windows 7 seminar - acend corporate learning
DESCRIPTION
Microsoft Windows 7 Seminar hosted by Acend Corporate Learning in Toronto on March 3, 2011TRANSCRIPT
![Page 1: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/1.jpg)
Unlock Hidden Potential:
What’s New in Windows® 7
![Page 2: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/2.jpg)
Clinic Outline
• Session 1: Security Features
• Session 2: Networking Functionality
• Session 3: Other New Features
![Page 3: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/3.jpg)
Security Features
• User Account Control changes
• Windows BitLocker™ and Windows BitLocker To Go™
• Windows AppLocker™
![Page 4: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/4.jpg)
User Account Control Changes
•What is User Account Control?
A bunch of functions that help make your computer remain secure.
•Note: Administrators should still have admin and user accounts.
![Page 5: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/5.jpg)
User Account Control Changes
Remember this???
![Page 6: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/6.jpg)
User Account Control Changes
• Many actions no longer require administrative privileges, so UAC doesn’t kick in:
- Changing time zone
- renewing IP address
- viewing firewall settings
- changing display dpi
![Page 7: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/7.jpg)
User Account Control Changes (cont’d)
• More easily managed locally (with admin priv.)
• More options than before
![Page 8: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/8.jpg)
User Account Control Changes (cont’d)
• More granular configuration available through Group Policy
![Page 9: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/9.jpg)
BitLocker
• Available in Enterprise and Ultimate editions
• Same functionality as in Vista, but easier to implement
• Requires two partitions – 100MB hidden partition created at install
![Page 10: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/10.jpg)
BitLocker (cont’d)
• Security provided through:• Trusted Platform Module (TPM)
• TPM + PIN
• TPM + PIN + USB Key
• TPM + USB Key
• USB Key
![Page 11: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/11.jpg)
BitLocker (cont’d)
• With TPM, enabling is through Rt-Click
• Without TPM, Local Security Policy must be edited
• Windows 7 provides support for Data Recovery Agent(s)
![Page 12: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/12.jpg)
BitLocker (cont’d)
• Recovery password created when BitLocker enabled
• Saved
• Printed
• Stored in Active Directory
• Computer goes into recovery mode if:
• The TPM is missing or changed
• There are changes to startup files
• Computer is booted from a CD or DVD
![Page 13: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/13.jpg)
BitLocker To Go
• Available in Enterprise and Ultimate editions
• Allows you to encrypt removable drives
• USB/Firewire/SATA HDDs
• Solid state drives like USB thumb drives
• When you enable BTG, four things happen:
• You are prompted to create a password that will be used to unlock the drive
• You will choose to save or print your recovery password
• A “BitLocker to Go Reader” is copied to the drive (FAT drives only)
• The drive is encrypted
![Page 14: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/14.jpg)
BitLocker To Go (cont’d)
• Using a BTG-encrypted drive in Windows 7
• Prompted for password
• Read/write access
• Using a BTG-encrypted drive in Vista or XP
• Autoplay displays a prompt to install the “BitLocker to Go Reader”
• You are prompted for the password
• You copy files to the local hard drive
• You cannot open files directly from the BTG-encrypted drive, and you only have read access
• To use BTG with Vista or XP, drive must be formatted with FAT file system
![Page 15: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/15.jpg)
AppLocker
• New version of Software Restriction Policies
• Much simpler implementation• Rules define what *can* run – all others are blocked
• You can auto-create rules for all programs on a “reference machine”
• You can then manually create rules for new applications
![Page 16: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/16.jpg)
AppLocker (cont’d)
• Three types of rules:• Executable rules (exe, com, etc)
• Windows Installer rules (msi, msp)
• Script rules (bat, cmd, vbs, etc)
• “Default Rules” allow:• Everyone access to programs in Program Files
• Everyone access to programs in Windows
• Administrators access to programs everywhere
![Page 17: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/17.jpg)
AppLocker (cont’d)
• An “audit only” mode allows administrators to see what apps would be affected by an AppLocker rule before enforcing the rules
• Critical Points:• You must create the default rules first, because
one “allow” rule will deny all others
• The Application Identity service must be running on the client
• A user with administrative privileges can circumvent the rules
• Vista and XP clients ignore AppLocker
• Windows 7 clients ignore Software Restriction Policies if they are in the same GPO as an AppLocker rule
![Page 18: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/18.jpg)
Networking Functionality
• Windows DirectAccess
• Windows BranchCache™
![Page 19: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/19.jpg)
DirectAccess
• Technology that allows users to access the corporate network without a VPN connection
• Transparently connects whenever the user connects to the Internet
• Bi-Directional
o Users get access to the corporate network
o IT can manage the remote computer
NAP health policies
Patches
![Page 20: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/20.jpg)
DirectAccess
![Page 21: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/21.jpg)
DirectAccess (cont’d)
• Can be configured to be:
o Network wide
o Restricted to specific resources
• Communication is via IPv6 over IPSec (possibly tunneled through IPv4)
• Integrates with NAP to ensure computers are healthy before connecting
![Page 22: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/22.jpg)
DirectAccess (cont’d)
• Hardware/Software requirements:• At least one DirectAccess server running 2008 R2
with two NICs
• At least one DC and DNS server running 2008 or 2008 R2
• A PKI
• Defined IPSec policies
• IPv6 transition technologies
• Windows 7 Enterprise or WS08R2 on the client
![Page 23: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/23.jpg)
BranchCache
• Branches often connected via slow links – resource access can be slow
• BranchCache helps resolve issue by caching data in the branch office (encrypted)
• Can be implemented in two modes:• Distributed caching
• Hosted caching
![Page 24: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/24.jpg)
BranchCache (cont’d)
![Page 25: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/25.jpg)
BranchCache (cont’d)
• When accessing data for the first time the computer• Downloads the data from the corp site
• Copies the data (if necessary) to the hosted cache
![Page 26: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/26.jpg)
BranchCache (cont’d)
• When a second user accesses the same data, the computer:
• Contacts server in corp site to confirm user is authorized and downloads an identifier and a hash of the data
• Checks the branch cache for the identifier and, if found, checks the hash against the cached copy
• If the identifier is not found or the hashes don’t match (file has changed), downloads the data from the main site
![Page 27: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/27.jpg)
BranchCache (cont’d)
• Note: BranchCache only works for reads. Any writes are saved to the main site
• Requirements:• Content servers in main site must be 2008 R2 with
BranchCache enabled
• A 2008 R2 server in the branch site if using Hosted Cache, with BranchCache enabled
• Windows 7 Enterprise clients with BranchCache enabled
![Page 28: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/28.jpg)
Other New Features
• Libraries
• Problem Steps Recorder
• Start/Search Button
• Interface Enhancements
![Page 29: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/29.jpg)
Libraries
• Views that help users manage data in:• Shared folders
• Document repositories
• Web sites
• Adding web sites or document repositories to a Library requires a connector
• Libraries can be shared on the network
![Page 30: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/30.jpg)
Problem Steps Recorder
• Helps administrators recreate the steps that led to a problem for the user
• Creates screen captures and descriptions of every action a user takes
• Saves the captures in a .zip file viewable in browser
• Great for documenting configurations
![Page 31: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/31.jpg)
Start Search Button
• Super timesaver
• Lists files, folders, programs, email addresses, address book entries, calendar appointments, pictures, movies, .pdf documents, music files, browser bookmarks and MS Office documents
• Smart – not just a word search
• Results more complete and faster if indexing is enabled
![Page 32: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/32.jpg)
Interface Enhancements
• Windows 7 provides dozens of obvious or subtle interface improvements that: Add functionality
Improve efficiency
Make working with Windows more pleasant
![Page 33: Windows 7 Seminar - Acend Corporate Learning](https://reader036.vdocuments.net/reader036/viewer/2022070315/5555776db4c9058a5a8b4e5f/html5/thumbnails/33.jpg)
The End
• Questions?