonstrate why a person has

access to specific information• Understand why a person has been

denied access to specific information• Track all changes made by specific

people or groups



• Use Group Policy to Configure Auditing

• Configure the Files System Audit Policy

• Enable Auditing for a File or Folder

Demonstration: Enabling Auditing



Agenda




Secure Anywhere Access

Network Security• Policy-based network segmentation• Multi-home firewall profiles• Domain Name System Security Extensions (DNSSEC) support

Network Access Protection (NAP)• Ensure that only “healthy” machines can access corporate data• Enable “unhealthy” machines to get clean before they gain access

DirectAccess• Security-protected, seamless, always-on connection• Improved management of remote users • Consistent security for all access scenarios



DirectAccess

Challenges• Difficult for users to access corporate resources

from outside the office• Challenging for IT to manage, update, and

patch mobile computers while disconnected from company network

DirectAccess• Same experience accessing

corporate resources inside and outside the office

• Seamless connection increases productivity of mobile users

• Easy to service mobile computers and distribute updates and polices



1

RemediationServersExample: Patch

Network Access Protection

RestrictedNetwork

1

WindowsClient

2

2DHCP, VPN or Switch/Router relays health status to Microsoft Network Policy Server (RADIUS)

3

3Network Policy Server (NPS) validates against IT-defined health policy

4

If not policy-compliant, client is put in a restricted VLAN and given access to fix up resources to download patches, configurations, signatures (Repeat 1-4)

Not Policy- Compliant

5If policy compliant, client is granted full access to corporate network

Policy-Compliant

NPSDHCP, VPN,Switch/Router

4

Policy Serverssuch as: Patch, AV

Corporate Network5

Client requests access to network and presents current health state



• Configure Windows Security Health Validator

• Configure Exception Group

• Configure Certificate Settings

Demonstration: Using Network Access Protection



Session Summary

• Fundamentally Secure Platform• Helping Secure Anywhere Access• Protecting Data• Protecting Users and Infrastructure



Where to Find More Information?

Visit TechNet at technet.microsoft.com

Also check out TechNet Edge

edge.technet.com

Or just visit http://go.microsoft.com/?

linkid=9662641

for additional information on this

session.



For more titles, visithttp://go.microsoft.com/?linkid=9662641

Supporting Publications



Course ID Title

6289A First Look: Windows 7 Beta for IT

Professionals

6290A First Look: Windows 7 Beta for IT

Professionals Hands-on Lab

For more training information http://go.microsoft.com/?linkid=9662641

Training Resources



Become a Microsoft Certified Professional

• What are MCP certifications?– Validation in performing critical IT

functions.

• Why Certify?– WW recognition of skills gained via

experience.– More effective deployments with reduced

costs

• What Certifications are there for IT Pros?– MCTS, MCITP.

www.microsoft.com/certification



Microsoft TechNet Plus

TechNet Plus is an essential premium web-enabled and live support resource that provides IT Professionals with fast and easy access to Microsoft experts, software and technical information, enhancing IT productivity, control and planning.

Evaluate & Learn Plan & Deploy Support & Maintain

Use the TechNet Library to plan for deployment using the Knowledge Base, resource kits, and technical training

Use exclusive tools like System Center Capacity Planner to accurately plan for and deploy Exchange Server and System Center Operations Manager

2 complimentary Professional Support incidents for use 24/7 (20% discount on additional incidents)

Access over 100 managed newsgroups and get next business day response--guaranteed

Use the TechNet Library to maintain your IT environment with security updates, service packs and utilities

Get all these resources and more with a TechNet Plus subscription.For more information visit: technet.microsoft.com/subscriptions

Evaluate full versions of all Microsoft commercial software for evaluation—without time limits. This includes all client, server and Office applications.

Try out all the latest betas before public release

Keep your skills current with quarterly training resources including select Microsoft E-Learning courses

microsoft windows 7 enhanced security and control

Technology

secure platformhelping

agendareviewing windows

accessprotect data

protectionssimplified

enhanced security

subject line

fewer uac elevation

explicit consentdisabling